Analysis of Business Continuity Plan in Banking Sector

Abstract

Organizations frequently misjudge the significance of a business continuity plan. Nobody at any point sees its importance - until disaster strikes. By then, at that point, it\'s past the point of no return. Any unplanned interference of typical business processes can create gigantic obstacles and exorbitant difficulties. Operations endure. Income might experience much more. Unplanned interferences take many structures. It tends to be something as basic as a blackout. It may very well be a significant tropical storm. At last, a disaster can be whatever disturbs ordinary business operations. No matter what the reason, unplanned means startling. With a business continuity plan set up, you position yourself to limit the effect and damage of a surprising occasion. A business continuity plan enables an association to keep up with fundamental processes previously, during, and after a disaster. Business continuity varies from disaster recovery in its comprehensive way to deal with the business. In this paper, we have reviewed the business continuity planning implemented in banking sector along with a comparative analysis of major Indian Banks has been implemented and studied based on risk and impact analysis.

Introduction

I. INTRODUCTION

Business continuity planning (BCP) is the process involved in creating a system of prevention and recovery from potential threats to a company. BCP is a system used to make and approve plans to keep up with business activities persistently. It is relevant, previously, during and after disasters or disturbances happen. BCP centers around supporting business capacities during and after an interruption and oversees business activities.

BCP is one of the most basic components of the recovery procedure. Sadly, only a couple of associations are mindful of the significance of BCP and how to carry out it. Agreeing to Snedaker and Rima (2014), every association won't have a similar BCP, in light of the fact that each association is exceptional and has various requirements [3]. As a matter of fact, there is no particular direction with respect to BCP (for example standard or structure).

Up to this point, from various examinations, explanations or writing with respect to the execution of BCP in little, medium and enormous organizations are understudied. A few investigations simply make sense about the BCP structure for certain components that must be included in the framework [5].

Banks provide a number of financial services through a variety of electronic channels for instance online banking, ATMs, EFT, Plastic cards and mobile banking, etc. Yet, to be competitive in the web economy, it is vital to understand dangers and responses in the adoption of these e-channels.

It is impossible to ignore risks associated with ICT.IT is both critical and vulnerable. In these situations, absence of access to financial resources could have adverse effects on the reputation of financial institutions. New threats are persistently rising and numerous associations feel insecure about financial disasters. So financial institutions like banks need to be protected against these disasters and no association can ignore the need for disaster recovery and business continuity planning regardless of their size, revenues or number of staff. Every one of the banks ought to follow contingency and continuity plans to ensure continuity and to limit the losses in the occurrence of severe business interruptions. The RBI in their reports had acknowledged the importance of BCP. The RBI, in its supervision note on "Management of Operational Risk" has mandated the need to establish a business continuity for technology related risks. RBI has likewise stressed to make sure that service providers have appropriate business continuity planning which ought to be regularly maintained.[1]

II. PROBLEM STATEMENT

To analyze the different risks and threats involved in the banking sector and develop a BCP and Disaster Recovery plan in order to mitigate risks to ensure continuity and to limit the losses in the occurrence of severe business interruptions.

III. LITERATURE REVIEW

A. “Discussion on Risk Management of Commercial Bank” [1]

Since the monetary emergency has expanding impact on the subsistence economy, homegrown banks are confronting expanding strain of risk, management and benefits. The ideal risk management is the way to ensure ceaseless and stable improvement of commercial Banks. Subsequently, in view of the present status of the risk management of commercial Banks in China, examine risk management of commercial banks, and propose a few measures in further developing the risk management of commercial Banks.

B. “Disaster Management and Business Continuity in Indian Banking: Review and Assessment” [2]

Electronic financial climate is very eccentric since fiascoes can strike anyplace and anytime in the monetary business world. It is difficult to visualize circumstances like hurricanes, tidal waves, blackouts, and terrorist attacks & assaults. It is frightening to imagine what is happening where a disaster could leave a bank destroyed for a drawn-out timeframe. So it has become significant for the financial business to oversee and recuperate from catastrophes. Execution of electronic banking in India is pretty much complete, so to offer 24×7 internet-based types of assistance to clients it becomes required to plan for such devastating conditions. IT disaster for the executives is presently not a possibility for monetary Institutions. The meaning of this research paper was to notice IT disaster the executives and business continuity rehearses in chosen Indian banks. The review shows that the majority of the chosen banks have disaster recovery and business continuity plans accessible with them yet there are a few that were found in the execution of these plans. To survey the level of disaster the board and business continuity 7 aspects and 19 things were estimated. IT experts as well as academicians might utilize this review to direct IT disaster the executive’s understudies

