business continuity discussion - c.ymcdn.comc.ymcdn.com/sites/ · business continuity discussion...
TRANSCRIPT
Business Continuity
DiscussionCMTA Annual Conference 2017Stay connected when disaster strikes
April 27th, 2017
Michelle Durgy
Senior Portfolio Manager
KCM Investment Advisors
Jonathan Millard
SVP and Market Leader
Bank of America Merrill Lynch
Eileen Roberts
Executive Director
J.P. Morgan
Business Continuity Planning
3
Source: http://www.acswa.org.au/EMEAGECARE/frame/risk_assessment3.html
Stages of Disaster Preparedness
4
On-site access to all network servers, phone lines, and internet
Alternate location access to all network servers, phone lines, and internet.
Remote access to all network servers, phone lines, and internet.
No access to network servers or internet but access to phone lines from remote location.
No access to network servers, phone lines, or internet from any location.
Ideal
Stage 3
Stage 1
Stage 2
Stage 4
Disaster Preparedness Actions
5
Ideal
Stage 3
Stage 1
Stage 2
Stage 4
Stage 1 – If you are unable to travel to worksite, travel
to alternate office. At all stages, Investment staff shall be in contact to confirm cash and trade settlements before any investment decisions are made.
Stage 2 - If you are unable to travel to an alternate office, access the agency servers, internet and phone lines from your home or other remote location.
Stage 3 – If you unable to access the agency servers
and internet remotely, utilize phone lines from home or other remote location.
Stage 4 – If you do not have any access to agency
servers, internet, or phone lines from any location, external expert will take control of the portfolio (establish term maximums).
On-site access to all network servers, phone lines, and internet
Alternate location access to all network servers, phone lines, and internet.
Remote access to all network servers, phone lines, and internet.
No access to network servers or internet but access to phone lines from remote location.
No access to network servers, phone lines, or internet from any location.
San Francisco Specific Plan
Functions Essential Sources Purpose Ideal 1st Stage 2nd Stage 3rd Stage 4th Stage Dept
Key
Personnel
Alternat
e
Person
nel
Stage 4
Contact
s
Portfolio Sungard/PFM/Citibank
Pool positions, daily
maturities and
income
City Hall - Onsite access 1155 Market Street Remote access from
home or other remote
location.
Remote access
via telephone
PFM to take
control of CCSF
portfolio (60 Day
Max per Contract)
Investments Stages 1-4:
Michelle,
Hubie, EJ
Pauline
Marx
PFM
Cash Flow Bank of America/TWS
Provides available
opening balance,
credits and debits
City Hall - Onsite access 1155 Market Street Remote access from
home or other remote
location.
Remote access
via telephone
PFM to take
control of CCSF
portfolio (60 Day
Max per Contract)
Investments Stages 1-4:
Michelle,
Hubie, EJ
Pauline
Marx
PFM
Cash Flow PFM
Comprehensive cash
flow analysis for Pool
City Hall - Onsite access 1155 Market Street Remote access from
home or other remote
location.
Remote access
via telephone
PFM to take
control of CCSF
portfolio (60 Day
Max per Contract)
Investments Stages 1-4:
Michelle,
Hubie, EJ
Pauline
Marx
PFM
Compliance/Policy
ConstraintsExcel/PFM
Provides information
on compliance and
policy constraints
City Hall - Onsite access 1155 Market Street Remote access from
home or other remote
location.
Remote access
via telephone
PFM to take
control of CCSF
portfolio (60 Day
Max per Contract)
Investments Stages 1-4:
Michelle,
Hubie, EJ
Pauline
Marx
PFM
TradingBloomberg/Broker
Contacts
Trading platform and
trading via broker
contacts
City Hall - Onsite access 1155 Market Street Remote access from
home or other remote
location.
On-line trading
via electronic
platforms and/or
manual trades
via telephone
PFM to take
control of CCSF
portfolio (60 Day
Max per Contract)
Investments Stages 1-4:
Michelle,
Hubie, EJ
Pauline
Marx
PFM
Trading BondEdge
Provides portfolio
analytics and
scenario/risk analysis
City Hall - Onsite access 1155 Market Street Remote access from
home or other remote
location.
No access PFM to take
control of CCSF
portfolio (60 Day
Max per Contract)
Investments Stages 1-4:
Michelle,
Hubie, EJ
Pauline
Marx
PFM
Settlement/Wire
TransfersBanking
Cash movements for
bond proceeds as
Fiscal Agent
City Hall - Onsite access 1155 Market Street Remote access from
home or other remote
location.
