Slide 1

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 2

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 3

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 4

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 5

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 6

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 7

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 8

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 9

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 10

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 11

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 12

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 13

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 14

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 15

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 16

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 17

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 18

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 19

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 20

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 21

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 22

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 23

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 24

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 25

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 26

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 27

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 28

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 29

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 30

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 31

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 32

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 33

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 34

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 35

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 36

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 37

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 38

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 39

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 40

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 41

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 42

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 43

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 44

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 45

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 46

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 47

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 48

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org


Slide 49

Business Continuity
/Disaster Recovery Panel

STA Annual Conference 2006

A High Level Summary of the
Lessons Learned
from Hurricane Wilma
by

Franklin Templeton Investments

Wayne Behrens
Director
Business Continuity Planning

Prepared for the
2
Securities Transfer Assocation
Amelia Island Meeting on Oct 20, 2006

Wilma Agenda
 Franklin Templeton Investments
 Who was Wilma
 Impact of Wilma
 What Went Right
 Crisis Management Lessons
 Business Continuity Lessons
 Technology Lessons
 Facility Lessons

Franklin Templeton Investments
1. Parent: Franklin Resources Inc.

2. Approx 500 Billion in Assets Under
Management
3. Major Brands
A. Franklin
B. Templeton
C. Mutual Series
D. Fiduciary Trust
E. Darby Overseas
F. Bisset (Canada)
4. Employees: Approx 8,000 in 29
countries. In the Florida Area:
A. St. Petersburg (1,200+)
B. Ft. Lauderdale (466)
C. Nassau (49)
D. Miami (16)

Who the Heck was Wilma?
1. Hurricane Wilma is the lesser
known cousin of Katrina. However,
Wilma was the most intense
hurricane ever recorded in the
Atlantic basin. It devastated parts
of the Yucatán Peninsula as well
as southern Florida.
2. There were 62 deaths attributed to
Wilma and damage is estimated at
$12.2 billion in the U.S., making
Wilma the sixth costliest storm in
U.S history.
3. When Wilma reached Ft.
Lauderdale, she was a category 2
hurricane with sustained winds of
110 mph to 130 MPH.

Impact of Wilma on Franklin
1. Wilma reached Ft. Lauderdale early Monday
morning, October 24th. By Monday
afternoon, we had received preliminary
damage assessments indicating that
hundreds of windows primarily on the north
west section of the building were blown out.
2. We were unable to occupy the building from
October 24 through November 18.

3. No loss of life and no injuries to employees.
Some damage to a few employee’s homes.
Many employee’s homes were without
power for days or weeks.
4. 500 employees were impacted, with over
230 being relocated to other sites: Toronto,
St. Petersburg, Miami, New York, Short
Hills, San Mateo, and Rancho Cordova.

What Went Right
1. In general, our Crisis Management, Business Continuity and Technology
Disaster Recovery plans worked well.
2. Wilma caused virtually no disruption to our customers.
3. The Ft. Lauderdale Emergency Management Team took charge of the situation
in Ft. Lauderdale.
4. All business units were able to follow
their business continuity plans and
recover their operations.
5. Technology operations were restored to
include two critical applications.

Crisis Management Lessons
1. When the local Emergency Management Teams (EMT’s) are in the midst of the
incident and working literally in the dark, they do not always have the ability to
fully coordinate the recovery of business operations away from the site.
2. Each of the major roles in our crisis management teams need to have a specific
checklist.
3. We need to put in place a pre-plan
to track and deal immediately with
the relocation of employees to other
sites.
4. You cannot over communicate.
Despite the fact that we tried very
hard to be proactive on
communicating to our employees,
we still heard a number of
complaints in this area.

