Korean Banks Efforts To Prepare For Bcp.Effective Operational Risk Management

1,582 views

Published on

Published in: Business, Economy & Finance
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,582
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Korean Banks Efforts To Prepare For Bcp.Effective Operational Risk Management

  1. 1. Banks’ Korean Banks’ Efforts to Prepare for BCP : Effective Operational Risk Management 27th August 2007 Yeong Sik Ohn Head of New Basel Accord Office, Financial Supervisory Service
  2. 2. Table of Contents 1 BCP as a means to manage operational risk 2 Korean banks’ awareness and readiness of BCP 3 ‘Supervisory Guidelines for BCP’ by the FSS 4 Tasks ahead for Korean banks in building BCP -1-
  3. 3. 1. BCP as a means to manage operational risk ◈ Business Continuity Planning [Management] : A whole-of-business approach that includes policies, standards, and procedures for ensuring that specified operations can be maintained or recovered in a timely fashion in the event of a disruption. Its purpose is to minimise the operational, financial, legal, reputational and other material consequences arising from a disruption High- High-level principles for business continuity (BCBS, August 2006) BCP concept DRP concept Disaster Business Part Other IT Part Recovery Part -2-
  4. 4. ◈ Operational Risk Management vs. BCP/BCM (1) Loss Distribution of Operational Risk Frequency Bank’s Expense BCP And Coverage Insurance Capital area Coverage Coverage area area Severity Expected Loss Insurance level Coverage level -3-
  5. 5. ◈ Operational Risk Management vs. BCP/BCM (2) ORM BCP/BCM Firm-wide business - Disruption of Core Scope businesses/Core activities process To minimise the - To minimise the impact to Purpose operational risk businesses due to operational disruptions Identify, - Prevent, Prepare, Process Response, Restore, Pilot Assess/Measure, Monitor, Report, Control test, maintain -4-
  6. 6. banks’ 2. Korean banks’ awareness and readiness of BCP ◈ Limited BCP focusing on IT Disaster Recovery Planning - Only a few banks have firm-wide BCP - Gap exists in awareness and capability of BCP among business units ◈ Various kinds of Contingency plans different in scope, purpose and procedure - Fire Protection Plan, War Emergency Plan, Contingency Plans in business unit level - No control tower for all contingency plans - The scarcity of the detailed guidelines and information - The lack of prevention/preparation functions -5-
  7. 7. (AS- ◈ Contingency Plans for Disaster (AS-IS) 1. Disaster Recovery Plan - FSS require DRC (Disaster Recovery Center) (Jan. 2004) - Focusing on IT system only 2. War Emergency Plan and Fire Protection Plan - To protect tangible assets & people and to minimize loss 3. Contingency Plans in business unit level - The different scope, purpose and method by the maker -6-
  8. 8. (TO- ◈ BCP for Disaster (TO-BE) BCP War Emergency Plan DRP Fire Protection Plan Other Contingency Plans -7-
  9. 9. BCP’ 3. ‘Supervisory Guidelines for BCP’ by the FSS ◈ Governance for BCP (Board and Senior Management) - The ultimate Responsibility for Business Continuity Plan and the effectiveness of BCP (BCP Function) - To manage the entire process of BCP - To assist the Board and Senior Management (Independent Review Function) - To review the effectiveness of BCP and compliance of all levels of staff - To conduct periodic review of BCP : at least annually -8-
  10. 10. ◈ BCP Development Steps Risk Analysis Business Testing Feedback Impact Analysis Business BCM Continuity Strategy Plan -9-
  11. 11. ◈ Risk Analysis - To identify the various potential risk factors and the priority of order in the event of a disruption - To assess the existing control means for risk factors ◈ Business Impact Analysis - To identify critical business services and functions to be delivered in the event of a disruption - To determine the priority of order, Recovery Time Objective, Recovery Point Objective and etc - 10 -
  12. 12. ◈ BCM strategy Formulation - To formulate recovery strategies for continuity of critical business services and functions in the event of a disruption - including BCM Model, Alternate site, recovery personnel, office facilities, technology requirements and etc ◈ Business Continuity Plan (BCP) Development - To provide detailed guidance and procedures to respond and manage a crisis - including Crisis Management Plan (crisis management team, crisis management process, communication strategy), Business Resumption Process, Technology recovery, Vital Record Management and etc. - 11 -
  13. 13. ◈ Alternate Sites - To establish the recovery sites for continuity of critical business services/functions and technology recovery - Alternate sites should be sufficiently distanced to avoid being affected by the same disaster ◈ Testing - To ensure that the BCP is operable - To verify the awareness and preparedness of staff - The scope of testing ㆍstaff evacuation and communication arrangement ㆍalternate sites, recovery services provided by vendors ㆍlinkage of back-up IT systems, recovery of vital records - To conduct testing of BCP at least annually - 12 -
  14. 14. 4. Tasks ahead for Korean banks in building BCP ◈ Active involvement of the BOD and senior management - Essential to Firm-wide BCP ◈ Linkage with the various kinds of contingency plans - DRP, Fire Protection Plan, War Emergency Plan, etc ◈ Modifications through periodic testing - Update their business continuity plan, as appropriate. ◈ BCP for other financial sectors - Sharing experience with Security firms, insurance firms, etc - 13 -
  15. 15. Q&A - 14 -

×