Remote access
via telephone
PFM to take
control of CCSF
portfolio (60 Day
Max per Contract)
Investments Stages 1-4:
Michelle,
Hubie, EJ
Pauline
Marx
PFM
Custody Citibank
Provides trade
settlement, income
collection, corporate
action processing,
and cash movement
to BOA for CCSF
City Hall - Onsite access 1155 Market Street Remote access from
home or other remote
location.
Remote access
via telephone
PFM to take
control of CCSF
portfolio (60 Day
Max per Contract)
Investments Stages 1-4:
Michelle,
Hubie, EJ
Pauline
Marx
PFM
6Source: City & County of San Francisco, Office of the Treasurer
Are you prepared?
Your Bank can help you address needs like:
▪ Payables—cover payroll and make urgent payments
▪ Receivables—track collections
▪ Treasury—monitor your cash position (balance and
detail activity) remotely
Consider the following: ▪ How will you pay your employees? How will you pay the employees who do not have
checking accounts?
▪ How much line of credit do you need in case you’re unable
to make deposits to cover your disbursements?
▪ How will you process your ACH and wire transfers to pay
your vendors?
▪ How will your employees pay for emergency needs?
▪ How will you access your online reports?
8
Your Bank can help support your contingency plan
Need Banking Solutions
Online
Reporting
▪ Balance reporting, lockbox, controlled disbursement and other critical reports
can be faxed to your business continuity site
▪ Mobile capabilities for access to track daily cash management activities
Receivables ▪ Lockbox reports can be faxed to your business continuity site
▪ Mobile capabilities for flexible access to daily
ACH ▪ Several backup procedures are offered –and may be customized according
to your requirements
▪ Examples of file deliveries: HTTPs, email
Wire
Transfers ▪ Wire initiation can be made via telephone and secure PINS
▪ Mobile review and approval of pending payments
Payroll
▪ Replicate the last payroll file to help ensure funds are disbursed to your
employees on time
▪ ACH and wire transfers are options for your employees who do not have
direct deposit
▪ Prepaid cards may be an option for your employees who do not have bank
accounts
Credit
Cards
▪ Emergency card issuance—generally with next-day delivery
▪ Card cancellation and replacements processed by your card program
administrator directly
▪ 24/7/365 customer service support
Prepaid
Cards ▪ Emergency access cards for employees
▪ New prepaid card programs generally can be setup in two to three days
Cash▪ Establish a deposit work order sheet to expedite cash orders
▪ Web ordering available as well
Ask your bankers to
help you prepare for an
emergency.
Any event that disrupts your
organization’s ability to
function for an extended
period of time.
9
Business Resiliency Mission Statement
Ensure your financial partner has the ability to continuously operate during business disruptions.
PEOPLEDevelop dynamic,
knowledgeable,
risk sensitive
community of risk
professionals
CLIENTDemonstrate our
ability to continue
business during
adverse
situations
RISK
CONTROLSEffectively
manage the
resiliency
controls in the
risk and
regulatory
environment
PROCESSESDrive
consistency,
efficiency and
effectiveness
through global
processes
INNOVATIVE
TECHNOLOGYDevelop and
leverage
effective tools to
enhance our
capabilities
11
Resiliency Approach
12
1. Conducting a Business Impact Analysis – Review of process to determine prioritization & Recovery Time Objective (RTO)
. Key areas reviewed include:
Financial impact
Customer impact
Legal / Regulatory impacts.
2. Determining Business Resiliency Strategy Solution – Based upon RTO, strategy can range from Work at Home solutions
up to developing a robust Global Footprint.
Determining Resiliency Plan:
3. Conduct reviews and document all key information that would be needed if resiliency plan was to be invoked. Key areas
to consider:
Defining Resiliency Plan Events:
4. Plan Testing – Develop robust and regular testing plans to ensure that the strategy adequately supports the needs to
business. Testing should include Call Trees, connectivity, validation of capability to meet RTO.
5. Plans / Audit Revisions – Continuous review of plans with Resiliency office and Risk teams. Annual testing reports are
reviewed & solutions are discussed / implemented.