Business Continuity Lessons
1. Over 40 laptops were left in the FTL office when the hurricane hit. There had
been so many hurricane threats during the year that many employees did not
feel that Wilma would really hit or cause this much damage if it did.
2. The standard for Business Continuity
Plans needs to be expanded to
address a month long outage:
A. Shifting work to alternate sites for
the first 3-5 days without moving
employees
B. Plan for an incident to last over a
month to include a month end
3. A number of issues arose in regards
to employees:
A. Pay during the outage
B. Childcare and school closures
C. Bonus for extraordinary efforts
D. Relocation of children & elders

Technology Lessons Learned
1. We were surprised by the number of business units that still relied upon hard
copies of faxed documents to stand alone fax machine. We have worked on a
better process and documentation of FAX rerouting requirements.
2. Better written procedures for forwarding 800 numbers.
3. There is a desire from the business
for a better disaster recovery
solution for email and Blackberry
servers.
4. Environmental monitoring of server
rooms needs to be tied into a
central control point to insure it is
remotely accessible.

Facilities Lessons Learned
1. We should have drilled more rigorously on damage assessments. For the first
couple of days, the damage assessments were verbal and led us to believe
the damage was much more extensive than it was. It turned out only 15% to
20% of the work areas were damaged.
2. Conversely, our repair and re-occupancy time estimates were wildly optimistic.
Based on initial reports, we planned
for a week long disruption. We were
out for almost a month.
3. Need to have working knowledge
prior to the incident of what local
agencies will require to re-occupy a
building.
4. Keep in mind the fire marshal and
the building inspectors are not
always in sync.

Wilma Closing
In the end it was the
knowledge, flexibility and
perseverance of our people
who really carried the day
and made the recovery a
success.

Questions?

Franklin’s Approach to
Planning for a Pandemic

Pandemic Agenda
•
•
•
•
•
•

Goal of this presentation
Likelihood of a Pandemic
Basic Business Continuity Strategy
Why plan
How will a pandemic differ
Basic elements of our plan
– Crisis Management
– Business Continuity Planning
– Technology
– General Services
– Human Relations
– Corporate Communications
• What our plan does not cover

Pandemic Background
1. Goal: To provide an overview of Franklin’s current approach and thinking in
regards to planning for a possible Pandemic.
2. Likelihood of a pandemic occurring: The question is more like earthquakes in
California. It is not a question of if, but rather when and how bad. Some data
points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good
data on frequency or severity.
3. Strategy: Our basic disaster
planning strategy is to shift
our operations to other
sites for 3 to 5 days, after
which we will then need to
start to shift people to
alternate sites. However,
this will not work in a
pandemic situation.

Pandemic Background (Continued)
4. Why plan if civilization is going to collapse:
We used a “reasonable worst case scenario”. A scenario which we think is
likely to occur. This is not a worst case scenario which anticipates the general
breakdown of society and services.
5. How will a pandemic differ from our “normal
incidents:
- Many sites are likely to be impacted
at approximately the same time
- Will not be able to shift people
between sites
- Site might be impacted, but not
incapacitated
- Sites affected for months not hours
- Affects people directly not facilities or IT.
- Employees may choose not to come to
work.
- No clear beginning or end.

Pandemic Plan Outline
Our pandemic plan is broken down into:
1. Crisis Management:
- Framework to address a pandemic
- Tabletop exercises
2. Business Continuity Planning:
- Guidance to business units on how
to review their business continuity
strategies and workflows against a
pandemic type scenario
3. Technology
- Steps to reduce the impact of a
pandemic on our data centers
- Increased remote work capabilities
- Reviewing other strategies

Pandemic Plan Outline (Continued)
4. General Services
– Best practices for employee hygiene program and procedures for facility
managers to follow in the event of a pandemic
5. Human Relations
– Global HR policy framework to provide recommendations to local HR
groups to address issues that are likely to arise in a pandemic
6. Corporate Communications
– Integrated communication plan

7. Plan Does not currently include:
- PPE such as Masks gloves, Etc.
- Antiviral Drugs such as Tamiflu
- Vaccines

Pandemic Closing

Questions?

