Then - a storm rages, streets are flooded and phone lines are down. Now - two planes slam into the World Trade Center's twin towers and another into the Pentagon and a third into a remote field in Pennsylvania on Sept. 11. Dealing with natural disasters like fires and floods used to be somewhat normal, yet unpredictable. Now disasters are more than unpredictable; they are scenes straight out of a Stephen King novel. A business has only one chance - therefore it is important to establish a disaster plan or rethink the one currently in place.
But, where does a financial institution begin? A business contingency plan is the answer to the unexpected business interruption. According to Larry Herriott, in the article "Business Contingency Planning Is ..." written for the Disaster Recovery Journal, the business contingency plan's objectives are to ensure continuity and survival of the business, provide protection of corporate assets, provide management control of risks and exposures, provide preventative measures where executed will permit an effective resumption of interrupted business functions or computer operations.
To begin the process, Jane Applegate in an article Guard Against Disaster written for the financial subsidiary of CNN Network, CNNfn, a financial institution should ask the following questions:
* Where would your bank's employees work if the office lost all power or was damaged by fire or flood?
* Can your institution arrange to share space temporarily with another business?
* Does your institution have copies of all its essential business records in case computer systems are damaged?
* How would the bank keep in touch with its customers, clients and suppliers if the office was closed?
* How would the institution keep in touch with each other?
The mission: create a disaster plan that makes sense.
Loss of power should also be of concern to an institution, notes Dorothy N. Gray, president, Data Control Specialists, Inc., in an article on her company's web site, "Disaster Plan Should Address Routine Electricity Needs." When asked what institutions would do in case of an outage, many bankers said they would arrange to bring in a power generator. That's the logical answer, but if an entire community is affected there won't be enough generators to serve everyone in the community, Gray added.
A bank disaster recovery plan should include a list of companies that supply generators, along with their locations and telephone numbers. Gray also notes that the plan should specify the generator type and capacity the bank requires, as well as the type of fuel it uses. It is suggested to call the telephone numbers listed in the plan to verify the companies are still in business and the numbers are correct.
Keeping the financial institution's data stored in an off-site location so that it can recover more quickly is also essential, in the article How to Protect Your Business from Disasters released by SafeBackup.net in Tampa, Fla.
For example, Bank of America demonstrated how beneficial it is to store data in safe houses during the week of the attacks. Bank of America was fully operational within less than one hour and had not lost any transactions in the process.
SafeBackup.net poses several questions to consider when locating storage space for data that include:
* Is the facility open to the public?
* What kind of physical and digital security does the provider supply?
* Is the building designed to withstand the forces of nature?
* Does the company keep the location of their storage buildings secret?
Disaster recovery planning can be expensive. For most institutions, monies must be allocated for personnel, alternate sites, network recovery and off-site storage. Further increasing the cost of recovery is the fact that the traditional role of disaster recovery planning has now evolved into corporate contingency planning, according to John Watkins in the article Justifying the Contingency Plan written for the Disaster Recovery Journal. Plans are written so that not only will the data center be recovered but all vital business function, as well, added Watkins.
How does an institution determine the money and resources to devote to contingency planning? The answer, according to Watkins, is the business impact analysis, which serves the following purposes: identify the potential risks; estimate the effects of a disaster on the organization; and determine the requirements for a recovery strategy.
"Hard dollar figures with an emphasis on estimates of lost revenues and productivity will make a more lasting impression on management than a hazy and subjective analysis," Watkins said.
The impact analysis should identify the key computer systems and business functions that are vital to an organization and specify how fast those systems and functions need to be brought back online so that business will not be severely interrupted. Many departments will need to become involved and be interviewed as to their needs and what impact each has on the institution. The impact analysis will then rank the order in which different systems will be brought back online. The analysis can save an institution money by ranking the order of importance. Since not every computer application or business function is mission critical to an institution, an institution might find that there are quite a few functions that fall under the "restore later" category.
"With senior management looking at all projects with an eye toward the bottom line, the business impact analysis is an important tool to justify the contingency planning," adds Watkins.
