Published 12 March, 2020
Prepared by Rebecca Exley
Today, the World Health Organisation (WHO), declared Covid-19 to be a pandemic. It certainly wasn’t unexpected news, but what does it really mean? The word “pandemic” describes a disease that is spreading between people in multiple countries around the world, at the same time. Although the WHO qualified its declaration by confirming it does not change their advice, the financial services industry should be prepared for a turbulent, although temporary, period.
The world has seen economies fall over the last few weeks, with world leaders, and businesses, scrambling to limit the impact of public panic and mass media coverage (who has all the toilet paper?!).
This virus will certainly impact our economy, but it will be temporary. But temporary or not, no one will come out unscathed.
What Should Organisations Do?
Disaster Recovery (DR) and Business Continuity Plans (BCP):
All organisations should have an up to date DR and BCP which comes into effect during major events. For those organisations who have yet to implement a DR and BCP, or those who need to update their current DR and BCP, we would suggest carrying out a risk assessment of all business wide risks as soon as possible.
This will include the organisations’ ability to continue to operate effectively, properly service clients, and ensure the wellbeing of their own internal staff and resources. In larger organisations, this may require a cross-disciplinary approach possibly involving human resources, business continuity management, heads of departments and other risk management functions within the organisation.
IT Infrastructure and Cyber Security:
Current IT infrastructure must be appropriately capable of managing staff access outside of the workplace. Staff may be required to self-isolate in the coming weeks and months and it would be prudent to ensure that there is a clear pathway to accommodate that, either by working from home or the use of remote branches where possible.
Remote working does attract risks of its own, and organisations will want to ensure that they have adequate cyber security provisions to ensure the integrity of its reputation, and the information it possess. For example, how would a staff member access the organisations database? Is this access secured? Does the organisation utilise any cloud-based storage? If so, how is access to this managed? In the event of a breach, does the organisation have a clear grasp of their duties in relation to reporting and remedying such breaches?
Health & Safety:
Health & safety is not limited to the office; it extends to the work environment of its staff. In the event that staff would be required to, or wish to, work remotely, the organisation must be confident, through a risk assessment, that their work environment is suitable and safe. Organisations may also wish to consider updating their internal office policy to include topics such as personal hygiene, tracking of employees as to health status and locations, and travel restrictions. Organisations may also be responsible for ensuring that the office, and building, is properly managed in the event of a contamination.
Outsourcing and Alternative Processing Arrangements:
In a world where electronic processing, verification and outsourcing is becoming commonplace, organisations should always have a Plan B in the event that these become unavailable. If an organisation outsources critical functions such as IT, what happens if this becomes interrupted? Does the organisation have alternative processing arrangements for receiving client instructions?
Critical Staff, Succession and Decision Planning:
There will also be key staff who are critical to the operation of the organisation. Most organisations will have a plan in place in the event that some or all critical staff are absent or unavailable, but this should be updated. Organisations should also consider whether a succession plan is necessary for their organisation type. If the current pandemic continues to spread, how and where would these critical staff members work? And what form of transport would they use to travel, if needed?
Final Word:
Luckily for us, REM’s “the end of the world as we know it” is not likely but having a robust set of policies and procedures will certainly make any bumps along the road, more bearable.
We will be continuing to work with our ongoing clients to ensure their policies and procedures cover off major and unexpected events. If you would like more information about our ongoing subscriptions please contact us via firstaid@kitlegal.com.au.