All Disasters are Local:
Regionalizing Business
Continuity
Securities Transfer Association
2006 Annual Conference
Brian Tishuk
ChicagoFIRST Executive Director
October 20, 2006

20

Government Services

Energy

Transportation

Water

Critical
Infrastructures

Defense
Industrial
Base

Chemical
Industry
Financial
Services

Public
Health
Emergency
Services

Telecommunications

Agriculture

Food
Postal & Shipping

The Financial Sector
O V E R V IE W O F T H E U S F IN A N C IA L S Y S T E M
A s of June 3 , 20 02

re tu rns

F inan c ial sec tor
assoc iation s an d
tr ad e g ro up s

P riv ate se c tor
c he c k s an d
b alan ce s
a udit,
ra tin g a ge nc ie s,
pub lic disc losure ,
e tc .

fu nds

L e nd e r s/In ve stor s
individua ls, firm s,
gov ernm e nt

fu nds
re tu rns

F inan c ial m a rk e ts
se cu ritie s an d futures
m a rkets, O T C m a rke ts , e tc .

F inan c ial instru m e nts
se cu ritie s, futures,
a nnuities,
loa ns, d eriva tive s,
C P , FX , e tc .

F inan c ial inte rm e diar ies
ba nks, insura nc e c om pa nie s,
sa vings institutio ns,
broke r/d ea le rs, FC M s, e tc .

re tu rns
fu nds

B or r ow e r s/Issu e r s
individua ls, firm s,
gov ernm e nt

fu nds

S up e rv ision &
R e gu lation ,
T r e asur y
an d C e n tr al
B an k fu n ction s
T re a su ry,
F ed , SE C ,
OCC, CFTC,
F D IC , O T S ,
N C U A , S ta te
insura nc e &
fina ncial
m a rket
a uthoritie s,
S R O s, e tc .

re tu rns

F inan c ial utilitie s: pa ym en t, c lea ring & settle m e nt.
S er vic e pr ovid e r s

C r itica l p u blic utilitie s an d ser vic e s: T e le c om m unic a tions, po w e r, tra nsportation, pu blic sa fe ty,
insura nc e c om pa nie s as re c ove ry a ge nts

Federal Financial
Partnership
Financial and Banking Information
Infrastructure Committee (FBIIC)
(formed January 2002)

Financial Services Sector Coordinating
Council (FSSCC)
(formed June 2002)

FBIIC

FSSCC

PUBLIC SECTOR

PRIVATE SECTOR

President’s Working Group
on Financial Markets

Treasury - Lead Agency
(PDD 63)

US Treasury
Assistant Secretary for
Financial Institutions
FBIIC CHAIR

Assistant Secretary for
Financial Institutions
SECTOR LIAISON
Rhonda MacLean
SECTOR COORDINATOR

Financial and Banking Information
Infrastructure Committee
(FBIIC)
US Treasury Department
Commodity Futures Trading Commission
Conference of State Bank Supervisors
Federal Deposit Insurance Corporation
Federal Housing Finance Board
Federal Reserve Board of Governors
Homeland Security Council
National Association of Insurance
Commissioners
National Credit Union Administration
New York Federal Reserve Bank
Office of the Comptroller of the Currency
Office of Federal Housing Enterprise Oversight
Office of Thrift Supervision
Securities and Exchange Commission

Financial Services Sector Coordinating
Council
for CIP/HLS
Financial Services Trade Associations
& Institutes
New York Stock Exchange
The Clearinghouse
FS/ISAC
Securities Industry Automation Corporation
The Options Clearing Corporation
ChicagoFIRST
NASDAQ
AMEX
ASIS

The Role for Regional
Public/Private Partnerships

The Missing Piece
Protecting the financial services sector requires collaboration at all
levels of business.
Industry

To increase the
resilience of financial
services in the event
of a regional disaster
in collaboration with
the city, state, and
federal agencies.

