With swine flu vaccination for millions of 'at risk' people in the UK starting recently, in anticipation of a second wave of the H1N1 virus in the winter, and the World Health Organisation officially declaring it a pandemic, many financial institutions could find their business continuity plans being tested to the full. Philip Hunter looks at how ready the financial services sector is and what technologies, such as home working, might help firms cope with absent workers

The FSA called on banks, insurers and others to assess their contingency plans in summer 2009, in light of the swine flu outbreak, and the UK regulator is urging firms to learn the lessons from a six-week mock exercise that it ran back in 2007 for bird flu which found that absence rates of 60 per cent could hit some financial institutions, closing branches and leaving cash machines empty. The watchdog has already contracted the 'high impact' firms, including infrastructure firms that run payment systems and the like, to ascertain what impact the first wave of H1N1 swine flu had over the summer of 2009 and the sector's readiness for the expected second wave this winter. Firms have been warned that they need to revise their business continuity and disaster recovery plans accordingly to take into account the specific threat posed by a pandemic, with regulator perhaps worried that too much emphasised has been placed on surviving terrorism, fore or flood and some re-focusing of plans may be required.

Many financial institutions have been racing against time to shore up contingency plans ahead of the return of swine flu with the cold weather. So far, the rate of infections has not reached the UK peak of 100,000 per week in July but that could change in this fast developing situation and one trend that is already clear is that the second wave appears to be more deadly than the first, with more people severely affected and 183 people dead as we go to press, but less overall numbers are being affected so far, suggesting perhaps some immunity has been built up, vaccinations are working and the winter second wave will not be a tsunami.

Unlike locally confined disasters, such as fire, swine flu still threatens to disrupt services upon which financial firms rely, notably transport, as well as keeping staff at home directly through illness. Either way the potential impact cannot be ignored as it threatens to disrupt critical processes through absenteeism, especially in the light of Department of Health advice to stay out of contact with other people while you're infectious, effectively forcing people to stay home. The result is that even people only experiencing mild symptoms won't come into work for several days, even if swine flu is only suspected - it is rarely confirmed clinically.

This pinpoints the most pressing problem, which is being able to support home working on a much larger scale than usual. This is something many firms just are not prepared for, according to Neil O'Connor, principal consultant at IT security and disaster planning consultancy, Activity IM. "A financial institution's pandemic plan will often at least partly be based on the use of remote access, so that people can work from home," he says. "However, this will not be very effective if remote access solutions are not sized for the numbers of remote workers involved. There is a big difference between supporting occasional remote or home working, and having a large proportion of the workforce working remotely."

Home working
Supporting remote working brings several challenges. One common issue is the need to ensure that the network infrastructure can cope, and that users - along with critical processes - receive adequate performance even when there are unusually large numbers working from home. This requires prior simulation or stress testing of the infrastructure to assess whether it will hold up under the strain, along most probably with measures to boost capacity or performance, says James Hall, marketing director at Teneo, an infrastructure optimisation vendor.

Given that home workers will rarely have access to a private network, the key to maintaining performance lies in Wide Area Network (WAN) optimisation, plus a cocktail of techniques designed to reduce data traffic volumes and delays. Teneo is an advocate of Riverbed WAN optimisation technology, as one of its reseller partners, and claims its technology has been implemented by a number of banks and insurance companies, working across several levels. Its products can reduce unnecessary data transmission by breaking files into small chunks and only sending the parts that have changed. Then at the level of the TCP/IP protocol it cuts the end-to-end path into shorter segments so that when an IP packet needs to be retransmitted for any reason it only has to be resent over a relatively short hop, reducing delay. This cuts down traffic and keeps the network clear, an important consideration when half of your staff might be at home.

Such measures provide the underlying transport for home working, but steps have to be taken at a higher level as well, including managing remote devices. "Remote monitoring tools for your IT team will save time, money and frustration and can eliminate physical routine maintenance trips to offsite locations," adds Hall.