Many resources are available for financial institutions that are looking to create a comprehensive disaster plan or expand its current plan to include areas previously left out. There are also seminars and events nationwide that focus on contingency planning. Events like the International Disaster Recovery Symposium and Exhibition or the Contingency Planning Association with chapters in Oklahoma that hold monthly meetings in Tulsa. Other chapters are located throughout the United States.
Crackdown on money laundering
As a proactive move following the terrorist attacks on Sept. 11, the Bush administration has unveiled a new strategy to fight money laundering targeting mainly the big illicit operations that could potentially be used by terrorist groups.
The fight against money laundering - the process of moving money from illegal sales of arms or drugs, political corruption, prostitution and other illicit activities through a series of bank accounts or disguise them as proceeds from a legitimate business - has obviously gained new urgency since the attacks almost a month ago. The launderer might choose to invest the funds in real estate, luxury assets or business ventures.
The International Monetary Fund has stated that the aggregate size of money laundering in the world could be somewhere between 2% and 5% of the world's gross domestic product.
According to the Financial Action Task Force on Money Laundering, money launderers generally tend to seek out areas, which is a low risk of detection due to weak or ineffective anti-money laundering programs. Because the idea is to get the illegal funds back to the individual who generated them, launderers usually prefer to move funds through areas with stable financial systems.
If funds from the launderers can be easily processed through a particular institution, the institution could be drawn into activity and become a part of the criminal network itself. Evidence of such complicity will have a damaging effect on attitudes of other financial institutions and regulatory authorities, as well as customers, according to the Financial Action Task Force on Money Laundering.
The Financial Action Task Force adds that economies with growing or developing financial centers, but inadequate controls are particularly vulnerable. Launderers, who tend to move their networks to countries and financial systems with weak or ineffective countermeasures, will exploit the differences in national anti-money laundering systems. As with the damaged integrity of an individual financial institution, there is a damping effect on foreign investment when a country's commercial and financial sectors are perceived to be subject to the control of organized crime.
Fighting money laundering gets to the criminal where he or she is vulnerable. Without a usable profit, the criminal activity will not continue.
To aid in this task, the Treasury Department will direct a newly formed interagency program called the Foreign Terrorist Asset Tracking Center (FTAT). The FTAT will aim to develop a "big-picture profile of the financial infrastructure of terrorist groups," said Jimmy Gurule, treasury under secretary for enforcement. "We will be following the money trail wherever it leads."
The Treasury is also discussing the possibility of attaching anti-money laundering elements to an antiterrorism bill expected to be introduced soon. Among those elements are:
* expanded authority for the Secret Service to work with the FBI in money laundering investigations related to terrorism; and
* exemption to current law to allow the Internal Revenue Service to share certain tax-related information with investigators looking into terrorist activities.
Osama Bin Laden, whom the U.S. government has identified as the No. 1 suspect in the attacks on the World Trade Center and the Pentagon. is believed to use the Hawala, an ancient underground banking system in the Middle East and Far East, which shifts large amounts of cash between small teams of people in different locations. It can only be exposed if a link in the human chain deposits funds in a financial institution. With everything done verbally on a personal trust basis, it is easy to obscure the money trail.
According to government sources, this system is similar in concept to the Western hemisphere's biggest money-laundering network, the black-market peso exchange, used by drug cartels.
The FBI has asked all U.S. financial institutions and foreign banks with operations in this country to check their records for any relationships or transactions with the individuals who have been named as being under investigation by the law enforcement agency.
Investigators are also looking at Suspicious Activity Reports filed by financial institutions in the U.S. and other countries that would signal account records or financial institutions that would have facilitated in the movement of funds that financed the terrorist attacks.
A hotline has been established by the Treasury's Financial Crimes Enforcement Network (FinCEN) for financial institutions to voluntarily report suspicious transactions that may relate to the terrorist activity of Sept. 11. The number is 866-556-3974.
[Author Affiliation]
by Amy Buck-Lanter, associate editor
Комментариев нет:
Отправить комментарий