Testing and Refining Resiliency Plan:
Activation
Critical Tasks
Technology Requirements / Data Access
Recovery Site Specifications
Transportation
Communications with Clients, Vendors, and Staff
GovernanceOversight
Resiliency risk implementation model
13
RISK ASSESSMENT
Identify threats
Understand vulnerabilities
Assess concentration risk
BUSINESS IMPACT
ANALYSIS
Assess risks
Establish tolerances
Derives recovery time
objectives
Interdependencies
requirements
1Risk
Assessment
2Business Impact
Analysis
3Strategies /
Solution
4Document
Business and Crisis Plans
5Testing /
Awareness
6Maintenance
and Reporting
STRATEGIES / SOLUTION
Mitigate risk
Meet RTOs
Solution meets business need
DOCUMENT BUSINESS
AND CRISIS PLANS
Quality planning
Key components
Notification
Crisis plan
TESTING / AWARENESS
Validate plans
Proactive training
Awareness campaign
GOVERNANCE OVERSIGHT
MAINTENANCE AND
REPORTING
Validate to standards
Change management
Effective reporting
Set priorities
Transparency
Major expenditures
Support operating model
Escalation
Resiliency: Best Practices
14
No Critical Processes co-located with Operations
Critical Systems in multiple locations in order to maintain
operations in the event of a regional outage
No such thing as a BAU site or a disaster recovery (DR)
site – should be identical
Routinely move production between BAU and DR sites
Technology staff as comfortable in the DR site as they are
in the BAU site
Realize desktop virtualization to enable people to work
from anywhere, anytime
Technology
Clear, frequent and structured communications are key
Involve all business partners in resiliency planning &
testing
Verify ability to sustain processes in another location for
extended periods of time
Develop close working relationship with key 3rd party
vendors and ensure that their resiliency plans are
understood and that they can adequately support your
needs
Operations
Lessons Learned
Mother Nature
Update employees on forecast,
precautions and emergency
procedures
Have capability in place to
locate all staff members
Establish, track and
communicate storm thresholds
& response levels
Allocate contingency funding to
assist employees
Political Events
Implement and maintain strong
local insights
Ensure speed of communication
matches speed of the event
Conduct frequent assessment
calls to ensure ability to shift
work quickly
Pandemic Planning
Establish absentee thresholds
for all processes, functions and
locations
Pre-position critical staff to
other locations if thresholds are
approached
Frequently test work-at-home &
remote access capability
Chase, J.P. Morgan, and JPMorgan Chase are marketing names for certain businesses of JPMorgan Chase & Co. and its subsidiaries worldwide (collectively, “JPMC”).
This document was prepared solely and exclusively for the benefit and internal use of the party to whom it is directly addressed and delivered (the “Company”) in order to make
a preliminary presentation to the Company regarding certain products or services that might be provided by JPMC. This document and any related presentation materials are
for discussion purposes only and are incomplete without reference to, and should be viewed solely in conjunction with, a related oral briefing provided by JPMC. This
presentation does not constitute a commitment by any JPMC entity to extend or arrange credit or to provide any other services. The Materials and oral briefing (collectively the
“Information”) contain information which is confidential and proprietary to JPMC and may only be used by the Company for the purpose of evaluating the products and services
described in the Information and may not be copied, published, disclosed or used, in whole or in part, for any other purpose other than as expressly authorized by a JPMC
entity.
In preparing the Information, JPMC has relied upon and assumed, without independent verification, the accuracy and completeness of information available from public sources
or provided to it by or on behalf of the Company. JPMC does not guarantee the accuracy, completeness or reliability of that information. JPMC’s opinions and estimates
contained herein reflect prevailing conditions and our views as of this date, which are accordingly subject to change, and should be regarded as indicative, preliminary and for
illustrative purposes only. Our analyses are not and do not purport to be appraisals of the assets, stock, or business of the Company or any other entity.
The Information is not intended and shall not be deemed to constitute or contain advice on legal, tax, investment, accounting, regulatory, technology or other matters on which
the Company may rely, and the Company should consult with its own financial, legal, tax, accounting, compliance, treasury, technology, information system or similar advisors
prior to entering into any agreement for JPMC products or services. The Company is responsible for its own independent assessment as to the cost, benefit, suitability and
appropriateness of any products or services it obtains from JPMC. JPMC makes no representations as to the actual value which may be received in connection with any JPMC
product or service or the legal, tax, or accounting implications of consummating any transaction contemplated by the Information.
The Information contained herein is intended as general market and/or economic commentary, does not constitute and should not be treated as J.P. Morgan research. The
Information may differ from that contained in J.P. Morgan research reports. The Information is not intended as nor shall it be deemed to constitute advice or a recommendation
regarding the issuance of municipal securities or the use of any municipal financial products. JPMC is not providing any such advice or acting as the Company’s agent,
fiduciary or advisor, including, without limitation, as a Municipal Advisor under Section 15B of the Securities and Exchange Act of 1934, as amended.
The Information does not purport to set forth all applicable terms or issues and are not intended as an offer or solicitation for the purchase or sale of any financial product or
service or a commitment by JPMC as to the availability of any such product or service at any time. JPMC products and services are subject to applicable laws, regulations,
service terms and policies of JPMC. Not all products and services are available in all geographic areas or to all customers. Eligibility for particular products and services is
subject to satisfaction of applicable legal, tax, risk, credit and other due diligence, JPMC’s “know your customer,” anti-money laundering, anti-terrorism and other policies and
procedures.