C. “Business Continuity Plan: Examining of Multi-Usable Framework” [3]

Business Continuity Plan (BCP) framework is procedural guidance to create plans that prevent, prepare, respond, manage, and recover a business from any disruption. Many organizations have not realized that BCP is essential to their business continuity. Organizations more concern with their main goal (profitability and market growth), rather than business continuity. Regarding the organization awareness of business continuity, many organizations recognize disruptions, but they did not aware of preparing BCP. There were no specific standard or framework for BCP that could use as a best practice. This research is a continuation of previous research, which has proposed with a specific procedure, including all elements and activities. However, this framework still has shortcomings in testing empirical studies. This paper aims to analyze the suitability of the framework with various types of organizations. The framework has been tested in four cases: banking, 2 service-company, and manufacture. The results show that some activities of the BCP require further adjustment. Therefore, researchers need to readjust the BCP framework by changing several activities, to fit all type of organizations. Based on the results of the analysis, improvement is needed by doing some additions or subtractions of activities and elements in the framework, such as adding budgeting. This improvement aims to get a more tested framework that can be used as guidance in the future.

D. “Business Continuity Planning: An Empirical Study of Factors that Hinder Effective Disaster Preparedness of Businesses” [4]

In a disaster, lives can be lost, property and equipment destroyed and business operations come to a standstill. According to the Insurance Information Institute, 40% of small businesses never reopen after a disaster; only 26% of small-to- medium size businesses have a disaster plan, and 75% of the largest segment of business does not have a disaster plan. Disaster preparedness describes measures that minimize the adverse effect of a hazard on life, property and livelihoods. The study revealed that real-world events increase awareness and impel businesses to act; disaster threat on businesses has not translated into a plan; measures taken have mostly focused on data storage and Internet security. Perception of high cost, lack of staff, inadequate information, apathy and low priority accounted for the reasons why businesses fail to plan for a disaster. There exist barriers to effective disaster preparedness which has significant effect on business continuity.

E. “Business Continuity Planning: A Comprehensive Approach” [5]

The risks of business interruption expand as companies become more dependent on information technology (IT) infrastructure. A comprehensive approach to business continuity planning seeks to mitigate against all major business interruptions of business systems. This article analyzes recent national and international surveys to develop insights about the current status of business continuity plans, including perceptions about internal and external information security threats.

F. “Management of Disaster and Business Continuity in a Digital World” [6]

Risk is outside everywhere, and it may impact us more or less. The evolution of technology improves our social and economic life, and also most of the same time, it is the technology that exposes us to the risk of disaster. Disaster may have many faces and even we are aware and think that we are prepared to deal with it, somehow, we find ourselves not ready. The present paper aims to present possible solutions for managing the risk of disaster by amending the organizational structure and culture. The study was conducted on two different types of institutions: banks and universities, using the author’s experience as a banking expert and university professor, in a multicultural environment.

The article started with the current situation and give pertinent solutions for to manage the risk of disaster and keep the business ongoing in the most effective way possible.

G. “Risk analysis on the development of a business continuity plan” [7]

In the era of globalization increasingly advanced enterprise engaged in the sale of concrete iron will execute business processes by using software, hardware, networking, and others. Judging from the condition and the current reality of this company did not rule out the occurrence of the risk due to the problems in terms of data security, data integrity, hard disk damage, IT business continuity process. In this research conducted a risk analysis of the entire area of IT and business processes within the company. As for the area to be analyzed by means of analyzing the business continuity that is based on the Standard ISO 27002: 2005 chapter 14, and analyze IT Domain and perform risk assessment and risk mitigation.

The risks are found is their dependence on outsourced programmers who acts as a consultant, so rarely do risk assessment in IT companies, the unavailability of a Disaster Recovery Plan and IT Security Plan, an evaluation of the permissions are less common, and no one specifically designated for IT management, lack of training or, and the absence of a standard or framework. The results of this risk analysis can help companies recognize and avoid the risks of what might happen and can avoid the danger of business continuity, so that the company can take action to prevent or deal with the risks that would happen.

H. “Developing a novel quantitative framework for business continuity planning” [8]

Today’s competitive and turbulent environment persuades every organization to implement a business continuity management system (BCMS) for dealing with disruptive incidents such as earthquake, flood, and terrorist attacks.

