Embed Size (px)
Citation preview
BCM in the Bundesbank Crisis management at the BundesbankChristoph Stute October 2015
Agenda
❙ Crisis management at the DEUTSCHE BUNDESBANK❙ Definition, Scope
❙ Organisation (roles and responsibilities)
❙ Procedures
❙ Exercises
❙ Excursion: Involvement in the national crisis manag ement❙ KRITIS (national working group)
❙ UP BUND and other governmental working groups
❙ Working group „crisis management for Payment and Clearing systems“
❙ National crisis exercises (LÜKEX)
Seite 2
Crisis Management
Definition comparison of crisis management and BCM
Seite 3
Crisis Management
Crisis Management
• CM is the ability of an organisation to respond to any crisis situation in a predefined way
• CM includes a “tool box” with organisational and technical utilities to support management (BCP is one of the “tools”)
• CM has mainly reactive character
Business Continuity Management
• BCM identifies potential threats to an organisation and the impacts to its most critical functions
• BCM includes BCP that put an organisation in a position to manage permanent continuity or adequate recovery of critical functions in the event of crisis situations in a predefined way.
• BCM has mainly reactive character
ERM/Operational Risk Management
• ERM is the overall process for early identification, handling and monitoring of risks
• ERM includes business and operational risks
• ERM gives an overview on all risks and helps to decide which risks are acceptable and which not
• ERM/ORM has preventive character
Crisis definition at Bundesbank
The term crisis is understood to mean any unusual incident which has a significant (potential or acute) negative impact on the health and safety of the
Bundesbank staff and its guests, the execution of Bundesbank’s tasks , its
material assets , its integrity and/or reputation
Every crisis is unique, its cause and course are unpredictable and consequently specific plans cannot be made
➲ individual
➲ flexible response required
➲ rapid
Seite 4
Crisis Management
(Potential) causes for a crisis
❙ long term breakdown of electrical power or IT
❙ fire
❙ epidemic (e.g. avian flu, swine flu, seasonal flu)
❙ natural disaster situation (e.g. flooding, …)
❙ armed robbery (with hostage-taking and / or damage to persons)
❙ “media crisis”
❙ terrorist attacks
❙ IT attacks
❙ …
Seite 5
Crisis Management
The Bundesbank’s CM concept
Seite 6
Crisis Management
CRISISPREVENTION
CRISIS REVIEWCRISIS MANAGEMENT
Basis for rapid and systematic response
• Contingency planning
• BCP• Trained staff
Early recognition of crises
• Incident register• Situation report
Overcoming the crisis incident through
• (immediate) operational measures by the contingency team, BCP team, police ....
Safeguarding the Bundesbank’s decision-making function through
• a central crisis management team at top management level
Gathering experience from the crisis and making use of it through
•systematic documentation of the crisis management
•crisis follow-up and review of the existing plans (as required)
Crisis management preparedness
Seite 7
Crisis Management
Crisis management concept
Detailed conceptsa. Organisational structure
b. procedures
c. Location planning
d. Telecommunication
e. Crisis communication
f. documentation
g. training
h. CM regional head offices
i. CM branches
CM folder - Guidance for CM(every CMT member)
• Contact data
• Diagrams & location plans
• Checklists and templates
Roles and responsibilities
❙ Declaration of crisis � Ex. Board or (if not capable of acting) Ex. Board member for controlling & organisation
❙ Suspension of crisis � Ex. Board
❙ Head of CMT � Ex. Board member for controlling & organisation
❙ CMT � senior managers (Core team: controlling & organisation, IT, administration, communication, head of CM secretariat)