Accessing applications
Work applications, many of which are not typically deployed on home PCs, particularly in the case of trading solutions on the wholesale markets, will also need to be accessed by those stuck at home with swine flu. Products are emerging here though, such as BT's ITS Anywhere software trading turret, which can be accessed via a standard web browser over an Internet connection. Such products raise new issues though, such as simulating the buzz of a real trading environment. As Ben Burgess, sales director for BT's global banking and financial markets group admits: "We are exploring tighter integration with other applications such as video and messaging, to provide a more interactive [and real to life] trading environment. The developments we are working on at the moment could represent a new way for traders, and those that support them, to collaborate and manage access to the applications they use every day."

But for many financial institutions there is another hurdle to overcome which is more specific to them than other sectors - namely, the need to ensure compliance with strict regulatory guidelines. Here too BT thinks it can help. "ITS Anywhere can be recorded using the system connected to the ITS Recorder and the logs created by ITS Anywhere clearly identify which user made which call - all ITS Anywhere calls will be recorded." This is useful in the trading environment but can also be replicated for sales calls emanating from retail banks to ensure agents are complying with the FSA's Treating Customer Fairly stipulations, for instance, or any one of a number of other regulations. The point is that internal continuity policies have to take into account the relevant regulatory issues and appropriate technologies and processes are deployed to ensure compliance. Just because someone's working from home doesn't mean that record keeping rules or other stipulations don't apply.

Any plan will only work if it takes account of human as well as technological factors, says Thierry Charvet, marketing director, trading solutions, Orange Business Services. "If a company only looks at technical measures, their Business Continuity Planning (BCP) won't succeed," he says. "Firms must also look at people issues and think about how they would, for example, integrate temporary staff to cover traders, insurance agents or branch staff who are too ill to work from home. Institutions must also ensure they have the correct processes and operations in place so that BCP works effectively and employees know exactly how to behave if a plan is activated.

Outsourcing
Swine flu has perhaps done a service by underlining one fundamental aspect of BCP, which is avoiding single places of vulnerability by distributing IT operations across two or more sites, using outsourcers if necessary. Furthermore, locating IT offsite greatly reduces dependency on your in-house staff, and therefore provides some protection against absence through sickness or inability to get to work.

"Firms that keep all IT systems in-house are particularly vulnerable to the swine flu pandemic," believes Robin Ellis, group commercial director, Blue Square Data, who specialise in co-location data centre provision. "Banks may have plans in place to back up data, but these systems need to be maintained by in-house staff. If the business is hit by a swine flu outbreak, and staff are forced to work from home this is where the company's BCP will be tested. If IT staff are unable to access the servers for maintenance or backup purposes due to illness, then the plan will have failed." As ever though, any outsourcing undertaken by financial institutions will require
strong Service Level Agreements (SLAs) to ensure adequate performance and regular reviews - in the case of preparing for H1N1 flu it'll also need close planning co-operation and scenario testing.

Ellis urges firms to revise their plans so that as much of their core IT infrastructure as possible is located offsite. But this is not of itself a panacea and should not be undertaken blindly, for any offsite data centre also has to be run by people who themselves may go done with swine flu. The old principle therefore applies - make sure that your provider of IT services also has a robust plan to cope with swine flu or any other disaster.

Management
Unlike other disasters, swine flu raises some unique issues relating to staff management. One question is whether firms should encourage or pay for staff to be given the H1N1 vaccine now that is becoming available. "We know that some of our FS clients are proposing free vaccinations for their staff but it doesn't seem to be the majority of them," says Orange's Charvet, who argues that such decisions should be left to individuals.

Not surprisingly given the sensitivity about this issue many firms are coy about discussing their plans for staff vaccination, and indeed are reluctant to discuss their swine flu strategies at all. The Bank of England declined to enter into details but pointed out that it had conducted a market-wide simulation of the potential impact of swine flu if it became much worse, and that it has incorporated findings within its own pandemic planning. The Bank also said it had formed a cross market swine flu group to provide a forum for business continuity practitioners across the financial sector to respond to the outbreak and continue to prepare for the expected peak in cases during this 2009/2010 winter season. This mirrors the FSA work with 'high impact' firms over the summer. As the expected second wave hits the UK, with its degree of severity yet to be ascertained, it is to be hoped that these preparations and the work of business continuity managers at financial institutions up and down the land will be enough to ensure 'business as normal'. Homeworking technologies will certainly have a role to play in ensuring the sector gets as close as possible to this ideal in the fight against the flu.

Share Story: