Podcast: Searching for the ‘New Normal’ – A Business Continuity Planning Update

The financial industry’s response to managing the global coronavirus pandemic (COVID-19)

In the face of a global pandemic, the financial industry has relied upon its robust business continuity planning efforts. Ken Bentsen, president and CEO of SIFMA, sat down with Ron Lefferts, global leader of technology consulting at Protiviti, and Tom Price, managing director and head of SIFMA’s technology, operations and business continuity team, to explore the story behind the industry’s business continuity planning efforts in the face of a global pandemic.

SIFMA’s Business Continuity Planning (BCP) team continues to closely monitor COVID-19 and its impact on our industry and the markets. In the event of a significant incident that affects or has the potential to affect the operations of the financial system, SIFMA has a robust infrastructure to coordinate the financial industry’s BCP efforts. For more information and resources for those entrusted with this critical role, please visit www.sifma.org/covid-19.

Transcript

Edited for clarity

[Ken Bentsen] Thanks for joining us for this episode in SIFMA’s podcast series. I’m Ken Bentsen, SIFMA’s President and CEO.

When COVID-19 emerged in the first quarter of this year, the financial industry quickly implemented its business continuity plans and battened down the hatches to withstand a period of extreme market volatility.

Today, I’m joined by Ron Lefferts, Global Leader of Technology Consulting at Protiviti, and Tom Price, Managing Director and head of SIFMA’s Technology, Operations and Business Continuity Planning team. With insight from our industry’s operations professionals, we’re going to walk through the past several months to explain where we are today and look ahead to where the industry might be headed.

Ron and Tom, welcome.

[Ken] Tom – you and I spoke on this podcast back in mid-March, right as the situation started to escalate in the U.S. That seems like a lifetime ago. To give us some perspective for our discussion today, can you take us back to when this situation first across the BCP team’s radar?

[Tom] Thank you, Ken. As a part of SIFMA’s BCP activities, once we identify a problem, we will start to coordinate and that is what we did back in January. We started to coordinate across the sector. We identified that there was an issue, we met every other day starting in mid-January, with the regulators, U.S. government agencies and members, watching this situation closely first in China and then watching as it materialized in Hong Kong, Singapore and then ultimately Europe.

As you know. SIFMA has a robust BCP organization to address all these types of hazards. Now, our primary goal is to ensure the effective functioning of markets and of course the safety of personnel is of the highest importance. We need to always be ready to address any type of disruption – whether its weather, physical, technological or cyber in nature. Key aspects of our BCP program include quick to market, first by identifying a problem early, sharing that information across the public and private sectors, and then escalating as necessary based on the circumstances to seniors and others across the industry.

[Ken] As we watched what was going on in Asia, and then Europe, things really began to escalate in the U.S. in March.

[Ron] Sure and thanks Ken again for having me, really appreciate it. As people and investors started to digest the spread of the virus and the implications of a large scale shutdown, markets really started to show stress. We first saw them in the repo market, and then in the Treasury market. Then, illiquid conditions and dislocations emerged in all fixed income markets. The stock market also bottomed out. Now we know just recently that the National Bureau of Economic Research officially declared that the U.S. is in a recession since February.

[Ken] That’s when the Fed in coordination with the U.S. Treasury and Congress first stepped in to get credit flowing to households and businesses.

[Ron] Yeah, it was just in time. States across the country began to implement widespread stay at home actions. The industry went into its business continuity planning mode – areas where firms have been practicing for years. This pandemic has been slow-moving in terms of there were some forecasts that this was going to happen plus symmetrical meaning all firms are going to be impacted and so leveraging some of the protocols in the work, especially through SIFMA, they coordinated their BCP plans.

I think importantly the financial services industry is considered an essential critical service and part of the critical infrastructure. I think that imperative for financial services firms to work with and respond to and really support the broader economy has been something that has been incredibly important. I think as opposed to other times – like for example the financial crisis of 2008 – in this pandemic crisis, financial services really has been part of the solution and not part of the problem.

