Beyond Disaster Recovery

Since the advent of commerce, merchants have instinctively done things to protect their businesses from risk. After 9/11, however, the subject came to the forefront of boardroom thinking, mostly framed from a disaster recovery perspective. More recently, fallout from the credit crisis forced corporations to consider a new set of dangers. In response, they are adding hedging and hiring strategies to their continuity plans.

While planning for every type of emergency or market environment simply isn’t possible because of all the variables involved, this shouldn’t prevent risk managers and the C-suite from attempting to mitigate and manage risk. In fact, it’s vital: if a business fails to sustain operations, new challenges and risks are likely to emerge. For example, shareholders and employees may sue the company for failing to plan or implement changes that ensure continuity. Shareholders might abandon the company or initiate litigation proceedings alleging management’s negligence.

Consider this: Of all companies that experience a disaster, 40 percent never re-open and roughly 25 percent of the remaining companies close within two years, according to the U.S. Department of Labor Statistics. If the United States were to experience an avian flu pandemic, a February 2006 Sun Microsystems white paper suggests that as much as “30 to 50 percent of the workforce may get sick or be absent from work.” In short, these statistics suggest that the failure of companies to continue to address and plan for the “what ifs” could lead to a catastrophic outcome for employees, consumers, and shareholders. This underscores the vital need for business continuity planning, or “BCP.”

With that in mind, what are companies doing to ensure continuity in the event of emergency? While it’s true that the effectiveness of continuity planning depends to an extent upon the firm and industry, there are some constants to consider. Many firms are focusing on improving remote connectivity solutions; in other words, technology that allows employees to connect to their office desktop from home. Some companies are erecting backup facilities and establishing contingency plans to facilitate business in the event of a disaster. There is a push to hire officers, directors, corporate counsels, and Investor Relations Officers (IROs) with legal and crisis communications experience. Utilizing insurance, reserves, and hedging is also becoming increasingly important as a means of mitigating financial risk.

Home Work

Why is remote technology becoming so popular? In the event of an emergency, employees may not be able to physically go to the office or access information they need to perform their work. According to a recent survey conducted by Thomson Financial, 56 percent of respondents say their companies have experienced an interruption or have been shut down for one day or longer. However, 34 percent of companies do not maintain a backup work facility.

They may not need one. That’s because 88 percent of survey respondents indicate that their employees have some sort of remote-access capability. But despite improvements in technology, remoteaccess systems aren’t quite the panacea that some may think they are. Providing security for remote transactions is--and will continue to be--more difficult than building in-house security.

While connectivity solutions such as Virtual Private Networks (VPNs) have improved through the years, the individual user must still typically connect to the network by utilizing another system or hub (such as a PC or server) which could experience operational problems or suffer security breaches of its own. In fact, a number of difficulties continue to plague those who work remotely and those responsible for advancing and maintaining the technology, including viruses, password problems, and server difficulties.

With all of that in mind, some industries have made greater strides in this area than others. For example, the financial services industry, after 9/11, substantially built out its remote-access capabilities. But questions remain: How will regulators react if traders and brokers are suddenly conducting their operations from home? So far, neither the National Association of Securities Dealers (NASD) or the Securities and Exchange Commission (SEC) have detailed plans in place for the compliance function if this situation occurs.

Backing up the Backup Systems