Products and services may be provided by commercial bank affiliates, securities affiliates or other JPMC affiliates or entities. In particular, securities brokerage services other
than those which can be provided by commercial bank affiliates under applicable law will be provided by registered broker/dealer affiliates such as J.P. Morgan Securities LLC,
J.P. Morgan Institutional Investments Inc. or by such other affiliates as may be appropriate to provide such services under applicable law. Such securities are not deposits or
other obligations of any such commercial bank, are not guaranteed by any such commercial bank and are not insured by the Federal Deposit Insurance Corporation.
All trademarks, trade names and service marks appearing in the Information are the property of their respective registered owners.
© 2016 JPMorgan Chase & Co. All rights reserved
Disclaimer
16
Notice to recipient
• "Bank of America Merrill Lynch" is the marketing name for the global banking and global markets businesses of Bank of America Corporation. Lending, derivatives and other commercial banking activities are performed globally by banking affiliates of Bank of America Corporation, including Bank of America, N.A., member FDIC. Securities, strategic advisory, and other investment banking activities are performed globally by investment banking affiliates of Bank of America Corporation ("Investment Banking Affiliates"), including, in the United States, Merrill Lynch, Pierce, Fenner & Smith Incorporated and Merrill Lynch Professional Clearing Corp., both of which are registered as broker-dealers and members of SIPC, and, in other jurisdictions, by locally registered entities. Merrill Lynch, Pierce, Fenner & Smith Incorporated and Merrill Lynch Professional Clearing Corp. are registered as futures commission merchants with the CFTC and are members of the NFA. Investment products offered by Investment Banking Affiliates: Are Not FDIC Insured * May Lose Value * Are Not Bank Guaranteed.
• This document is intended for information purposes only and does not constitute a binding commitment to enter into any type of transaction or business relationship as a consequence of any information contained herein.
• These materials have been prepared by one or more subsidiaries of Bank of America Corporation solely for the client or potential client to whom such materials are directly addressed and delivered (the “Company”) in connection with an actual or potential business relationship and may not be used or relied upon for any purpose other than as specifically contemplated by a written agreement with us. We assume no obligation to update or otherwise revise these materials, which speak as of the date of this presentation (or another date, if so noted) and are subject to change without notice. Under no circumstances may a copy of this presentation be shown, copied, transmitted or otherwise given to any person other than your authorized representatives. Products and services that may be referenced in the accompanying materials may be provided through one or more affiliates of Bank of America, N.A.
• We are required to obtain, verify and record certain information that identifies our clients, which information includes the name and address of the client and other information that will allow us to identify the client in accordance with the USA Patriot Act (Title III of Pub. L. 107-56, as amended (signed into law October 26, 2001)) and such other laws, rules and regulations.
• We do not provide legal, compliance, tax or accounting advice. Accordingly, any statements contained herein as to tax matters were neither written nor intended by us to be used and cannot be used by any taxpayer for the purpose of avoiding tax penalties that may be imposed on such taxpayer.
• For more information, including terms and conditions that apply to the service(s), please contact your Bank of America Merrill Lynch representative.
• Investment Banking Affiliates are not banks. The securities and financial instruments sold, offered or recommended by Investment Banking Affiliates, including without limitation money market mutual funds, are not bank deposits, are not guaranteed by, and are not otherwise obligations of, any bank, thrift or other subsidiary of Bank of America Corporation (unless explicitly stated otherwise), and are not insured by the Federal Deposit Insurance Corporation (“FDIC”) or any other governmental agency (unless explicitly stated otherwise).
• This document is intended for information purposes only and does not constitute investment advice or a recommendation or an offer or solicitation, and is not the basis for any contract to purchase or sell any security or other instrument, or for Investment Banking Affiliates or banking affiliates to enter into or arrange any type of transaction as a consequent of any information contained herein.
• With respect to investments in money market mutual funds, you should carefully consider a fund’s investment objectives, risks, charges, and expenses before investing. Although money market mutual funds seek to preserve the value of your investment at $1.00 per share, it is possible to lose money by investing in money market mutual funds. The value of investments and the income derived from them may go down as well as up and you may not get back your original investment. The level of yield may be subject to fluctuation and is not guaranteed. Changes in rates of exchange between currencies may cause the value of investments to decrease or increase.
• We have adopted policies and guidelines designed to preserve the independence of our research analysts. These policies prohibit employees from offering research coverage, a favorable research rating or a specific price target or offering to change a research rating or price target as consideration for or an inducement to obtain business or other compensation.
• Copyright 2015 Bank of America Corporation. Bank of America N.A., Member FDIC, Equal Housing Lender.
17