Seite 8
Crisis Management
Seite 9
Crisis Management
• Decides on all measuresnecessary to overcome crises
• At least 5 substitutes perfunction
• Decision-making preparationat operational-technical level
Head of the CMT(Presidentor ExecutiveBoard memeber for controlling)
CMT coordinator
Head of Crisis Management Secretariat
Head of Crisis Communcation
Head of Legal Department
Heads of Cash, Markets, Payment Systems
Head of Administration and Premises
Head of Personnel
Head of IT
(as
requ
ired)
Head of Controlling
Ope
ratio
nal
tech
nica
lle
vel
Ext
ende
dC
MT
C
ore
cris
ism
anag
emen
t tea
mHead of the CMT
(Executive Board member for controlling)
CMT coordinator
Head of Crisis Management Secretariat
Head of Crisis Communication
Head of Legal Department
Heads of Cash, Markets, Payment Systems
Head of Administration and Premises
Head of Personnel
Head of IT
(as
requ
ired)
Head of Controlling
Ope
ratio
nal
tech
nica
lle
vel
Ext
ende
dC
MT
C
ore
cris
ism
anag
emen
t tea
m
Crisis Management Team Organisation
…
Support teams
Seite 10
Crisis Management
Crisis communication team (Communication Department)
operational implementation of crisis communication
Contingency/BCP teams implements the CMT’s and the BCP’s resolutions as well as
emergency measures (Vb, IT, H, C, M, Z)� Urgent measures
Crisis management secretariat assists the CMT
(triager, file managers, telecommunications services,
minute keepers, secretarial staff)
Local contacts implements the CMT’s resolutions as well as emergency measures
throughout Germany
Procedures in case of a crisis
Seite 11
Crisis Management
Identification of an incident(staff, sensor, security team etc.)
urgent / emergency measures
alerting Information of the business areas
• police (BCP-Teams, Administration,• Fire brigade IT)• ambulance
To inform head crisis secretariat
Information of the security team
To inform head CMT
To activate the alert of the entire CMT and secretariat
Alerting system
❙ Definition of
❙ Who alarms � new: Alerting system
❙ Who is to alarm
❙ What is to tell / ask during the alarming call
❙ Firstly the secretary is to be alarmed, secondly the CMT
❙ If the first representative of a CMT function is not available or cannot reach
the CM rooms within one hour, the next representative of the 5 substitutes of
the function is called
❙ Representatives of a function that are currently not part of the CMT replace
their colleagues if the crisis lasts longer than 8 -12 hours
Seite 12
Crisis Management
Tasks of the crisis secretariat
❙ To collect information of media, phone calls, email, fax etc.
❙ To asses these information about priority, responsibility
❙ To compile a current situation report for the CMT
❙ To write minutes of the CMT meetings
❙ To provide CMT with information for decision making, food and drinking
etc.
Seite 13
Crisis Management
Tasks of the CMT
working phase of the CMT
❙ To explore proposals
❙ To ensure the decisions are done
CMT meetings
❙ Presentation of the situation
❙ Decision making on the proposals by the head of the CMT
Seite 14
Crisis Management
CMT MeetingWorking Phase
of the CMT
Locations of the CMT
Seite 15
Crisis Management
15
Head officePrimary premise of the head office main building or Situation room under the guest house
HV Mainz or alternatively HV Berlin
Third and fourth site, if the region of Frankfurt is not available anymore or endangered
Regional head office Frankfurt
Second site, if the head office is not available anymore or endangered
Locations of the CMT II
❙ In all locations there is a prepared
❙ Meeting room
❙ Working room
❙ Secretary room
❙ If needed more rooms
❙ The rooms are used in daily business, so computers and equipment are up to date
❙ All locations are provided with the same means (posters, forms, USB-Sticks, mobile phones etc.)
