It is September 15, 2008. Two days after the activation of a real crisis committee – convened by the American government in the person of the Treasury Secretary, Henry Paulson, coordinated by Timothy Geithner (at the time, President of the Federal Reserve Bank of New York ) and with the involvement of the top management of all major US banks – during the night, Lehman Brothers Holdings announces the intention to request the protection under Chapter 11, in the event of bankruptcy. The cause? Maintaining large positions in the subprime products and other lower rated securities relating to the securitization of these loans.
History records this event as the biggest failure of bankruptcies world. The consequences are well known: first, there is a block of dramatic proportions in the credit market, followed by a loss of confidence in the stock markets, and – of course – by an unprecedented recession that started in the USA to spread globally in all sectors. A crisis that enters even in popular culture with the best-selling book ‘Too Big to Fail’ by the editorialist of the New York Times Andrew Ross Sorkin, that inspired the homonymous and popular movie. The media all over the world then begin to talk almost exclusively of finance and, in particular, with the advent of the debt crisis in Europe, words such as ‘spread’ and ‘deficit’ become common use even in the pubs of our Country.
Finance is therefore undeniably a Critical Infrastructure, thus making it a key component of the economic and social context whose interruption can be dangerous and severely threaten the integrity of the entire system. For this reason, it must be subject to a level of security such as ensuring the constant continuity of operations. In case of disruption, in fact, in this modern economy so interconnected it would create a series of impacts on investors, businesses and citizens that would be very difficult to limit and even to predict.
Just think of the case of Northern Rock, the fifth British bank in term of dimensions that already in 2007 occupies the headlines – against its will – to the so-called “bank run” of its account holders, now disheartened about the Bank’s ability to cope to their liquidity needs. The episode requested the immediate intervention of the government through the Bank of England to avert a systemic crisis. In more recent times, however, the stage is all for the discussion on the fate of Greece, its banks and the eurozone as a whole. The debates, even very technical, are anyhow involving everyone from large companies to small and medium-sized businesses and ordinary citizens.
It is therefore legitimate to demand the highest level of resilience by systemically important financial institutions, commercial or investment banks and large insurance groups. Various regulations at all levels (national and supranational) are rightly concerned to oblige institutions to respect certain principles of prevention and risk management: as per the Basel Accords, Solvency II, the Circular of the Bank of Italy to the Supervisory Board of the Central Bank European, etcetera. But, is it enough? Of course not, unfortunately.
Due to its relevance and criticality, the credit industry, finance and insurance are sensitive targets of terrorist and criminal organizations and are therefore subject to emerging risks such as those arising from cyber attacks. The Financial System must necessarily progress in the techniques of Crisis Management, taking care to plan, design, implement and test practices and procedures specific to manage adverse events of any kind.
How many financial companies today can say they have a Crisis Plan constantly revised and updated periodically? How many banks or insurance companies perform tests and simulations of crisis scenarios involving also the top management?
The Crisis Management belongs to the strategic level of the Business Continuity Management System and is therefore a matter for the top management of a company. Only the leaders, in fact, can bear the burden of making complex (and expensive) decisions, in crisis conditions when the information available are poor and inaccurate in most cases. This is a very important point to understand and on which too often confusion still exists: the figure of the Business Continuity Manager or Crisis Manager should play the role of facilitator in direct support of the CEO, but it is not a decision maker in the crisis. The responsibilities in the case of critical event do not change, if anything, they are reinforced. The Crisis Managers have to worry – in prevention of course – to prepare the company for the possibility of a crisis. In order to achieve it, they need to work to eliminate as much as possible any complexity with the beneficial results for the organizational efficiency and effectiveness of the response.
Simplicity is the key, the preparation is the tool and continuity is the objective. Because as Winston Churchill said: “If you’re going through hell, keep going.”