[Ken] And that is our overarching goal – to maintain orderly and functioning markets to underpin the broader economy. SIFMA, on behalf of the industry, has been active on this front for quite some time. In fact, our 2007 pandemic exercise laid the groundwork for much of our efforts today.

[Tom] Indeed, Ken. That is exactly right. Back in 2007, SIFMA partnered with U.S. Treasury, members and more than 2,700 industry professionals and others to simulate a severe worldwide global pandemic. The exact scenario that we are living through today.

So, in mid-January, as this pandemic started to materialize in China, we dusted off the pandemic white paper that we published and started to leverage some of the key findings such as safety of employees, potential technology concerns around moving staff from their office to their homes, understanding regulatory relief that may be necessary. So we refamiliarized ourselves with terms like social distancing, cross-training, PPE, staggered and phased staffing – all of the things that we have identified in the 2007 white paper we are able to leverage as a basis or groundwork to build on to address this pandemic exercise in financial services.

[Ken] The 2007 exercise has really proven to be invaluable. Its foundation allowed us to really address the unique issues that we are having to deal with today. For instance, the tremendous volatility that we saw in that mid-March period caused a failed trade backlog and it ended up taking two weekend sessions to clear.

[Ron] That’s where practice makes perfect. There were more than 270 key trading staff and 50 institutions cleared a large backlog of failed trades on March 28 and April 25, before the month-end which is critical we get that done. The trades arose from the heightened trading volumes we saw, that we were discussing earlier, which were multiples of typical daily volumes. The effort was coordinated by SIFMA. Also, it was the first time the protocols were used outside of a test environment and that was successful. Had the backlog not been cleared, banks would have been left with unaccounted risks and trading conditions could have deteriorated causing further market volatility.

[Ken] It really underscores the importance of continuous training in interim more benign periods and in this particular instance, working with the failed trades underscores the critical aspects of back-office tasks. But it also underscores that we have tasks that really date from the time of paper stock certificates.

[Tom] That’s right. Back-office operations are critical to financial service operations. We are responsible for processing and the execution of transactions, responsible for robust technology infrastructure that supports our organizations, we are engaged in settling transactions and transmitting funds, it involves reconciliation… Operations is really the backbone or I would rather call it the nervous system of financial services.

As it relates to regulatory relief, there were a number of processes that still require physical or manual intervention. Anything from processing a physical security. So the reconciliation of physical securities in the vault known as the box count, wet signatures, mailing shareholder materials, medallion stamps, all of which require physical or manual intervention. Once identifying the necessity to have regulatory relief of course we engage with the regulatory community and were granted temporary relief on many of these issues identified.

[See SIFMA’s letters to the U.S. Securities and Exchange Commission, dated March 25 and April 15.]

[Ron] And I would like to add, as an industry, we’ve also been hyper-focused on the increased cybersecurity risk that arises during periods of turmoil. Although the industry has been practicing this scenario for years, the fact is this is how fast-moving this was and doing it at scale in this period of time was something that was really challenging. Investments in technology enablement tools over the years have definitely helped smooth the course for financial services firms but that had some limits in places like India our part of the supply chain for operations had to extend technology infrastructure for the last mile, meaning homes in remote areas. These of type of things create different cybersecurity challenges that the industry has had to look at and had to face.

SIFMA recently completed its Quantum Dawn V cybersecurity exercise. Similar to the 2007 pandemic exercise, this is another example of the financial industry preparing for the unexpected. I think that these types of exercises are absolutely critical to how the industry understands how to respond and is part of the success the industry has been having today – a critical part of the success.

[Ken] I completely agree. It is really number one important and number two very interesting as the industry in the U.S. and around the globe went to working remote in as much as 95% as most firms reported to us and given its critical infrastructure status certainly in the U.S. and in most economies around the world there was a lot of scrambling going on as firms were trying to protect their people, get them home, keep the markets operating, make sure that everyone remained compliant with federal regulations but also state and other nation states in terms of having essential people have access for whether it was back-office functions or whatever it might be so a lot of moving parts in the U.S. as well as around the globe.