Seite 16
Crisis Management
Crisis contact connection
❙ One telephone number for the whole CMT
❙ Call forwarding to second sites of the CMT
❙ Minimum two telephones working separate from telephone system
❙ Telephone switchboard forwards phone calls
❙ Special phone number for police and fire brigade
❙ Special fax number
❙ Special functional email address
❙ Mobile phones available
Seite 17
Crisis Management
Crisis communication
❙ Bundesbank needs to communicate with the � media � staff� Counterparties� Proper authorities
❙ The aims of crisis communication are� Satisfaction of general public’s right to information� Strengthening credibility, confidence and acceptance� Preventing damaging rumours and speculation
���� Crisis communication concept by the PR department
Seite 18
Crisis Management
„Pro-activ“
„One voice“
Crisis management in regional head offices
���� regarding regional head offices and branches
1. Analogues structures to CM of central office (body and procedures)
2. tasks
❙ To assess regional incidents
❙ To initiate countermeasures
❙ To implement decisions of the CMT
❙ To give the CMT information and to consult them
3. CM folder for regional head offices and branches
Seite 19
Crisis Management
to support the CMT of the head office
to coordinate local crises
Exercises / Incidents in the past I
❙ Sept 07 Exercise bomb explosion in Bundesbank buildings
❙ Nov 07 Exercise LÜKEX – worldwide Influenza pandemic
❙ Oct 08 Incident financial crisis
❙ Oct 08 Incident coin contamination (ill staff)
❙ Mar 09 Exercise alert exercise
❙ May 09 Exercise Mainz – coffee contamination (dead of staff)
❙ Aug 09 Incident Pandemic
❙ Oct 09 Exercise Hannover – hostage taking in a branch
❙ Jan 10 Exercise LÜKEX – worldwide threat by islamistic terrorism
❙ May 10 Exercise München – mass demonstration with conflicts
❙ May 10 Incident short power outage in branch
Seite 20
Crisis Management
Exercises / Incidents in the past II
❙ Sept 10 Incident one day IT break down
❙ Oct 10 Exercise Düsseldorf - flood water and accident of a BBK cash transport
❙ March 11 Incident earthquake in Japan – representation closed
❙ April 11 Exercise Berlin – offices for other Ministry, leak of personal data
❙ Sept 11 Exercise Frankfurt - air condition system fell on building
❙ Aug 11 Incident Hurricane warning NY
❙ Sept 11 Incident DDOS Attack on Bundesbank-website
❙ Nov 11 Exercise LÜKEX – German wide IT attacks
❙ May 12 Incident mass demonstration
❙ Oct 12 Exercise Leipzig – demonstration and huge fire in the branch
Seite 21
Crisis Management
Exercises / Incidents in the past III
❙ Jan 13 Incident Düsseldorf – Fire in control center
❙ March 13 Exercise Stuttgart – truck collision in branch and bomb threat
❙ May 13 Incident mass demonstration
❙ June 13 Incident Telekom interruption at BCP side
❙ Sept 13 Incident EBICS interruption (payments)
❙ Nov 13 Exercise LÜKEX – concerted German wide food poisoning
❙ Mai 14 Exercise Hamburg – cash transport vehicle accident, demonstration vandalism, floodwaters
❙ Nov 14 Exercise Hannover – Ebola illness and demonstrations
Seite 22
Crisis Management
Reasons for regular trainings and exercises
✔ Distribution of knowledge and the idea of the concept
✔ Apply the existing CM structures and procedures
✔ Train CM team work by using the available means
✔ Train the alert system
✔ Check the Crisis Communications
✔ Sensitise the CM team members
✔ Realize weaknesses of the CM concept
Seite 23
Crisis Management
Agenda
❙ Crisis management at the DEUTSCHE BUNDESBANK❙ Definition, Scope❙ Organisation (roles and responsibilities)❙ Procedures❙ Exercises
❙ Excursion: Involvement in the national crisis manag ement❙ KRITIS (national working group)❙ UP BUND and other governmental working groups❙ Working group „crisis management for Payment and Clearing
systems“❙ National crisis exercises (LÜKEX)
Seite 24
Crisis Management
KRITIS
❙ Federal Government initiated a working group to analyse security and stability of IT infrastructures, which are critical to the common good
� National working group for public and private suppliers of critical infrastructures (power, telecommunication, financial sector, transport etc.)
