The news last week that JP Morgan had made trading losses of $2 billion in just six weeks has been greeted by the usual exclamations of surprise – how could this possibly occur in such a well regarded institution?  Clearly this particular incident cannot be attributed to a single ‘Rogue Trader’ but already much of the media reporting has focused on the colourful characters involved in the saga such as ‘The London Whale’!

Whilst this type of reporting suggests that each incident is a totally unique event, the likelihood is that when more is known there will be found to be many similarities to other recent banking disasters such as Barings, Allied Irish and SocGen.  One of the key themes in all of these crises is the way in which warning signs are ignored or misunderstood; and already JP Morgan’s CEO has admitted that he was “dead wrong” in April to dismiss concerns over the bank’s trading practices.  Despite the huge publicity surrounding each of these events, banks seem unable (or unwilling) to learn this simple lesson.

Legoland in Windsor was closed today due to an electrical fault.  Whilst this was clearly not the fault of the park, there has been criticism of Legoland’s failure to communicate effectively with customers: visitors are quoted on the BBC website saying that they sat in a queue of traffic for an hour before being told that the park was shut.  It is not clear at this stage if the failure to communicate was because the park’s management thought the disruption was temporary, and therefore delayed putting a message out; or if they just have no crisis communications plan.  Either way, there has been a significant cost to the business in terms of negative publicity.

It is particularly unfortunate that this should happen on a bank holiday weekend when large numbers of visitors would be expected.  It does serve as a reminder though of the importance of taking into account the ups and downs of the business cycle when conducting a Business Impact Analysis.

There has been extensive coverage this week of the ongoing power cuts at Edinburgh Royal Infirmary; including an incident in March when a patient was under general anaesthetic when the power failed and the operation had to be finished by torchlight.  Intriguingly, in the course of commending the staff involved for completing the operation in such difficult circumstances; NHS Lothian’s Medical Director attributes their success to the existence of “Well-rehearsed business continuity plans.”  I would suggest, in stead, that the incident demonstrates a serious absence of business continuity planning, particularly a failure to address the resilience of key suppliers (in this case the facilities management company).  Moreover, the fact that this is one of a series of such incidents brings into question the Trusts’s ability to learn for incidents – another key component of business continuity.

There was widespread reporting yesterday of a plan for Severn Trent to supply water to its drought-hit neighbour, Anglian Water.  Whilst there are still some regulatory issues to be addressed, the mere offer of help serves to highlight the whole issue of mutual support arrangements as a means of improving business resilience.

Overall, our experience would suggest that mutual support is a much neglected business continuity strategy, and that many organisations could improve their resilience at minimal cost by pursuing this approach.  However, even within organisations, there is often an inexplicable reluctance to offer mutual support between different sites.

Obviously there are issues about working with a direct competitor, but the airline industry offers a good example of a sector where it is clearly understood that it is in everyone’s interests to pull together in the event of a serious incident; and mutual support is a cornerstone of most airlines’ responses.  Within our own client base, we are also seeing more examples of firms agreeing mutual support arrangements with suppliers, customers and neighbours in order to build resilience.

Our message then is if you don’t currently have any mutual support arrangements in place; have a think about how it could work for you.

After a relatively quiet start to the year, the news in the UK appears to be suddenly dominated by disruptions.  First there was the threat of strike action by fuel tanker drivers; then there was severe weather across the north of the country; today the hosepipe ban comes into force in much of England; and travel chaos is predicted over the Easter period because of a shortage of Border Agency staff.  Is there any pattern to this chaos?

Whilst it is pure chance that these 4 events should coincide, there is an important lesson to be learnt.  Once again these events highlight the importance of ensuring supply chain resilience: the oil companies are reliant on their subcontractors to move fuel; airport operators rely upon the UK Border Agency to run Immigration; and everybody relies on the water companies to supply our water (although most businesses aren’t directly affected by the hosepipe ban at this stage).  This point was emphasised again in the latest annual survey of Business Continuity Management in the UK, in which 15% of responding companies had experienced some form of supply chain disruption during the last 12 months.

The possibility of a strike by tanker drivers has dominated the news in the UK this week, bringing back uncomfortable memories of the fuel strike in 2000 – arguably the closest the country has come to a standstill since the strikes of the early 1970s.  What lessons can we learn from the story so far?

