During the COVID-19 pandemic, a majority of business and industrial failures, turbulences and disruptions were not principally attributed to mismanagement or lack of professional practice per se, rather to continuity issues within the various economic sectors. While risk management is expected to provide a comprehensive framework for mitigating and preparing for unforeseen future risks, it sometimes fails to respond to sudden disruptions that are likely to occur in short spans of time and which usually occur without prior clear notification.
Frequent business disruptions impede or decelerate organizational responses to major incidents and emergencies and weaken their ability to meet the expectations and the demands of stakeholders, which lie at the heart of business objectives. Sudden onset disruptions can take many forms ranging from daily interruptions of business operations to full system outages or downtimes. These events impose a threat to the viability of organizations and their financial capabilities and have always been extra burden to business executives.
Risk management does not always provide ultimate solutions for all enterprise risks despite the continuous updates and reforms to the risks management practices and international standards. More specialized approaches have to be adopted, which are tailored to business disruptions in specific. Risk management deals typically with the “slow onset” type of risks, which emerge gradually over time and which can be more or less anticipated in advanced using a variety of financial and non-financial techniques and key performance indicators. As such, risk management is a futuristic approach to managing business risks in its nature. A more hands-on approach that provides protection to the normal running of critical business functions is necessary and is increasingly in demand. These approaches should not be based on conventional risk assessments only, but equally important to a business impact analysis (BIA); an analysis of the consequences of certain decisions and disruptions on business operations.
The recent failures in some U.S. banking institutions could have been avoided, or at least mitigated, by the currently adopted frameworks of risk management; such as the COSO ERM principles, BASEL accords, the ISO31000, ENISA or others. Unfortunately, the opposite happened, which rendered some banks unable to meet their financial obligations and serve their clients.
The idea of disaster recovery (DR) emerged during the 1970s to provide technical protection for mainframe computing systems. Later, the concept of business continuity management (BCM) planning evolved to cover the IT/DR side of the organization in addition to all potential human factors which cause disruptions. The Sept. 11 events in the U.S. marked a major shift in BCM practices due to the immense impacts of these events on the U.S. infrastructure. BCM has become a compulsory process which needs to be incorporated into the financial sector. One of the main differences between BCM and risk management (RM) is that while RM relates more to the protection of the core business objectives and the factors likely to affect the achievement of these objectives, BCM focuses on survival threatening issues which are likely to challenge the existence of the organization.
BCM enables the organization to respond immediately to system disruptions preventing further accumulation of problems over time. This helps to prevent the slow disintegration of the organization and its potential collapse in the end. Recently, scenario analysis has been incorporated in the practice of BCM in order to provide an overview of the range of possible future projections taking into consideration the entire spectrum of influencing and intervening factors surrounding an organization, thus assisting to capture a better understanding of the forces in action.
Continuity management intertwines with sustainability and long-term management practices. Sustainable businesses tailor their management practices toward the achievement of the sustainable development goals. Frequent business disruptions and downtimes reduce the ability of businesses and organizations to deliver their products or services in a timely manner and undermine their ability to contribute positively to the society and the environment.
If the majority of banks worldwide have BCM programs in place, what was the main cause(s) behind these most recent bank collapses?
In order to answer this question, it should be noted that causal factors are different than the root causes. Root causes are related to a greater extent to latent factors, factory settings, errors in design and embedded defects in systems. The current banking system witnessed several reforms in the past few decades especially after the 2008 global financial crisis which indicates the system itself is more or less resilient. In addition, the current global banking system is subject to regular updates and improvements and continuous monitoring.
Causal factors, however, drive any system to deviate from its original configuration. It becomes unlikely the current bank failures were mainly attributed to root causes. While liquidity failure is a common and typical concern of almost all banks around the world and has its own protective measures, system disruptions resulting from the dynamics of the global business environment(s) are not usually addressed as much as the other types of risks due to the lack of professional insight and the proper understanding of such types of occurrences. Quick and irrational management decisions fall into the category of sudden-onset disruptions and are considered causal factors. BCM deals with the stream of incidents which have a more realistic impact on business operations, providing a better reading of the present and the consequences of poor decisions.
One of the key components of an effective BCM program is contingency planning. Contingency plans refer to the range of alternative plans set in place (i.e. back-up plans or “plan B”) in case the primary plan fails to deliver its expected outcomes.
From a professional perspective, relying heavily on one scenario or projection could prove detrimental and could have severe unexpected consequences. Diversifying existing solutions and extending the scope of scenarios are likely to enable almost all business sectors to better deal with unexpected incidents in a more realistic and market-compatible manner without necessarily incurring massive financial or non-financial losses.
According to Hiles (2011) and Moore and Lakha (2006), BCM encompasses the following key components; business impact analysis, contingency planning, scenario planning, disaster recovery and the proper identification of the critical business functions which altogether provide a solid foundation to cope with business disruptions more effectively and help executives to take more relevant and realistic decisions that match the current conditions and potential future projections.