The Democratic National Convention has provided Boston-area banks with an excellent opportunity to test their business continuity and disaster recovery procedures against a known disruption.
For starters, the closures of a major highway, subway stop and commuter rail station have caused disruption to ordinary commuting patterns for bank employees. "We have been getting some notification from institutions that are in the particular area that are going to be changing their hours or closing on certain days," said David Cotney, senior deputy commissioner, Massachusetts Division of Banks, last week.
Other challenges for bank operations managers have included restocking ATMs, delivering cash to branches and communicating closure information to bank customers.
Financial institutions with the ability to schedule around the convention have done so in great numbers. "In talking to most of our clients, either in institutional banking or non-retail financial services, we're seeing people with much lighter loads of staff, or encouraging vacations," says Jerry Brady, chief security officer, VeriSign (Atlanta, Ga.).
Even banks not in the immediate vicinity of the convention site have had to adjust their operations so as to ensure their ability to get items to the Federal Reserve Bank of Boston in a timely manner. "We plan on adding an additional, earlier run to the Fed, so that at least we get the bulk of it in," says Dean Kenney, senior vice president and treasurer for Chart Bank (Waltham, Mass.; $225 million in assets).
Other than that, there's not a lot more that Chart Bank can do that it hasn't already done as part of its overall business continuity planning. "One of our branches is fully capable of running the entire bank instead of the headquarters," says Kenney. "We've had that set up for the past couple of years."
Also, Chart Bank uses a Web-based application from Strohl Systems (King of Prussia, Pa.) that documents all of the organization's disaster recovery procedures and provides employees with easy access to crisis management resources if needed. "The people who are authorized to do so can look and see exactly what they should be doing, no matter where they are," says Kenney.
In the run-up to the Democratic Convention, it has been prudent to check the plans one more time. "We're reviewing all of our contingency plans in case there's some other type of disaster that could occur, although we don't anticipate anything," says Kenney.
But given the high visibility of the conventions, the professional worriers have been putting in late nights. "Everybody definitely is on heightened alert," says Belinda Wilson, executive director of business continuity services for HP (Palo Alto, Calif.) Americas.
Indeed, one of HP's customers in the telecom industry declared a disaster as a pre-emptive measure and will have a fully redundant backup system on standby at HP's mobile site in Dallas.
Also, information security professionals have been keeping a sharp lookout for any signs that a cyber-attack might be launched to coincide with physical disruption to the convention. That's an example of the industry taking a multidimensional approach to thinking about potential attacks.
So far, so good. "As far as I've been able to tell, checking the ISAC [Information Sharing and Analysis Center] that's used by the financial services industry for distributing threat information as well as vulnerability information and the like, they're not really anticipating that the conventions themselves will pose a special threat," says Mark D. Rasch, Esq., senior vice president and chief security counsel, Solutionary (Omaha, Neb.), a managed security services provider.