Business continuity and disaster recovery plans can minimize operational disruptions and provide a framework to resume your business, including vital treasury management operations such as payroll, vendor payments and cash visibility.
Are you prepared for 2023?
While life has returned to something like normal in much of the world since the darkest days of the COVID-19 pandemic, much has also changed. For businesses, the worst health crisis in a century has prompted a rethink of many operations and processes.
The unprecedented experience of strict lockdowns highlighted the importance of having robust business continuity and disaster recovery plans. So, is your business ready for whatever unexpected challenges might arise in 2023 and beyond?
Mind the gaps
Achieving ready preparedness requires a systematic approach. This begins by evaluating your current environment and identifying system and operational gaps in the event of a pandemic, natural disaster or other major disruption.
Identifying potential vulnerabilities should be the first step in developing a plan.
Have you got an existing plan?
After identifying potential vulnerabilities, the next step is to determine if your organization already has a business continuity and disaster recovery plan in place.
As a best practice, all critical functions should be reviewed and updated every six months, and all other functions every 12 months to ensure the thoroughness of the plan coverage. System and operational measures should include securing all sensitive bank account information.
Business continuity planning (BCP)
Business continuity planning is focused on documenting the critical information an organization needs to continue operating during disruptive events such as natural disasters, power outages, cyber-attacks and COVID-19 pandemic restrictions.
Questions to consider
- What are the risks to your company?
- Do you have recovery procedures in place today?
- When systems go down, is there an identified back-up server in place to avoid business disruptions?
- Have you evaluated and documented current processes?
- Have you identified and documented recovery personnel to execute and process payments in a remote location?
Disaster recovery planning (DRP)
Disaster recovery planning is a documented and structured approach describing how an organization can most quickly resume operations after unplanned incidents.
Disaster recovery is an organization’s method of gaining access to and use of its IT infrastructure.
Questions to consider
- How is your data stored and backed up?
- Can you identify the disaster recovery sites?
- Is your client data secured and encrypted? This includes sensitive account and routing information, ACH, wire templates.
- Do you have disaster response procedures in place?
- Have you performed testing of what happens if systems and/or sites go down?
Manual system, paper environment
Those with manual systems and paper intensive operations and processes may experience more significant challenges with business disruptions while finding ways to issue timely payments for rent, insurance coverage, disbursements to vendors through check disbursement.
Check issuance requires key accounting and payables staff to travel to the office, prepare checks followed by obtaining single and dual approval followed by in-person signatures from senior management.
Check payments mailed to the office may also require staff to physically be in the office to process and deposit through remote scanner or require traveling to the closest financial institution for deposit and timely fund availability.
It is critical to evaluate alternative and electronic methods to issue payments and reduce time, effort and minimize overall risk and vulnerability to your organization. Engaging with your banking and technology partners to identify ways to reduce risk and deploy electronic send-and-receive methods is key in transitioning from a manual environment.
System investment, digital environment
Businesses investing in system upgrades are seeking to streamline key processes and reduce risk and potential fraud.
They are doing so by having information archived and stored securely through an encrypted server rather than physically retaining sensitive bank account information and routing numbers on exposed paper checks or ACH and wire templates stored onsite.
While shifting towards a more automated environment, it is important to evaluate and document new process flows, perform and run parallel system testing with your banking and technology partners to ensure an efficient and seamless operational environment.
Fundamental components of a business continuity plan (BCP)
- Evaluate company, staff workspace and recovery time
- Evaluate cyber resilience and system vulnerabilities
- Identify data backup, replication and recovery
- Identify key organizational roles and personnel assignments
- Who are your key third-party providers, vendors? Examples: Telecommunications, servers, payment, lockbox vendors, couriers
- Establish companywide communication and notifications to staff
Fundamental components of a disaster recovery plan (DRP)
- Establish and document system and data recovery time
- Document processes and procedures for key functions. Example: cash management, accounting, payables, receivables, reconciliation functions
- Identify back-up sites, servers with primary and third-party providers
- Identify sensitive data and documents, ensure security of information being stored
Please contact your Private Banker or Treasury Management Specialist for a conversation on business continuity planning.