Extreme weather events like Hurricane Florence this past weekend and Hurricane Maria last year are happening more and more frequently. That’s why it is crucial for companies to have a strong business continuity plan in place.
Since the treasury function is at the forefront of a company’s money, there may be no better department to be a leader in business continuity planning (BCP). But to be successful, treasury needs a well thought-out strategy.
WHAT TO DO WHEN DISASTER STRIKES
A recent Treasury in Practice Guide, underwritten by Kyriba, provides tips on how treasury departments can implement successful business continuity plans, so that the next time disaster strikes, you’ll be ready.
Determine your critical assets.
The first thing a treasury department needs to do when creating a business continuity plan is figure out all of its critical assets. One of the best ways to determine this is by calling a meeting with the CEO and CFO to hash out the business’ priorities and the risks that can impact them. That way, when an event occurs—be it a natural disaster, a power outage, or a change in the marketplace, a change in a certain customer environment—the company will fall back on the “vision” it has set for itself.
It is important to note that meeting with the CEO and/or CFO is not a one-time thing. A company’s priorities can change, and treasurers need to stay on top of those changes. Therefore, treasury should be meeting regularly with high-level executives.
Use a template or standard.
Once you iron out the business’ priorities, it’s time to actually write the plan. Writing out a plan is not easy, however, which is why many organizations utilize BCP templates to get started. Jeff Johnson, CTP, CFO of Amesbury Truth and Chairman of AFP’s Board of Directors, believes that treasury departments should begin with a generic BCP template and adapt it for their needs. “The challenge a lot of organizations have is that often they want to put something together but they have no template,” he said.
Sample templates can be found rather easily online. Although corporates may not always be the target audience for a particular template, many of these samples can be adapted for their uses. A good plan will provide an overview of the organization, identifying key assets and the risks to them. It will specify the measures that can be taken in the event of an emergency, what their objectives are, and who is tasked with putting them into motion. It should also include a full distribution list of the plan recipients, as well as tables where any updates to the plan can be recorded.
Don’t forget the basics.
In early 2015, Akamai Technologies, a content delivery network (CDN) and cloud services provider, had to exercise its business disaster recovery plan. Cambridge, Mass., where Akamai is located, was forced to close its offices for non-network operations command center employees due to snowstorms. “In order for our employees to be able to work from home, our company failed over to our disaster recovery center elsewhere in the country,” said David Neshat, treasurer for Akamai. “Had that not happened, working remotely would not have been an option. Employees wouldn’t have had the ability to logon to emails/ERP systems/HR systems/etc.”
But if work email is down, that’s when treasury needs a “plan B” to communicate. Members of the treasury staff should have each other’s mobile numbers and even personal emails so that they can get in touch with them as needed. It’s also a good idea to have personal contact information for key members of the IT staff, as well as departments that treasury works frequently with, like accounting. “If you can’t reach them through work email, how do you reach them?” Neshat said. “BCP goes back to simple things like that. People should have a folder at home with that contact information.”
Sarah Schaus, assistant treasurer and assistant vice president for Allianz Life Insurance Company of North America and chairwoman of AFP’s Treasury Advisory Group, explained that her company has actually appointed a business continuity management (BCM) team to be the “first line” in any type of black swan event. Should the event last longer than 24 hours, then a second line gets called in. “Everyone knows their accountability before we get into a situation,” Schaus said. “We even make little laminated business cards for people so everyone has the phone numbers of the team that is part of that first line.”
Test it out.
Once you’ve drafted your plan, it is crucial that you test it. If you don’t, how do you really know if it works? Even treasury departments who have strong plans in place often find some aspects need to be tweaked once confronted with a real black swan event. So testing, and testing regularly, is a very important step in implementing BCP.
Schaus noted that Allianz performs regular BCP exercises across the organization, including groups like treasury, investment and operations. “We do tabletop exercises, where we’ll sit in a closed room for three hours and go through a scenario,” she said. “We’ll say, ‘There’s a fire on the fourth floor, it’s noon and no one can get back to their desks or get home.’ Then, the next level is, ‘Now it’s 5:00 at night, these people are stressed and they need to get their kids from daycare. They’re starting to panic.’ So we do all that scenario role playing.”
Be a leader
Although BCP is not, and should not be, treasury’s sole responsibility, it is an area where treasury must be a leader. Again, who better to make sure things stay up and running better than the one function that truly understands the inner workings of the business? Treasury is heavily involved in risk management, is accustomed to taking an analytical approach to address problems and is well-versed in compliance—simply put, treasury a perfect fit for BCP.
For more insights from treasury practitioners, download Business Continuity Planning: Why Treasury Needs a Plan B here.