The COVID-19 pandemic’s impact on lives, livelihoods, economic stability and business continuity (for small enterprises particularly) continues to be overwhelming. But, in contrast to the financial crisis of 2008, the pandemic is not a financial industry-driven event. This time around, the industry has been a critical part of the solution rather than part of the problem.
At the onset of the pandemic response, financial services workers were among the identified “essential critical infrastructure workers” called upon to help state and local officials protect their communities and ensure the continuity of functions critical to public health and safety, as well as economic and national security. This designation, confirmed in a letter from the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security, is a remarkable turn for an industry whose operational resilience – ability to maintain and provide important business services in the face of severe-but-plausible events – has been a focal point of financial regulators since the 2008 financial crisis and following a series of major technology outages in recent years.
Since March, the financial industry has kept markets open, provided businesses with much-needed liquidity, ensured payments were made on time and access to critical services remained uninterrupted. The delivery of important business services was maintained even as firms had to take extraordinary measures to protect the health of their employees and customers, comply with stay-at-home orders, manage unprecedented volumes of trading activity and mitigate a significant escalation in third-party and cyber-related risks. A few large institutions experienced disruptions while moving outsourced activities to offshore locations or with reshoring offshored activities quickly, given the speed to which those actions needed to be completed and the need to maintain access and keep up with the volume of activity. Others quickly and successfully switched to alternative third-party providers for essential services that had been disrupted, preventing the brief dislocation from becoming a business-impacting event.
Financial firms’ pandemic playbooks, some honed more than a decade ago, provided a roadmap for dealing with work-from-home (WFH) scenarios. The only real challenge was doing it at scale. Investments in technology enablement tools in recent years helped smooth the course, but that had some limits. In certain places like India, some firms had to extend technology infrastructure to “the last mile,” meaning, to homes in remote areas. Enabling connections for video conferencing capabilities and other ways of remote access and workplace collaboration faced similar challenges.
Unlike other operational resilience events, such as a major cyber event or IT-related outages, the pandemic was slow-moving, meaning the industry and individual firms had some advance notice. At the same time, it was symmetrical in its impact, meaning market participants were hit in the same manner, with the difference in severity being determined by an individual firm’s degree of preparedness or ability to provide contingencies, WFH arrangements.
Against this still developing backdrop, the pandemic has taught the industry a few things about resilience. These characteristics of a resilient firm are more essential than ever before:
- Ability to respond rapidly
- Ability to bring third parties into the information-sharing network
- Ability to learn from mistakes or failures
To improve its resilience in the post-pandemic period, the industry should learn from both the successes and failures of the firms’ pandemic crisis management. Firms that did things particularly well should not be complacent – for one, no one is completely out of the woods just yet. In fact, the Federal Reserve’s May 2020 financial stability report notes that while financial regulatory reforms adopted since 2008 have substantially increased the resilience of the financial sector, “the financial system nonetheless amplified the market shocks [associated with COVID-19], and the sectors’ vulnerabilities are likely to be significant in the near term.”
As the crisis wanes and firms consider various strategies for returning employees to the workplace, here are some considerations that are top of mind for resilience leaders:
- All firms had to scramble to enhance their digital tools to support operations in areas where they may not have prioritized investment in the past. Leveraging this experience is an opportunity.
- Security and privacy risks, as well as risks related to supply chain and third-party interdependency need to be revisited and re-tested with a resiliency lens.
- The breath and extent of remote access – and the success of it – in response to COVID-19 has forced firms to reconsider WFH policies. Although the event has shown that much work can be performed remotely, many critical business and operations functions do require physical presence. Also, a number of resilience leaders indicate that their business models and culture still require physical interaction of high-performing teams, and that a full WFH scenario could reduce innovation over time. Our sense is that, in the end, the industry will settle on a hybrid model but whatever the case may be for each organization, this is the time to do a post-mortem of what went well and what didn’t with respect to WFH.
The range of operational risks accentuated by the pandemic is evolving but these considerations stand out in our interactions with resilience leaders. We will have more to discuss as we learn more. For now, it is important to not let the opportunities created by the crisis go to waste. The adage “the absence of failure is not evidence of success” should be an important guiding principle for ongoing vigilance.