On 3 March 2020, the European Central Bank (ECB) issued a letter to significant institutions concerning their contingency preparedness in the context of COVID-19.
In the letter the ECB makes the point that supervised entities are expected to review their business continuity plans and consider what actions can be taken to enhance preparedness to minimise the potential adverse effects of the spread of COVID-19.
The ECB also states that supervised entities are expected to take appropriate actions for preparing and responding to a potential pandemic, which may include:
- establishing adequate measures of infection control in the workplace which can include systems to reduce infection transmission and worker education;
- assessing to what extent contingency plans include a pandemic scenario which provides for scaling measures commensurate with the institution’s geographic footprint and business risk for the particular stages of a pandemic outbreak;
- assessing how quickly measures foreseen under the pandemic scenario of the contingency plan could be implemented and how long operations could be sustained under such a scenario;
- assessing whether alternative and sufficient back-up sites can be established in light of possible pandemic;
- assessing and urgently testing whether large scale remote working or other flexible working arrangements for critical staff can be activated and maintained to ensure business continuity;
- proactively assessing and testing the capacity of existing IT infrastructure, also in light of a potential increase of cyber-attacks and potential higher resilience on remote banking services;
- assessing risks of increased cyber-security related fraud, aimed both to customers or to the institution via phising mails etc; and
- entering into a dialogue with critical service providers to understand whether and to ascertain how services continuity would be ensured in case of a pandemic.
For further information on the legal implications of COVID-19 please refer to the Norton Rose Fulbright hub here.