Podcast: Considerations for Managing a Pandemic

Initial Lessons Learned and Considerations for the Road Ahead

COVID-19 has been unsparing in its impact around the globe, permeating nearly every aspect of our lives. Beyond the direct and severe effects on health and wellness, how we live and work has changed in ways many of us previously thought unthinkable. Business continuity planning, cybersecurity and operational resilience remain among the top agenda items in board rooms across the industry.

Ken Bentsen, president and CEO of SIFMA, sat down with Ron Lefferts, global leader of technology consulting at Protiviti, and Tom Price, managing director and head of SIFMA’s technology, operations and business continuity team, to explore a new report for SIFMA members that outlines initial lessons learned as well as considerations for business leaders as they strategize over how to build resilience and thrive in this new environment.

SIFMA’s Business Continuity Planning (BCP) team continues to closely monitor COVID-19 and its impact on our industry and the markets. In the event of a significant incident that affects or has the potential to affect the operations of the financial system, SIFMA has a robust infrastructure to coordinate the financial industry’s BCP efforts. For more information and resources for those entrusted with this critical role, please visit www.sifma.org/bcp.

 

Transcript

Edited for clarity

[Ken Bentsen] Thanks for joining us for this episode in SIFMA’s podcast series. I’m Ken Bentsen, SIFMA’s President and CEO.

COVID-19 has been unsparing in its impact around the globe, permeating nearly every aspect of our lives. Beyond the direct and severe effects on health and wellness, how we live and work has changed in many ways that many of us previously thought unthinkable.

When the virus emerged in the first quarter of this year, the financial sector quickly implemented business continuity plans and entered a prolonged period of extreme market volatility. Over the following several months, the industry and the markets adjusted to the impacts of the pandemic, making a range of changes to operating models, use of technologies and market activities. Today, business continuity planning, cybersecurity and operational resilience remain among the top agenda items in the board rooms across the industry.

I’m joined today by Ron Lefferts, Global Leader of Technology Consulting at Protiviti, and Tom Price, Managing Director and head of SIFMA’s Operations, Technology and Business Continuity Planning team. Ron and Tom’s teams just published a new report for SIFMA members, Initial Lessons Learned and Considerations for Managing a Global Pandemic.

Ron and Tom, welcome.

[Ron Lefferts] Hi, thank you for having us.

[Tom Price] Thanks, Ken.

[Ken] This report is a snapshot of where we are today which, in the U.S., is still said to be the first wave of the virus. The report is therefore preliminary, but it is critically important. Today, we’re going to walk through key lessons learned to date as well as key considerations that we believe should be at the top of mind for business leaders as they strategize over how to build resilience and thrive in this new environment.

But, before we get to today, let’s rewind to 2007. Ron?

[Ron] Thanks, Ken. We can actually go back even to the 1970s, when pandemic planning became a feature of public health.

The industry began to actively coordinate and test its resilience to pandemics in the early to mid-2000s following the 2002-2003 SARS outbreak and the Bush Administration release of the National Strategy for Pandemic Influenza in November of 2005. The release of the national strategy was a major catalyst for the development and exercising of pandemic plans in the financial industry around the world.

[Tom] That’s right, Ron. In 2007, SIFMA along with the FBIIC, which is the Financial and Banking Information Infrastructure Committee, and the FSSCC, which is the Financial Services Sector Coordinating Council, along with the U.S. Treasury organized a crucial pandemic exercise that provided a roadmap for institutions to develop their own pandemic-specific business continuity plans and to learn how to navigate different scenarios. More than 2,700 U.S. financial services organizations participated in this three-week exercise which was incredibly helpful for us during this pandemic.

Critical lessons from the exercise guided us through many of these types of scenarios: for H1N1 back in 2009 and that also set the stage for institutions to hone their pandemic plans over the years, as epidemics increased in severity and frequency – including the swine flu of 2009-2010, MERS in 2012, Ebola in 2014-2016, as well as COVID in 2019-2020.

