banca ditalia - eurosistema 1 business continuity: the italian experience ravenio parrini payment...
TRANSCRIPT
![Page 1: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/1.jpg)
BANCA D’ITALIA - Eurosistema
1
Business Continuity:the Italian Experience
Ravenio ParriniRavenio ParriniPayment System Oversight OfficePayment System Oversight Office
Banca d’ItaliaBanca d’Italia
Budapest, 14 November 2007
![Page 2: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/2.jpg)
BANCA D’ITALIA - Eurosistema
2
1 Business continuity initiatives in Italy
2 Specific rules issued by Banca d’Italia
3 CODISE: the National Joint Working Group
4 Summing up
Index
![Page 3: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/3.jpg)
BANCA D’ITALIA - Eurosistema
3
September 2003: National black-out
In few seconds time the national power line system collapsed.. • people trapped in lift • traffic lights switched off• mobile network down• congestion in public switched telephone network• national railway system blocked
• fuel pump stations blocked •…. BC is an issue to take into account !!
Italian experience on BC..
![Page 4: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/4.jpg)
BANCA D’ITALIA - Eurosistema
4
Business Continuity (BC) key issues:
– major operational disruptions can result from unpredictable events (September 11th, National black-out);
– growing complexity of financial market infrastructures;
– Interdependency (cross-systems, cross-operators,
cross-countries): no one is an island…– Business Continuity of financial systems as a
public good.
(1. “BC: initiatives in Italy”)
![Page 5: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/5.jpg)
BANCA D’ITALIA - Eurosistema
5
The Italian Framework: two-layers approach
1. Single infrastructure/institution: i.e. increase the resilience of the single operator as a component of the overall national system; promote a common level in Business Continuity; … single financial operators are the “first line of defense” in a crisis situation.
2. National level coordination: i.e. a coordinating function with tasks of assessing the requirements, organizing tests, managing crisis;
In addition…. – a policy based on cooperation between authorities and financial operators– inclusion of individual business continuity plans within the scope of the scrutiny by the
competent supervisory authorities
Implementation- A national contact list- The Joint Working Group (CODISE)- Three Supervisory Guidelines on BC
(1. “BC: initiatives in Italy”)
![Page 6: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/6.jpg)
BANCA D’ITALIA - Eurosistema
6
1 Business continuity initiatives in Italy
2 Specific rules issued by Banca d’Italia
3 CODISE: the National Joint Working Group
4 Summing up
Index
![Page 7: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/7.jpg)
BANCA D’ITALIA - Eurosistema
7
2. Specific rules issued by Banca d’ItaliaAt the end of 2004, after the public consultation, Banca d’Italia issued a set of Business Continuity Guidelines. (…. see www.bancaditalia.it)
Guidelines have been designed primarily for the three financial sectors: Banking sector, Payment System infrastructures, Market infrastructures;
Some requirements…:– Scope: services/operators (identified by CODISE analysis) and major banks;
– BCP to be endorsed by the senior level management;
– scenarios to be faced: disaster, cyber-attack, provider unavailability (as agreed in the CODISE WG);
– recovery objectives (RTO): 2-4 hours for vital services;
– back-up sites: different risk profile, staff duplication/relocation;
– emergency procedures: role/responsibility, crises teams, utilities back-up, …
![Page 8: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/8.jpg)
BANCA D’ITALIA - Eurosistema
8
BCP Assessment of Payment System Infrastructures
Financial operators BCPs are evaluated to verify compliance to Banca d’Italia BC guidelines.
Assessment is based on:- bilateral meetings with financial operators;- evaluation of periodical documentation received by Banca d’italia;- a set of ToR (Term of Reference) derived from BC guidelines and used in evaluating operator’s BCP documents.
ToRs: a 35-items check list. A “rating” for each item:- A (Fully observed);- B (Broadly observed);- C (Partially observed);- D (Not observed);
ToRs used to measure operator’s improvements in BC.