Much of the media coverage in the last few days has focused on the government’s poor crisis communications.  The criticism would seem to be fully justified as different ministers send out conflicting and contradictory messages.  Also, beyond announcing that a small number of RAF personnel are going to be trained to drive tankers; very little has been said about what the government’s contingency plans consist of so they do not provide much reassurance.

Ironically, the fuel strike of 2000 was one of the main drivers for the review of civil contingencies that ultimately led to the Civil Contingencies Act (2004), but it is entirely unclear at this stage how this new legislation has enhanced the government’s ability to respond.  This may, of course, become apparent if a strike actually takes place.  Fundamentally though the government cannot guarantee supplies of fuel, just as it cannot guarantee to keep the country’s roads open during extreme winter weather.  The onus is therefore on  individual businesses to plan how they can maintain their critical activities in the event of fuel shortages, just as they should be planning for the loss of any other vital supply.

As is traditional in Business Continuity Awareness Week, the Chartered Management Institute have just released the results of their latest annual survey into Business Continuity Management.  One of the headline findings is that the number of companies responding that they have a Business Continuity plan has increased again from 58% to 61%.  Whilst this is clearly good news, it must be tempered by recognising that the response rate to the survey was only 4%.  It seems reasonable to suspect that people in organisations that have adopted BCM are more likely to respond to a BCM survey.  Indeed, taking this argument to the extreme, if we assume that none of the non-responders have Business Continuity plans the headline figure falls to 2.4%.

Whilst the BBC doesn’t appear to be giving a great deal of coverage to BCAW 2012 they did, if only by accident, have a very relevant story today.  They illustrated a feature on the Government’s new National Loan Guarantee Scheme with a case study of a small business in Kent, Eagle Vending Services, who had experienced real financial difficulties after a fire in their neighbour’s premises.  Despite a proven track record over the previous ten years, repeated attempts to secure a bank loan were unsuccessful: ultimately they were only saved by an on-line service that matches lenders to borrowers.

We suspect that this is not an uncommon problem in the current economic climate.  Even if you are adequately insured, any sort of disruption generates immediate short-term demands for cash whilst the  claim is settled.  When I discussed this some years ago with one of the major banks they suggested that it wasn’t really a problem: if one of their customers had a problem like this of course they would help the out.  I suspect their reaction might be a bit different now.

As the banks have declined to provide a solution maybe somebody else needs to.  The Federation of Small Businesses has already made a start: after major events like the Foot and Mouth outbreaks and recent flooding incidents they have extended interest-free loans of up to £5000 to members who have been affected.  The scheme seems to work well so is there a business opportunity for someone out there?

Today marks the start of the annual Business Continuity Awareness Week (BCAW) in the UK.  One of the hot topics for 2012 will undoubtedly be the release of ISO 22301 so we kick off our contributions to BCAW with an article comparing the new standard with the established BS25999.  The article is free to access in the downloads section of the website.

The Final Draft International Standard (FDIS) for ISO 22301 was released on the 1st of February so it seems almost certain now that the new standard will be formally approved in the next few months.  There has already been a significant drop in BS 25999 certifications over the last year or so and, as in previous similar cases, it is anticipated that once the ISO has been approved the British Standard will be completely phased out.  So, whilst a full post-mortem is a little premature, it is maybe a suitable moment to reflect on the impact of BS 25999 over the last 4 years.

In terms of the number of certifications, BS 25999 has undoubtedly been somewhat disappointing.  There don’t appear to be any official figures; but a search of numerous media databases and the internet reveals less than 100 organisations worldwide that have announced that they have achieved certification.  Obviously this search strategy will have missed some organisations, particularly smaller ones, but it still gives an order of magnitude.  It may be a little unfair to compare directly with ISO standards, but in the first year after release ISO 14001 (Environmental Management) had 14 000 certifications and ISO 27001 (IT Security) nearly 6000.  It will be interesting to see how ISO 22301 compares with these figures once it is released.

Notwithstanding the lack of interest in certification, it would be wrong to say that BS 25999 has been a failure for it has in fact been extraordinarily successful in terms of spreading good practice in Business Continuity.  Whilst the principles contained in the standard were already contained in, for example, the BCI’s ‘Good Practice Guidelines’; encapsulating this good practice in a British Standard has vastly increased both the awareness and acceptance of these principles.

One of the most interesting aspects of the BS 25999 story has been the way it has been accepted globally, with roughly half of certifications being awarded outside the UK.  Perhaps BS 25999′s lasting legacy will be the stimulation of this international convergence on good practice in Business Continuity which has paved the way for ISO 22301.