[Ken] That brings us to the situation we find ourselves in today. In January 2020, the World Health Organization published its first Disease Outbreak News and SIFMA, together with the FS-ISAC, began to host cross-sector calls on what was classified as pneumonia of unknown cause originating in China. The next few weeks were a roller coaster ride as the industry activated response protocols, many before the WHO officially declared a pandemic on March 11. Travel restrictions were put in place and all but essential staff were sent to work from home.

[Ron] Yes. Ken, firms took these actions while managing historic trading volumes and mitigating a potential uptick in operational risks, for example, cyberattacks. Financial market infrastructures and financial market utilities also managed productivity challenges from the pandemic effectively – an issue many had confidently signaled they could handle as far back as 2007.

Even with these obstacles, the financial industry kept markets running, provided businesses with much-needed liquidity during a time of severe stress, continued to serve and advise clients, and ensured timely clearance and settlement activities.

[Tom] That’s right, Ron. These are certainly unusual times. SIFMA coordinated the industry’s response activities to the COVID-19 pandemic, including through weekend sessions to clear failed trade backlogs. We conducted surveys of our members, and developed forums for exchanges, industry utilities, the FBIIC, FSSCC, Treasury, government agencies, and other public sector emergency managers. SIFMA also worked closely with U.S. regulatory bodies to obtain relief from 55 different regulatory issues – these regulations required physical or manual processes, something that proved challenging during the lockdowns and shelter in place orders.

[Ken] I have to say, it’s really quite extraordinary when you look back at it. How quickly the industry moved, how well things operated notwithstanding the challenges that had to be addressed. I note in the report that back in 2007 when that study was done, there was concern among industry participants as to whether or not everything would work and I think everyone was pleased that going to potentially, effectively 90% working remote that the markets operated and as pointed out through this extreme volatility back in late March and early April.

Indeed, COVID-19’s continuing impact has taught the industry many things about resiliency and we expect the list of lessons learned to continue to expand as the crisis stretches on.

[Ron] Ken, that’s a great point. What happens with firms is that this event also became a catalyst for acceleration of digital transformation and digital efficiency initiatives that firms had been investing in for years but really highlighted some additional areas that could improve operations while supporting in this model for the unforeseen future.

Broadly speaking, this including embracing agility and technology enablement in the workplace; managing third-party, cyber and concentration risks proactively; enhancing customer security and privacy protections – extremely critical for this industry; building stronger governance and processes around crisis management and communication; and developing financial discipline across the enterprise.

[Ken] It’s very interesting just thinking about the various calls we were hosting at SIFMA and frankly cross-border with our colleagues in Europe and Asia and with our member firms. You are absolutely right. These issues that were being learned real-time from COVID. At the same time, the pandemic has also reaffirmed many of our expectations around pandemic risk management.

[Ron] Right. For instance, we know preparedness for a pandemic requires the establishment of infrastructure and capacity, a process that can take years to build.

Firms who hadn’t made the investment across multiple industries were caught by surprise. The good news is financial markets as we have discussed have been planning for decades for a similar type of event so this preparedness has really benefited the industry. However, that does present many unique challenges due to the significant uncertainties around scale and duration of this impact.

To be effective at mitigating such a severe but plausible event, institutions should continue to enhance their pandemic and business continuity plans, as well as test and exercise those plans. It is important that we recognize that COVID-19 did not produce certain worst-case scenarios (such as a 50 percent incapacitation of staff due to illness or death which was contemplated in previous tabletop exercises) that some feared were possible and that could happen in future pandemics.

[Tom] No doubt, Ron. It is also important to note that government leadership and support are critical during a pandemic. As COVID-19 has shown, the full participation of all levels of government and all segments of society is a critical part of any response. It is in this spirit of collaboration and shared objectives that the financial sector and governments around the world have been working together on various types of regulatory relief needed to mitigate the financial and operational impacts of the pandemic. Needed to be addressed in all of this were shelter in place orders for essential services and personnel, physical processing of securities, medallion stamps, wet signatures and also even the disruption of mail service that we experienced.