❙ Several working groups with different topics meet regularly (incidents, exercises, experiences, development of communication structures, CM and crisis response etc.)
Seite 25
Crisis Management
SPOC
Federal Office for Information Security
UP BUND
❙ analogue to KRITIS at public sector
❙ Federal Government initiated a working group to analyse security and
stability of IT security of national authorities, which are critical to the
common good
� National working group for public authorities (ministries, army…)
❙ Meetings every second month about incidents, exercises, experiences,
development of communication structures
Seite 26
Crisis Management
Working group „crisis management for Payment and Clearing systems“
❙ communication infrastructure for serious crisis and contingency scenarios in large-value payment transactions)
❙ Members: Bundesbank + 17 commercial banks
❙ Exchange of contact data
❙ Concept about procedures in case of contingency or crises
❙ Communication exercises
❙ Regular meetings with reports about incidents, exercises, threats
Seite 27
Crisis Management
The Bundesbank’s contribution to date
❙ 2005 – BBk took part as an observer in the central coordination unitScenario: terrorist attack at a major sporting event
❙ 2007 – BBk set up a crisis task force on both exercise daysScenario: global flu pandemic
❙ 2010 - BBk set up a crisis task force on one exercise dayScenario: global terrorist threat and terrorist attacks
❙ 2011 – BBk set up a crisis task force on one exercise dayScenario: cyber attacks across Germany
❙ 2013 – BBk set up a crisis task force for ½ dayScenario: contaminated meat and orchids
Page 28
Experiences from LÜKEX 2007
❙ Interesting finding: commercial banks’ emergency planning calls for branch closures when less than 6 employees are able to work � disruptions to the public cash supply
❙ In the event of a pandemic, the state police forces support the Federal police in escorting the Bundesbank’s cash transports
� In the event of a crisis, the Bundesbank can request transport assistance (clause in the Act safeguarding transportation services –Verkehrsleistungsgesetz)
❙ Bundesbank can request diesel deliveries in a crisis situation (clause in the Act safeguarding the supply of energy – Energiesicherungsgesetz)
❙ Bundesbank can request flu vaccinations for employees from the Federal Government’s supply of vaccines
❙ Setting up of the cash-back procedure
Page 29
Experiences from LÜKEX 2010
Page 30
❙ Bundesbank acts for the financial sectors as a single point of contact
❙ Creating a concept to relocate the crisis task force to another location
❙ Recording an automated telephone message to inform employees
❙ Separate backup of employee contact data outside the standard systems
Experiences from LÜKEX 2011
Page 31
❙ Setting up of a “dark site”
❙ Extended opening hours for Bundesbank branches and availability of payment systems
❙ Pension payments were exchanged via old magnetic tapes
❙ Proposal to distribute the Federal Ministry of the Interior’ssituation report to private enterprises
❙ Bundesbank was able to advise the Federal government that commercial banks could not be forced to continue their operations in an emergency
Experiences of LÜKEX 2013
❙ Manual alerting takes too much time for which reason an alerting system
was procured
❙ Rooms in backup location are complete and appropriate
❙ Exercise wasn’t announced in advance but nevertheless the CMT was
implemented in due time
❙ Single CMT members weren’t instructed in CM procedures wherefore a
CM training was offered
Page 32
Reasons for participating in national exercises
❙ Good scenarios could serve as a basis for the Bundesbank’s own crisis
task force exercise
❙ Greater willingness of management to participate in crisis task force
exercise
❙ Establishment of a network with other important businesses and
authorities (exchange of contact information)
❙ Learning about crisis management structures of other businesses and
authorities
❙ Scenarios preparation workshops provide deep insight into issues
❙ Raising awareness of Bundesbank tasks in the Federal government crisis
task force
Page 33
Do you have any questions?
Seite 34
Crisis Management
