|
 On 28th November, 2005, the UK staged a business continuity simulation exercise for financial markets. This was the third in a series of annual exercises organised by the UK Tripartite Authorities (the Financial Services Authority, the Bank of England and HM Treasury).
Well over 3,000 people from 70 organisations took part in a sophisticated simulation of a major disruption, based around a simulated terrorist attack.
The detailed planning and preparation for the exercise was led by KPMG with assistance and support from Crisis Solutions Limited. KPMG has now published a report which summarises the lessons learned from the exercise. These were summarised as follows (verbatim):
* Think ahead – don’t just focus on the immediate issues – how might this unfold? What if? What about tomorrow?
Most participants focused on the immediate issues as they came through. As a result it was not easy for the Tripartite Authorities to make a full assessment, as the consequences of the scenario unfolded, of how serious events might become. This could result in under-reporting of the seriousness of events and a slower, or potentially complacent, initial response.
* More work is needed to identify ‘supply chain’ interdependencies – no organisation is an island.
The exercise highlighted that only limited communications occurred between financial organisations, with the majority focusing on internal communications and some contact with the Tripartite Authorities.
* The new FSA damage assessment process is an important step forward – now simplify it, target it and challenge
A new automated damage assessment process was tested by the FSA during the exercise. The damage assessment provides the Tripartite Authorities with a consolidated view of the impact of a major operational disruption across the sector. Particular attention needs to be given to the speed with which information can be collated in a fast moving event to avoid the picture being painted being out of date.
* There are too many false assumptions, particularly around civil authority actions and people-related impacts
It was evident, both through the planning and preparations for the exercise and during the event itself, that many organisations underestimate the extent of the civil authorities’ actions (e.g., the size of cordons and length of time these may be held in place). They also over-estimate how quickly they will receive information from the authorities (e.g., concerning casualties). This latter point also reinforced the need to continue to improve people-related responses within business continuity plans (e.g., staff welfare and communications, corporate verses individual responsibilities, reliance on key individuals).
* The better prepared got the most benefit from the exercise
The analysis of participant feedback clearly shows that those organisations who invested time and effort in preparing for the exercise got most benefit from it. They were more evenly engaged throughout the event and were more pro-active in considering some tactical and strategic consequences, such as next day impacts and the sustainability of their contingency measures.
Specific recommendations as a result of the exercise have been reported separately to participant organisations and the Tripartite Authorities.
Read the KMPG report
•Date: 11th April 2006• Region: UK • Type: Article •Topic: Financial sector
Rate this article or make a comment - click here |