[Ken] Before we get to the key considerations, a couple of points I would make are number one, Tom, on your point regarding regulators, very fast movement on financial services regulators on adapting the supervisory structure to a remote working environment. SIFMA is doing a tremendous amount of work now, engaging with our regulators on what the future may look like and how the structure is established around that. The second thing that both you and Ron talked about, here we are talking about a pandemic and the various exercises done around pandemics but it just underscores how important this ongoing exercising, training, tabletops, whether it is pandemics, whether is cyber, all forms of operational resiliency and business continuity are so terribly important.

I think back, I am sitting I think right now in the same room where I am working remotely to Sunday evening during Superstorm Sandy on an industry-wide call, and what was going on there and Tom you were right in the middle of that at Ground Zero and the lessons learned from that. This is so important because every time we go through one of these we learn things, the industry adopts and adapts and you are better positioned going forward and yet there are always going to be things that are going to come up that you hadn’t thought about but at least you are prepared to address them in real-time.

Let’s get onto the report’s key considerations. First and foremost, the health and wellness of the workforce should be a paramount consideration in the formal risk management structure of organizations, alongside enterprise, operational, financial, and IT risks.

[Ron] That’s right. Firms really should consider conducting their own after-action analysis of what went well and what did not go well with respect to their work from home capabilities. This study provides an outstanding view from industry of some of the actions and leading practices and lessons learned. Still, some firms may benefit from adopting a hybrid workforce model, if done in a thoughtful and secure manner. For many of the observations in the report, firms running their own analysis will be something that we feel would be extremely beneficial.

[Tom] Good point, Ron. The benefits of maintaining globalized operations were tested in this crisis, no doubt. Going forward, these systems will need to embrace operational resilience strategies and practices to increase their robustness, identify geographic and vendor concentration risks and minimize the risk of failure. They should also be inclusive of supporting third parties. And back to the report, I think it is important to have the support of the members, the regulatory community, the government and certainly our partners such as Protiviti.

[Ron] The one thing all firms touched on and I mentioned it before was around this acceleration of the digital transformation efforts that have been ongoing at their firms. The study clearly indicates that it is paramount that firms invest in and embrace these automation and critical digital tools, particularly to support operational areas where downtime risk could be most severe.

[Tom] Going forward, the industry should continue to collaborate with regulators to put in place critical regulatory relief during the pandemic, including forms of necessary relief that would promote working remotely, trading virtually, and extending the filing deadlines for statutory reports. This also means institutions should continue to pay close attention to any forthcoming regulatory guidance to stay current on new requirements.

[Ken] That’s right, Tom. And, as the industry does return to normal working arrangements, firms should work with regulators and infrastructure providers to identify opportunities to make permanent the more efficient operating models adopted during the pandemic.

[Tom] Good point, Ken. This will include moving away from requirements for physical documents and communications, such as dematerialization of physical securities and moving to e-delivery of client communications.

[Ron] All of these considerations and recommendations really point to an overarching need for firms to continue to build and invest in stronger technical infrastructures, with emphasis on countering the escalation in cyber threats due to many employees working from home which increases the attack factor for potential bad actors. We encourage all market participants to reference SIFMA’s Quantum Dawn cybersecurity exercises, details of which are available on SIFMA’s website.

[Ken] These considerations all point to a broad change that is underfoot. There’s an interesting section of the report regarding the future of work – a topic that is of universal interest and certainly something I hear from industry executives on a regular basis.

[Tom] No doubt, Ken, we’re certainly focused on that. Back in April, some financial firms began to contemplate how they would return staff to the office and resume normal operations. We did a number of surveys to our members to understand and to share peer-to-peer the results of the surveys. As these discussions progressed, it became increasingly clear that moving staff back to the office would be more complicated than maintaining work from home arrangements. Even so, firms began to explore the complexities involved with returning staff to the office which is an ongoing work of ours.

[Ken] Right, Tom. We published considerations for a return to the office to facilitate conversations at our member firms, including safety, legal and liability considerations, employee sentiment and privacy, availability of health screening and testing kits, human resource policies, local government directives and health care advisories, as well as the practical and logistical issues surrounding maintaining social distancing within the office. If one thing is for sure, it is that a “return” to office is going to look quite a bit different than before going to remote.