Company










Pro tect intellectual ca pita l
Pro vide contingen cy workspace
Pro tect executive lead ership
Per form thr eat and vulnera bility
assessments
Prio ritize recovery of a ll b usin ess
function s
Test business continuity response
and recover plans
Consider alternate sites for
ope ratio ns
Harden physical security
Consider sharing recovery solutions
with trusted pa rtne rs









Incr ease aware ness amongst
participants
Coordin ate per iodic test of ba ck-up
networks and facil ities
Coordin ate emerge ncy co ntact
information
Sha re b est practices a mo ngst
members
Pro vide reg ulatory and leg isla tive
support for indu stry issues

Business Continuity Planning

Local/Regional




National




Re-orga nize security of na tion un der the
Department of Homela nd Security
Allo cate resources to protect nati onal
infrastru cture
Pro vide intellig ence to private ind ustry
through ISACs

Coordin atio n with city and sta te authorities
Region specifi c ta ble-top/simulation exercises for threa t assessme nt
Telecom traffic assessme nt

5/19/2003

2

All Disasters are
Local








How will that jurisdiction prevent, prepare for, and
respond to incidents?

Do your business continuity plans incorporate
government response plans?
How can coordination be fostered among jurisdictions?
Regional partnerships can strengthen the
business continuity plans of participating firms

Regional Partnerships:
Formed and Forming


















Miami (FloridaFIRST)
San Francisco (BARC FIRST; Bay Area Response Coalition)
Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition)
Minneapolis (MN-ISAC; MN Security Board)
Tampa Bay Region of FloridaFIRST
HoustonFIRST
PhiladelphiaFIRST
ColumbusFIRST
Alabama Recovery Coalition for the Financial Sector
Chicago (ChicagoFIRST)
Washington, DC
Detroit
Alaska
Seattle
Jacksonville
Las Vegas
New Orleans (still thinking about it)

RPC FIRST








Fostering Collaboration among Partnerships
ChicagoFIRST leading the formation of a Council
 Council would share best practices
 Council would help one another with administrative questions
 Council can plug into FSSCC
RPC = Regional Partnership Council
FIRST = Financial Industry Resilience, Security, and Teamwork
Formed in early 2006

The ChicagoFIRST Approach
(formed May 2003)

ChicagoFIRST’s Primary
Objectives


Obtain a seat at Chicago's 911 Center in the event of a
crisis that affects Chicago's financial community




Create permits/passes for essential personnel to safely
access business facilities in the event of a general
evacuation of the city (credentialing)




LaSalle Bank/ABN AMRO

Northern Trust Bank

Develop and communicate standard evacuation
procedures for industry personnel to exit city limits in the
event of a disaster


JP Morgan Chase

Members













ABN AMRO / LaSalle Bank
Allstate Insurance Company
Aon
Archipelago
Ariel Capital Management
Bank of America
Chicago Board Options Exchange
Chicago Board of Trade
Chicago Federal Home Loan Bank
Chicago Mercantile Exchange
Chicago Stock Exchange
Fidelity National Financial
















Global Electronic Trading
Company
Harris Bank
JP Morgan Chase
Man Financial
Mesirow Financial
Mizuho Securities USA
Northern Trust
The Options Clearing Corporation
PrivateBank and Trust
UBS
Washington Mutual
William Blair & Company

Strategic Partners (pg. 1 of 2)













Chicago Office of Emergency Management and
Communications
Chicago Police Department
Commodity Futures Trading Commission
FBI / InfraGard
Federal Deposit Insurance Corporation
Federal Emergency Management Agency
Federal Reserve Bank of Chicago
Financial and Banking Information Infrastructure Committee
Financial Services Information Sharing and Analysis Center
Financial Services Roundtable / BITS
Financial Services Sector Coordinating Council
Futures Industry Association

Strategic Partners (pg. 2 of 2)