Within a BCMS, effective and efficient business continuity plans (BCPs) must be provided to ensure the continuity of organization’s key products. This study develops a novel approach to select the most appropriate BCPs which can meet the business continuity key measures.

First, a risk assessment process is conducted to define the disruptive incidents for which the organization should have suitable BCPs. Then, two different possibilistic programming models including hard and soft BCP selection models are developed to determine appropriate BCPs under epistemic uncertainty of input data. These models aim to maximize the resilience level of the organization while minimizing the establishment cost of selected BCPs. Finally, a real case study is provided whose results demonstrate the applicability and usefulness of the proposed approach.

I. “A Stakeholder Analysis Approach for Area Business Continuity Management: A Systematic Review” [9]

Area-Business Continuity Management (Area-BCM) is a new disaster management concept developed by the Japan International Cooperation Agency in 2013. One of the greatest challenges encountered in achieving a successful implementation of Area-BCM is the public–private partnership. Since stakeholder analysis is the key to understanding the complex relationships among all the parties involved, a variety of methods for and approaches to stakeholder analysis have been developed in several fields and with different objectives. Although studies on stakeholder analysis are attracting more attention, the number of studies on stakeholder analysis in the field of disaster management is still limited.

The purpose of this study is to explore several stakeholder analysis methods applied to disaster management, particularly Area-BCM. By reviewing research articles in the ScienceDirect database from 1990 to 2018, this review article categorizes stakeholder analysis methods into three groups: (1) identifying stakeholders, (2) differentiating and categorizing stakeholders, and (3) investigating relationships among stakeholders. This study also identifies the strengths, weaknesses, opportunities, and threats (i.e., performs a SWOT analysis) of each existing method. Further, this study promotes the significance and advantages of stakeholder analysis in disaster management, especially in Area-BCM-related projects by helping researchers and practitioners to understand the existing stakeholder analysis methods and select the appropriate one.

IV. BUSINESS CONTINUITY PLANNING

A few starter chips away at BCP and DR in banking have been made through utilizing data analysis. This writing survey was likewise led to assist with putting the research methodology in a superior theoretical framework. In such manner the audit zeroed in on: the development and meaning of DR; processes of BCP reception; advantages, hindrances and difficulties to BCP reception. Data in writing featured normal standard methodologies and practices to foster BCP, for example, risk appraisal and business sway analysis. Nonetheless, the writing audit didn't show a particular methodology that addresses the decision making process in light of considering key elements inside BCP, for example, client SLA or data security related factors.

Business Continuity (BC) in IT is the continuous accessibility of IT assets that support key business capacities. As per Business Continuity Institute (thebci.org) business continuity is an overall term that incorporates disaster recovery. The two terms are utilized conversely in IT to allude to the capacity to recuperate from a disaster or unforeseen occasion. The majority of the writing alludes to the BC and DR as IT BC/DR for short. The interest in Business Continuity has acquired huge energy over the most recent couple of years, particularly with the Y2K non- occasion, the rising corporate reliance on PC frameworks and the developing degrees of decimation related with ongoing disasters.

The research began with a meta-analysis of the business continuity planning literature, which yielded a business continuity planning methodology model. The analysis found that the majority of the practitioners organize their methodologies into the following general phases:

1. Project Planning
2. Business Impact Analysis
3. Recovery Strategy
4. Plan Development
5. Training and Testing
6. Maintenance

A graphical representation of the resultant Bank’s Business Continuity Planning (BCP) methodology model is appended below as Figure 1-1.

V. COMPARATIVE ANALYSIS

A. Impact and Risk Analysis

Organizations need to plan for any unfavorable circumstance to guarantee continuous accessibility of services to their clients. The ideas of disaster recovery and business continuity have even been utilized conversely. BCP has been tracked down as a comprehensive and proactive methodology when contrasted with the DRP approach. Business continuity plan is created to keep away from interferences to business processes and the objective of disaster planning is to diminish the likely damage that could cost the association. To limit the impact of disaster, recovery and resumption plans ought to be important for the association's planning exercises. Impact analysis and hazard contemplations should be proceeded as a prelude to fostering a powerful disaster and continuity plans. Financial establishments should follow a set of activities to work on their capacity to continue IT administrations. There are seven classes of activities. Below table shows itemized depiction of the relative multitude of classes of activities and it additionally examines exercises performed by chosen banks.

