In a joint initiative the University of Trás os Montes and Alto Douro (UTAD), the Association for the Promotion and Development of the Information Society (APDSI) and Infosistema, conducted a study on “Business Continuity in Banking and Insurance”, between May and June 2013, through inquiries to the managers of these institutions.
This study allowed understanding the organizational effort and the fulfillment of the normative and legal framework, in particular the set of recommendations (Recommendations) on Business Continuity Management issued by the Bank of Portugal (BdP), Securities Market Commission (CMVM) and Portuguese Insurance Institute (ISP). These recommendations were disclosed to bank entities (through Circular Letter 75/2010/DSB of 3 December of BdP) and entities of the insurance sector (through Circular Letter 11/2010 of 11 November of ISP).
UTAD and APDSI and Infosistema are grateful for the participation of all respondents.
The results confirm that most organizations (52) claim to have implemented all the prudential requirements of the circular letter.
The complexity of implementation of Business Continuity Management is presented (to 34% of organizations) as the main obstacle to the development of actions that contribute to the resilience of the institution. The lack of resources is the main barrier to the development of Business Continuity Management of 23% of organizations.
Nevertheless, all institutions claimed to have already approached the subject and 62% have an integrated process in the Organization for Business Continuity management.
Since the function of Business Continuity Management is or should be, an essential business function for Organizations, it is important to attribute responsibilities at the Management level and ensure Business Continuity.
In this context, 20% of the Administrations of institutions show concerns and attribute responsibilities to the CEO for the Management of the Business Continuity program.
At the operational level, 67% of the institutions clearly-allocated responsibilities in case of an incident.