(2. “Specific rules …”)
![Page 9: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/9.jpg)
BANCA D’ITALIA - Eurosistema
9
TIME FRAME
Financial stakeholders in the scope of guidelines had to:
By end 2004:
Produce Business Continuity Plan (BCP) endorsed by senior management;
Communicate the BCP to Banca d’Italia
By end 2006: Implement the BCP;
Every 6 months: Report to Banca d’Italia regarding BCP completed
phases
(2. “Specific rules …”)
![Page 10: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/10.jpg)
BANCA D’ITALIA - Eurosistema
10
Operator improvements in 2004-2006 focus on Services (protecting Assets is not enough..)
more emphasis on Resiliency (soundness – resist at disasters - is not enough… get
ready to recover from “scratch”..), staff management, emergency procedures;
plan for Large Crisis scenarios (managing risks from day-by-day operations is not enough… the objective is the company survival in case of disaster)
(2. “Specific rules …”)
ASSETS: Buildings; Staff , ICT
Financial Operator
SERVICESMISSION
Trading, Clearing, Settlement, ..
2004
2006
![Page 11: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/11.jpg)
BANCA D’ITALIA - Eurosistema
11
Physical sec.
Logical sec
Reliability (MTBF)
High Availability
Quality
Maintenance
Alternative Sites
Staff relocation
TLC recovery
ICT duplication
Disaster Recovery
Risk Analisys
Audit
Certifications
Incident Management
Crisis team
Alternative procedures
Stack-holders coordination
Contingency solutions
Interdependencies reduction
Resiliency
ASSETS SERVICES
Soundness
Expected losses
Stress losses (Disaster)
What
How
Against What
200420042006
2006co
sts
surviva
l
Improvements in 2004-2006
![Page 12: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/12.jpg)
BANCA D’ITALIA - Eurosistema
12
1 Business continuity initiatives in Italy
2 Specific rules issued by Banca d’Italia
3 CODISE: the National Joint Working Group
4 Summing up
Index
![Page 13: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/13.jpg)
BANCA D’ITALIA - Eurosistema
13
3 - The national Joint Working Group (CODISE)
CODISE includes both authorities (all major supervisory functions) and major financial system representatives:– coordinated by Banca d’Italia and Consob (stock exchange
commission) with the presence of a representative of the Italian Government
– Operators of main market infrastructures, major banking group, major payment systems service providers.
CODISE task: “to define the steps towards the System’s Business Continuity” , with the aim of limiting systemic risk
![Page 14: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/14.jpg)
BANCA D’ITALIA - Eurosistema
14
CODISE : Main Objectives
Scenario to face: large disruption (low probability, but large impact….)
Critical objectives to cover:– liquidity issues (assure liquidity availability in case of crisis);
– trading, clearing and settlement infrastructures (resiliency of..)
– public confidence
– link with cross-border systems
(3. “CODISE: the National …”)
![Page 15: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/15.jpg)
BANCA D’ITALIA - Eurosistema
15
• The “CODISE” National Contact List
Immediate low-cost intervention: in the first quarter of 2003, a National Contact List for Financial Business Continuity was set up.
A contact list among CODISE members: each member declares its own crisis manger as “contact point“ to be called in case of crisis; (each list-entry is composed by Company name, Contact point name, phone/fax numbers, e-mail addresses, alternative numbers).
The list is updated and activated by Banca d’Italia.
Periodical test (~ once a year) are carried out in order to assure “fresh data” stored in the list.
(3. “CODISE: the National …”)
![Page 16: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/16.jpg)
BANCA D’ITALIA - Eurosistema
16
• CODISE Workplan– Identification of relevant services– Selection of scenarios– Impact analysis – Implementation of emergency plans– Test and improvement of plans
Main achievements of CODISE analysis “Vital” services (i.e: operations to be completed before end-of-day):
– 8 financial services, 5 operators involved (trading, clearing, settlement – cash/securities)– National ATM networks, 3 major providers involved
Scenarios (to be considered in developing BCP): – Regional Disaster– Cyber attack– Unavailability of an infrastructure/provider.
Interdependency among financial operators (a cross-map of maximum tolerate outage among major operators);
Crisis procedures (simple crisis communication procedure based on national contact list)
(3. “CODISE: the National …”)
![Page 17: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/17.jpg)
BANCA D’ITALIA - Eurosistema
17
CRISIS COORDINATION: liaison with ECB structures.