Great Lakes Partnership
Illinois Department of Financial and Professional Regulation
Illinois Emergency Management Agency
Illinois State Police
Illinois Terrorism Task Force
National Futures Association
Office of the Comptroller of the Currency
Securities and Exchange Commission
Securities Industry Association
United States Attorney’s Office for the Northern District of
Illinois
United States Department of Homeland Security
United States Department of the Treasury
United States Secret Service

Achieving Our Goals

Formal 911 Center
Seat




Obtained seat at 911 Center in fall 2003
 Primarily for government agencies
 May use seat when Center is activated

Enhancements to seat at emergency operations center
 Set of individuals to staff the seat (with Chicago Fed
help)
 Handbook with protocols for using the seat, activating
our crisis communicator, and contact information
 Private component of web site created and configured
to provide a message board for posting and recording
critical information
 Information about the membership, including critical
locations and essential employees, on the computer at
the seat

Informal Information
Sharing



Seat at 911 Center will be used rarely
But the relationships with the city and state are
invaluable
 Spring 2004 information about leaning
transmission tower
 August 1, 2004 threats against financial
institutions
 LaSalle Bank fire, December 2004

Credentialing and
Evacuations


Credentialing
 Discovered city and state each seeking
credentialing systems, but not coordinating
City adopted credentialing pilot in which
ChicagoFIRST participates
Evacuations
 Illinois Department of Transportation
tabletops in 2004, 2005, and 2006






September 7, 2006 evacuation drill in the

Additional Achievements

Working Groups




Security Working Group
 Coordinating training needs and opportunities


Coordinating physical security and options



Piloted NC4 Situation Awareness Service

Power Working Group
 Understanding electricity in multi-tenant buildings


Sharing ComEd information among members

Working Groups


Telecommunications Working Group
 Educating membership
– GETS
– TSP
– SBC call forwarding


Surviving a central office failure
– TeleContinuity
– LEMKO
– Sprint IP network

Working Groups


Pandemic Planning Working Group
 Free exchange of HR, legal, & BCP information, without NDAs


Coordinating with state and local health departments



Coordinating with sector-wide efforts



Evaluating hiring a public health advisor for ChicagoFIRST



Tabletop scheduled for November 2, 2006

Working Groups




Public Relations Working Group
 Single point of contact for the media
 Firms leverage membership with press
 ChicagoFIRST increases media understanding
Crisis Communications Working Group
 Quarterly tests of the 911 Center procedures
 Quarterly tests of Dialogic (notification
data)
 Quarterly tests of TeleContinuity and GETS

2004 Milestones


Testified before House Financial Services Committee
on ChicagoFIRST as a partnership



9/11 Commission legislation identifies
ChicagoFIRST as a model



GAO Report on Financial Market Preparedness
praises ChicagoFIRST



Treasury handbook identifies ChicagoFIRST as
model



Tabletop on city’s response to Chicago financial
community

2005 Milestones


Tabletop focused on futures and options markets



Public television features ChicagoFIRST





Fund Illinois Terrorism Task Force (ITTF) video for
the citizens of Illinois
Co-chair Private Sector Committee of the ITTF

2006 Activities


Mutual aid among the members



Credentialing critical supplies like cash



Evacuation drill



City of Chicago camera program



Provided testimony on pandemic preparedness to
the House Financial Services Committee

ChicagoFIRST Model
Works




The model is the partnership approach, not the goals or
organization of ChicagoFIRST
 FloridaFIRST covers the entire state, with several
regions
 BARC FIRST and SoCal FIRC split California
 MN-ISAC has Target, Best Buy, 3M as members

Leverage partnership to encourage public sector information
sharing and improvements
 Seats in EOCs
 Credentialing
 Access protocols for critical supplies

The Value
Proposition


LaSalle Bank fire



Mizuho futures



Cooperation vs. competition on employee safety
and business continuity (mutual aid established
after the fire)



Government appreciates single point of contact



NC4 and TeleContinuity

Contact
Information
Brian Tishuk
Executive Director
ChicagoFIRST
312-322-4441
[email protected]
www.chicagofirst.org