[Ron] Firms are developing reemergence plans, and now is the time to think critically about how the “new normal” will drive the future of work. Lessons learned in the past six months should guide firms’ assessment of which operational practices should remain in place going forward, and what metrics best demonstrate the ability to respond to a crisis and to operate efficiently, and whether certain business continuity initiatives should be accelerated or disregarded should be also part of the analysis.

[Tom] We encourage leaders to consider several things. First, under new collaborative tools and other technologies, the range of technologies, such as video-and text-based collaborative tools, that have been put in place during the massive shift to a remote working model have taken on newfound value, and their continued use may expand in the future to assist with other change-management efforts, as well as ongoing transformation and innovation initiatives.

[Ron] New approaches to collaboration and innovation have really come to the forefront. Organizations have been deploying things such as design-thinking exercises and approaches – often in a virtual setting for the first time and at scale globally. Many of these approaches will be worth incorporating long-term into the organization and expanding in a post-crisis environment.

[Tom] I think another point to be made under new leadership styles and communications, what we’ve seen is leaders have spent more time empathizing with employees and communicating in a clear and frank manner and less time deploying traditional motivational approaches and tactics often shared when performance is down. These new approaches towards communications and employee engagement will likely reshape future leadership and people-engagement strategies going forward.

[Ron] Another kind of interesting point to consider is this crisis has highlighted some new candidates for leadership. Across the industry, we have seen employees demonstrate an uncanny calmness under pressure and innovation when it comes to finding creative solutions to customers’ needs. That level of resourcefulness shown during the challenging times should be leveraged and harnessed when things return to normal and help firms identify and encourage the next generation of leaders.

[Ken] That indeed is a bright spot and something that again industry leaders are thinking a lot about. To your point, Tom, about communicating and empathizing with employees during the onset of the pandemic, there are still issues around that and firms are trying to address how you deal with maintaining the individual firm culture, how you deal with onboarding, and yet there has been tremendous communication back and forth. Ron, to your point, we’ve heard from members – in fact we did a survey with a number of our retail-oriented firms on how retail advisors were communicating with their clients and saw a dramatic uptick in bilateral communications with clients and in fact clients communicating with their advisors and seeing how they were doing. In some respects, in this unique environment we are in, the level of bilateral communication with employees, with clients, has ticked up albeit virtually.

Following in that, what’s next?

[Ron] Now is the time to think critically about the “new normal” and how that will drive the future of the workplace and operations. It is also the time for firms to assess which existing operational practices should remain in place, evaluate the metrics that best demonstrate their ability to respond to a crisis, and determine which operational resilience initiatives to implement or accelerate to prepare for a future pandemic or any other major severe event. Prioritizing automation and digitization as we’ve discussed many times will rapidly modernize financial services operations, and there will be an increasing need for global coordination and partnership between the sector, regulatory bodies and critical third parties to adopt these changes.

[Tom] Those are great points, Ron. Our members will take these initial lessons and considerations and apply them at their respective institutions. SIFMA and our partner organizations will continue to collaborate with the industry to enhance information-sharing and pandemic management practices on a global scale.

[Ken] As the pandemic stretches on and more issues arise, we will continue to gather critical data and insights to inform and expand the initial lessons and considerations highlighted in this report.

[Tom] That’s a good point, Ken. The report we have published is just the first; as we continue to learn from this experience, we will continue to publish a follow up report at some point in the future.

[Ken] To access this report as well as additional resources regarding operational resiliency and business continuity planning and cyber resiliency, please go to www.sifma.org.

Ron, Tom, thank you very much for joining us today and for the great work on this report.

Kenneth E. Bentsen, Jr. is president and CEO of SIFMA, the voice of the nation’s securities industry. He is also chief executive officer of the Global Financial Markets Association (GFMA). Ron Lefferts is global leader of technology consulting at Protiviti. Tom Price is a managing director and head of technology, operations and business continuity for SIFMA.