Let’s fast forward a few weeks. Things have to a large extent settled down. The curve of the virus certainly on the eastern seaboard has flattened. Market volatility while still having spouts of volatility has certainly died down as compared to an exponentially volatile period of the last two weeks of March. Volumes have come down on the whole and we actually – after some really horrendous economic data particularly with respect to unemployment and GDP which I think people expected notwithstanding the true pain that it reflects – we have started to see some green shoots. We had an unemployment number for May that was frankly different than pretty much every economist predicted. I think a lot of economists predicted that number would have been more likely in June than in May. We’ll see in a few weeks what the June number is. The question though people are asking is are we now getting to the ‘new normal’ and what is the new normal?

[Tom] That is an interesting question. It seems to me more of a challenge to return people to the office than it was to get folks from the office to their homes. A lot more planning.

[See SIFMA’s Considerations for Return to Office.]

We have been in constant contact with our members on the business return to the office work. A critical component of everyone’s plans is the safety of employees. Secondly, we need to rely on the local authorities around lifting shelter in place orders and also should leverage CDC and other health authorities as it relates to when the coast is clear.

Individual firms have established cross-functional internal teams to address return to office. One of the key components of these plans is to develop the right governance, recognizing that a plan, all of these plans, prioritize staff safety and each of these are going to be flexible consistent with understanding the business needs of the organization.

As well, what we found is that different regions will require different types of planning and resources. In addition to that, what we have done, a good part of the discussion is the potential for a second wave. Firms are preparing to screen employees, provide PPE, equipment, to have firms and individuals possibly attest to their health, and then there is the whole concept of reconfiguring or configuring your workspace to ensure you have proper social distancing, concepts of phasing, timelines, etc so there is a lot of thinking going into how to return people from their homes to their offices and the right measured approach.

[Ken] As the industry considers who, how and when they will return to office there are also a whole host of other issues we are looking at.

[Ron] That’s right. In speaking with a number of resilience leaders and other leaders from the membership, no one knows exactly what the right ratio is going to look like but they all understand that it is going to be something different. So, the people working from home versus not. Many recognize that working from the office and that driving that critical point of interaction and driving innovation is something that is core to the culture. That will continue forward.

I think that when we think about what firms are learning from this I would say let’s take a lens going out to the future, how can firms learn from these experiences and look at opportunities to continue to enhance and invest. For example, a lot of firms did have to scramble to enhance their digital tools for remote working on that kind of scale. So, looking beyond this and prioritizing investments in key areas is a great opportunity for improvement.

We already talked about security and privacy risks so looking at those with a resilience lens is extremely important, as well as looking at potential ongoing enhancements to things like e-signatures and digitization. Tom had mentioned earlier some of the great work that SIFMA had done to help alleviate some of those burdens, operating burdens. Those opportunities to have continued improvement going forward are areas that remain.

[Ken] As I talk to senior industry executives from all different types of firms and certainly every firm is unique and different types of workforces and product mixes and the like, they are looking at different approaches not just how they will return to office as the pandemic eases and hopefully addressed but also really more long-term what do they want their workforce or how do they want to situate their workforce logistically. This is consistent with going back to some of the whole premise of this discussion around business continuity planning and the importance of training, something that we at SIFMA and the industry does is coming out of all of these crises is what are the lessons that we have learned? What are the things that worked? Things that didn’t work? What changes should the industry or regulators or mutually be made to be even more resilient going into the next crisis whatever that may be.

With that, we will continue to closely monitor COVID-19 and its impact on our industry and the markets. For more industry resources to maintain operational resiliency as well as information on the unprecedented actions taken, please visit www.sifma.org/covid-19. While you are there, I encourage you to explore our other resources to promote effective and resilient capital markets.

Ron and Tom, thank you for spending some time with me today and for participating in this podcast.

Kenneth E. Bentsen, Jr. is president and CEO of SIFMA, the voice of the nation’s securities industry. He is also chief executive officer of the Global Financial Markets Association (GFMA). Ron Lefferts is global leader of technology consulting at Protiviti. Tom Price is a managing director and head of technology, operations and business continuity for SIFMA.