A new role for CODISE: the joint group was set up as a forum among Italian operators to share info and to plan common initiatives on BC.
NOW is becoming also the “local crisis team” for coordination at EU level.
Coordination Structure
– ECB-PSSC is the European Crisis Team (teleconference among PSSC members);
– The italian PSSC member is also the Chairman of CODISE (Central Manager for Payment Systems and Treasury Operations of Banca d’Italia) and plays the role of national Crisis Coordinator (CC).
– Two scenarious:
1.Failure in an EU country: PSSC teleconference allows PSSC members to share info; the italian member (CC) can decide to activate CODISE contact list to share info and to take local initiatives.
2.Failure in Italy: the italian Crisis Coordinator (CC) activates the CODISE contact list for local initiatives; he contacts ECB-PSSC group to share info and coordinate initiatives
(3. “CODISE: the National …”)
![Page 18: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/18.jpg)
BANCA D’ITALIA - Eurosistema
18
Crisis Coordination: operation failure in EU
National contact list
Foreign operator failure
(country “A”)
PSSC
Italian financial system
National crisis coordination committee
(country “A”)
National crisis coordination committees
(EU countries)
CODISE
(3. “CODISE: the National …”)
![Page 19: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/19.jpg)
BANCA D’ITALIA - Eurosistema
19
1 Business continuity initiatives in Italy
2 CODISE: the National Joint Working Group
3 Specific rules issued by Banca d’Italia
4 Summing up
Index
![Page 20: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/20.jpg)
BANCA D’ITALIA - Eurosistema
20
Summing up…
Main achievements:– Common “Resilience Level” among major
financial operators.– “Open debate” on BC among authorities and
financial operators.– A simple coordination/communication procedure
in case of crisis.
Next steps:– more detailed crisis management procedures at
national level;– multi-years exercise plan with a growing
complexity.
![Page 21: BANCA DITALIA - Eurosistema 1 Business Continuity: the Italian Experience Ravenio Parrini Payment System Oversight Office Banca dItalia Ravenio Parrini](https://reader034.vdocuments.mx/reader034/viewer/2022052504/5515deac550346dd6f8b4c07/html5/thumbnails/21.jpg)
BANCA D’ITALIA - Eurosistema
21
REFERENCES… Italian BC guidelinesItalian BC guidelines• Payment system infrastructures: Payment system infrastructures:
– http://www.bancaditalia.it/sispaga_tesor/ssp/infrastrutture/bi/linee/http://www.bancaditalia.it/sispaga_tesor/ssp/infrastrutture/bi/linee/Linee_guida_SSP_en.pdfLinee_guida_SSP_en.pdf
• Market infrastructuresMarket infrastructures– http://www.bancaditalia.it/banca_mercati/supervisione/normativa/linee/http://www.bancaditalia.it/banca_mercati/supervisione/normativa/linee/
guidelines/Guidelines_for_business_continuity.pdfguidelines/Guidelines_for_business_continuity.pdf• Banking sector Banking sector
– http://www.bancaditalia.it/vigilanza/banche/normativa/disposizioni/provv/http://www.bancaditalia.it/vigilanza/banche/normativa/disposizioni/provv/requisiti_processi_rilevanza_sistemica.pdfrequisiti_processi_rilevanza_sistemica.pdf
Financial-Related DocumentsFinancial-Related Documents• High-level principles for business continuity (2005) (High-level principles for business continuity (2005) (web site web site http://www.bis.org/).).• Business Continuity Oversight Expectations for Systemically Important Payment Business Continuity Oversight Expectations for Systemically Important Payment
Systems (2006) Systems (2006) (web site: (web site: http://www.ecb.int/).).• Interagency Paper on Sound Practices to Strengthen the Resilience of the U. S. Interagency Paper on Sound Practices to Strengthen the Resilience of the U. S.
Financial System (2002) Financial System (2002) – web site – web site http://www.sec.gov/).).
Relevant Web SitesRelevant Web Sites• http://www.thebci.org/• http://www.business-continuity.com/ http://www.business-continuity.com/ • http://www.survive.com/ • www.bsi-global.com• – – see also BS7799, ISO 27001 (information security standards).see also BS7799, ISO 27001 (information security standards).