The Tribune

By Derek Smith Jr

Business continuity plans (BCP) seemed a novel idea only months ago for many businesses. Most felt that disaster recovery plans geared towards managing the impacts of hurricanes were sufficient. However, COVID-19 has proven that many business owners and operators have fallen short in their preparations.

Don not be alarmed. If you have not heard the acronym “BCP” before, it is simply a strategic management process aimed at minimising the social and economic fall-out for a company due to disruptions in normal business activities. The lack of preparation was exposed by the depleted lap-top inventory in many of the approved technology vendors in anticipation of imminent curfews and lockdowns.

For the financial services industry, BCPs are mandated after the September11 attacks. BCP guidelines were issued locally by the Central Bank of The Bahamas (CBOB) more than a decade ago; first in 2007 and then revised in 2008. The Central Bank explained at the time that “these guidelines were released to assist in improving the safety and soundness of licensees by allowing them to better manage disasters”.

The reality is simple. Businesses must rethink their BCPs or risk being dramatically impacted or, worse, becomimng insolvent. Business owners must ask themselves several key questions:

1. Have we conducted adequate risk assessments to appreciate the vulnerabilities and threats to our most critical resources and activities?

2. Have we identified BCP leads and teams?

3. Have we identified, documented, and socialised the BCP with key stakeholders, as well as tested it?

4. Have we conducted training for the business continuity teams?

5. Have we reviewed and updated our crisis communications toolkits?

The COVID-19 pandemic will continue to test BCPs, and business leaders cannot afford to wait to plan, but instead must constantly assess, adapt and act:

1. Assess which aspects of their plans are working, and which need to be tweaked.

2. Adapt to unconventional forms of doing business to minimise revenue loss and additional expenses.

3. Act decisively while always considering and balancing their employees’ well-being with operational realities.

Throughout this series, I will address key aspects of a robust BCP, including how to develop a BCP; identifying what internal and external factors should be considered in its implementation; and corporate governance surrounding BCPs.

NB: Derek Smith Jr is a compliance officer at a leading law firm in The Bahamas, and a former assistant vice-president, compliance and money laundering reporting officer (MLRO), at local private bank. His professional career started at a ‘Big Four’ accounting firm and has spanned over 15 years, including business risk management, compliance, internal audit, external audit and other accounting services. He is also a CAMS member of the Association of Certified Anti-Money Laundering Specialists (ACAMS).