Subsequent to investigating different angles on DMBC, obviously different administrations were recognized for DMBC by every one of the banks, however the request where these administrations should be restarted when disaster strikes was allegedly performed by an extremely less number of banks (SBI, HDFC, and HSBC). Moreover, risk ID movement was performed by five out of nine chosen banks (SBI, ICICI, AXIS, HSBC and SCB). Readiness of the disaster group was viewed as performed by larger part of banks with the exception of SCB and AEB while non-DR group planning exercises was not given inclination by larger part of banks. Decision making structure was formalized simply by ICICI bank.

Greater part of banks have methodology for distinguishing disasters and advising data about disasters while it was observed that recovery strategies and elective offices were not fittingly formalized by larger parts of banks. Greater part of banks has executed methods for data and programming reinforcement while reinforcement of setup records, logs and different archives were not accessible with greater part of banks. Likewise, exercises connected with transportability methodology for guaranteeing frameworks, programming, data, programming arrangement records and IT disaster recovery plans to offsite areas were not satisfactorily performed by greater part of banks aside from SBI, HDFC, ICICI, AXIS and HSBC.

VI. DISCUSSION AND RECOMMENDED ACTIONS

Exercises connected with sufficient testing and documentation of design and framework changes were viewed as performed by a larger part of banks. While a greater part of banks neglected to guarantee synchronizing of IT disaster recovery plans as a feature of the business continuity plan. The consequences of this study finish up a few huge ideas (as seen on the second table). It is most critical that banks ought to have disaster the executives plans and it should be assessed occasionally without any hindrance. It is imperative for every one of the banks to arrange advisory groups for disaster the board at their branches. Banks should lead and take an interest in occasional fake drills to work with persistent financial administrations and furthermore to guarantee sufficiency of business continuity. The RBI perceives that there is a need to support endeavors regarding DMBC for banks. The idea of successful DMBC is as yet advancing in the Indian banks and solid and cognizant endeavors are expected to move from the conventional idea of disaster recovery to an all-encompassing way to deal with DMBC. We think the following are the actions and recommendations

Conclusion

Business continuity mirrors a business-wide execution plan to guarantee the continuation of basic business capacities should a troublesome occasion happen. Disaster recovery \"recuperates\" an association\'s equipment, applications, and information after an innovation interruption. The Banks BCP manage the impact of significant disruptions and endeavor to resume to business and operations. Having a robust and well-defined BCP comprising of policies and procedures with clearly defined roles, responsibilities and ownership help in crisis management, Emergency Response & Business Recovery.

References

[1] [L. C. Yan and C. Ying, \"Discussion on risk management of commercial bank,\" 2019 11th IEEE International Conference on Information and Financial Engineering, 2019, pp. 770-773, doi: 10.1109/ICIFE.2010.5609470. [2] T. P. S. Brar, S. Singh and D. Sharma, \"Disaster management and business continuity system in Indian banking: Review and assessment,\" 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom), 2016, pp. 3305-3308 [3] Silmie Vidiya Fani, Apol Pribadi Subriadi,Business Continuity Plan:Examining of Multi-Usable Framework , Computer Science, Volume 161, 2019 [4] Daniel Yaw Dushie, “Business Continuity Planning: An Empirical Study of Factors that Hinder Effective Disaster Preparedness of Businesses”Journal of Economics and Sustainable Development, ISSN 2222-1700 (Paper) ISSN 2222-2855 (Online) Vol.5, No.27, 2017 [5] Virginia Cerullo &Michael J. Cerullo, “Business Continuity Planning: A Comprehensive Approach”, Information Systems Management Volume 61, 2018 - Issue 3 [6] Mo?teanu, Dr. Narcisa Roxana, Management of Disaster and Business Continuity in a Digital World (May 14, 2020). International Journal of Management, 11 (4), 2020, pp. 169-177 [7] A. Setiawan, A. Wibowo and A. H. Susilo, \"Risk analysis on the development of a business continuity plan,\" 2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT), 2017, pp. 1-4, doi: 10.1109/CAIPT.2017.8320736. [8] Hojat Rezaei Soufi, S. Ali Torabi, “Developing a novel quantitative framework for business continuity planning”, International Journal of Production Research Volume 57, 2019 - Issue 3 [9] Sansanee Sapapthai, Natt Leelawat, Jing Tang, Akira Kodaka, Chatpan Chintanapakdee, Eri Ino, Kenji Watanabe, “A Stakeholder Analysis Approach for Area Business Continuity Management: A Systematic Review”, Journal of Disaster Research, Issue 15 (2020)

Copyright

Copyright © 2022 Alekhya Roy. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.