Transcript Business Continuity / Disaster Recovery Panel
Slide 1
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 2
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 3
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 4
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 5
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 6
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 7
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 8
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 9
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 10
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 11
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 12
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 13
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 14
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 15
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 16
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 17
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 18
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 19
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 20
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 21
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 22
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 23
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 24
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 25
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 26
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 27
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 28
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 29
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 30
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 31
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 32
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 33
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 34
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 35
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 36
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 37
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 38
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 39
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 40
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 41
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 42
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 43
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 44
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 45
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 46
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 47
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 48
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 49
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 2
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 3
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 4
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 5
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 6
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 7
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 8
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 9
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 10
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 11
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 12
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 13
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 14
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 15
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 16
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 17
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 18
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 19
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 20
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 21
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 22
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 23
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 24
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 25
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 26
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 27
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 28
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 29
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 30
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 31
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 32
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 33
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 34
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 35
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 36
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 37
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 38
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 39
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 40
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 41
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 42
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 43
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 44
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 45
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 46
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 47
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 48
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org
Slide 49
Business Continuity
/Disaster Recovery Panel
STA Annual Conference 2006
A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by
Franklin Templeton Investments
Wayne Behrens
Director
Business Continuity Planning
Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006
Wilma Agenda
Franklin Templeton Investments
Who was Wilma
Impact of Wilma
What Went Right
Crisis Management Lessons
Business Continuity Lessons
Technology Lessons
Facility Lessons
Franklin Templeton Investments
1. Parent: Franklin Resources Inc.
2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)
Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.
Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.
3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.
What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.
Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.
Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders
Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.
Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.
Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.
Questions?
Franklin’s Approach to
Planning for a Pandemic
Pandemic Agenda
•
•
•
•
•
•
Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover
Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.
Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.
Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies
Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan
7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines
Pandemic Closing
Questions?
All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006
20
Government Services
Energy
Transportation
Water
Critical
Infrastructures
Defense
Industrial
Base
Chemical
Industry
Financial
Services
Public
Health
Emergency
Services
Telecommunications
Agriculture
Food
Postal & Shipping
The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02
re tu rns
F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s
P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .
fu nds
L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt
fu nds
re tu rns
F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .
F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .
F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .
re tu rns
fu nds
B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt
fu nds
S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .
re tu rns
F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s
C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts
Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)
Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)
FBIIC
FSSCC
PUBLIC SECTOR
PRIVATE SECTOR
President’s Working Group
on Financial Markets
Treasury - Lead Agency
(PDD 63)
US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR
Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR
Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission
Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS
The Role for Regional
Public/Private Partnerships
The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry
To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.
Company
Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs
Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues
Business Continuity Planning
Local/Regional
National
Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs
Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt
5/19/2003
2
All Disasters are
Local
How will that jurisdiction prevent, prepare for, and
respond to incidents?
Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms
Regional Partnerships:
Formed and Forming
Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)
RPC FIRST
Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
Council would share best practices
Council would help one another with administrative questions
Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006
The ChicagoFIRST Approach
(formed May 2003)
ChicagoFIRST’s Primary
Objectives
Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community
Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)
LaSalle Bank/ABN AMRO
Northern Trust Bank
Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster
JP Morgan Chase
Members
ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company
Strategic Partners (pg. 1 of 2)
Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association
Strategic Partners (pg. 2 of 2)
Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service
Achieving Our Goals
Formal 911 Center
Seat
Obtained seat at 911 Center in fall 2003
Primarily for government agencies
May use seat when Center is activated
Enhancements to seat at emergency operations center
Set of individuals to staff the seat (with Chicago Fed
help)
Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
Private component of web site created and configured
to provide a message board for posting and recording
critical information
Information about the membership, including critical
locations and essential employees, on the computer at
the seat
Informal Information
Sharing
Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
Spring 2004 information about leaning
transmission tower
August 1, 2004 threats against financial
institutions
LaSalle Bank fire, December 2004
Credentialing and
Evacuations
Credentialing
Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
Illinois Department of Transportation
tabletops in 2004, 2005, and 2006
September 7, 2006 evacuation drill in the
Additional Achievements
Working Groups
Security Working Group
Coordinating training needs and opportunities
Coordinating physical security and options
Piloted NC4 Situation Awareness Service
Power Working Group
Understanding electricity in multi-tenant buildings
Sharing ComEd information among members
Working Groups
Telecommunications Working Group
Educating membership
– GETS
– TSP
– SBC call forwarding
Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network
Working Groups
Pandemic Planning Working Group
Free exchange of HR, legal, & BCP information, without NDAs
Coordinating with state and local health departments
Coordinating with sector-wide efforts
Evaluating hiring a public health advisor for ChicagoFIRST
Tabletop scheduled for November 2, 2006
Working Groups
Public Relations Working Group
Single point of contact for the media
Firms leverage membership with press
ChicagoFIRST increases media understanding
Crisis Communications Working Group
Quarterly tests of the 911 Center procedures
Quarterly tests of Dialogic (notification
data)
Quarterly tests of TeleContinuity and GETS
2004 Milestones
Testified before House Financial Services Committee
on ChicagoFIRST as a partnership
9/11 Commission legislation identifies
ChicagoFIRST as a model
GAO Report on Financial Market Preparedness
praises ChicagoFIRST
Treasury handbook identifies ChicagoFIRST as
model
Tabletop on city’s response to Chicago financial
community
2005 Milestones
Tabletop focused on futures and options markets
Public television features ChicagoFIRST
Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF
2006 Activities
Mutual aid among the members
Credentialing critical supplies like cash
Evacuation drill
City of Chicago camera program
Provided testimony on pandemic preparedness to
the House Financial Services Committee
ChicagoFIRST Model
Works
The model is the partnership approach, not the goals or
organization of ChicagoFIRST
FloridaFIRST covers the entire state, with several
regions
BARC FIRST and SoCal FIRC split California
MN-ISAC has Target, Best Buy, 3M as members
Leverage partnership to encourage public sector information
sharing and improvements
Seats in EOCs
Credentialing
Access protocols for critical supplies
The Value
Proposition
LaSalle Bank fire
Mizuho futures
Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)
Government appreciates single point of contact
NC4 and TeleContinuity
Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org