[P2] [S5] Chapter 15
Practical Case Study (Banking Sector Example)
Introduction
While frameworks and methodologies provide structure, their true value is realised through practical application. This chapter presents a detailed banking sector case study showing how lessons learned:
- Are captured following a disruption
![[OR] [P2] [S5] [LL] [C15] Practical Case Study (Banking Sector Example)](https://no-cache.hubspot.com/cta/default/3893111/9769f9fc-a994-4962-b5cf-7b2aa9ad5875.png)
- Undergo Root Cause Analysis (RCA)
- Are linked to CBS and impact tolerance
- Lead to measurable improvements
The case demonstrates how organisations can move from:
- Incident → Insight → Action → Improvement
Purpose of the Chapter
To illustrate how a financial institution applies a structured Lessons Learned framework in a real-world scenario—demonstrating how incidents are analysed, lessons are derived, and improvement actions are implemented to strengthen Critical Business Services (CBS) and overall operational resilience.
Case Study Overview
Organisation Profile
- Mid-to-large retail bank
- Operates digital banking, payments, and deposit services
- Highly dependent on technology and third-party providers
Critical Business Service (CBS) in Focus
CBS-2: Payments and Funds Transfer Services
This CBS includes:
- Payment initiation
- Transaction processing
- Settlement and confirmation
Incident Description
Event Summary
The bank experienced a major outage in its payment processing system, resulting in:
- Delayed transactions
- Failed fund transfers
- Customer complaints
Duration
- Total disruption: 4 hours
- Recovery time exceeded defined impact tolerance
Impact Assessment
|
Impact Area |
Description |
|
Customer Impact |
Delayed and failed payments |
|
Financial Impact |
Compensation costs |
|
Regulatory Impact |
Breach of service expectations |
|
Reputational Impact |
Negative customer sentiment |
Lessons Learned Process
Stage 1: Capture
Immediately after stabilisation:
- Incident details were recorded
- Stakeholders participated in a debrief session
- Initial observations were documented
Key Observations
- System performance degraded before failure
- Delayed escalation to IT teams
- Vendor response was slower than expected
Stage 2: Root Cause Analysis
A structured RCA was conducted using multiple techniques.
Findings
|
Level |
Description |
|
Immediate Cause |
System overload during peak transaction period |
|
Contributing Factors |
Ineffective monitoring and delayed response |
|
Root Cause |
Lack of capacity planning and insufficient vendor resilience |
Stage 3: Validation
- Findings reviewed by:
- IT teams
- Operations
- Risk management
- Confirmed accuracy and completeness
Stage 4: Mapping to CBS
The incident was mapped to Sub-CBS components:
|
Sub-CBS Code |
Sub-CBS |
Issue |
|
2.1 |
Payment Initiation |
Transaction delays |
|
2.2 |
Processing Engine |
System overload |
|
2.3 |
Settlement |
Failed transactions |
Stage 5: Impact Tolerance Assessment
- Defined tolerance: 2 hours maximum downtime
- Actual disruption: 4 hours
Conclusion:
→ Impact tolerance breached
Development of Improvement Actions
Based on lessons learned, the bank defined improvement actions.
Action Plan
|
Action ID |
Description |
Owner |
Priority |
Timeline |
|
A1 |
Implement real-time monitoring system |
IT |
High |
3 months |
|
A2 |
Upgrade system capacity |
IT |
High |
6 months |
|
A3 |
Strengthen vendor SLAs |
Procurement |
High |
2 months |
|
A4 |
Improve escalation procedures |
Operations |
Medium |
1 month |
|
A5 |
Conduct stress testing |
Risk/IT |
High |
Quarterly |
Prioritisation of Actions
Actions were prioritised based on:
- CBS criticality
- Impact severity
- Likelihood of recurrence
Priority Summary
- High Priority: Capacity, monitoring, vendor management
- Medium Priority: Process improvements
Implementation and Monitoring
Execution
- Actions assigned to responsible teams
- Progress tracked through a centralised system
Monitoring
- Weekly progress reviews
- Escalation of delays
Integration with Scenario Testing
Lessons learned were incorporated into future testing.
Updated Scenarios
- Vendor failure scenario
- Peak transaction load stress testing
- Combined system and process failure
Outcome
- Improved testing realism
- Better preparedness
15.9 Results and Improvements
Measurable Outcomes
|
Metric |
Before |
After |
|
Recovery Time |
4 hours |
1.5 hours |
|
Incident Frequency |
High |
Reduced |
|
Customer Complaints |
High |
Reduced |
|
CBS Availability |
Lower |
Improved |
Key Improvements
- Enhanced system resilience
- Improved monitoring capabilities
- Stronger vendor management
- Faster response times
Key Lessons from the Case Study
Importance of Service-Centric Approach
- Focus on CBS enabled better prioritisation
Value of Root Cause Analysis
- Identified systemic issues, not just symptoms
Need for Strong Governance
- Ensured accountability and follow-through
Integration Across Functions
- Collaboration between IT, operations, and risk was critical
Common Pitfalls Observed
- Initial delay in escalation
- Over-reliance on vendor capabilities
- Lack of proactive monitoring
Best Practices Demonstrated
- Structured lessons learned framework
- Clear ownership and accountability
- Integration with scenario testing
- Continuous improvement approach
Extending Lessons Across the Organisation
The bank applied lessons learned beyond payments CBS to:
- Other critical services
- Vendor management framework
- Risk management processes
![[Banner] [Summing] [OR] [E2] [C13] Improving Lessons Learned](https://no-cache.hubspot.com/cta/default/3893111/71190ffb-94e6-4ae9-b40a-8f29585ab4ec.png)
This case study demonstrates how a structured approach to lessons learned can:
- Transform incidents into opportunities for improvement
- Strengthen Critical Business Services
- Enhance operational resilience
By following a disciplined methodology, organisations can ensure that:
- Lessons are not lost
- Improvements are implemented
- Resilience capabilities are continuously enhanced
Transition to Next Chapter
Building on this practical case study, the next chapter will explore future trends in lessons learned, including the role of AI, predictive analytics, and evolving regulatory expectations in shaping the future of operational resilience.
![[OR] [P2] [S5] [LL] [C1] Introduction to Lessons Learned in OR](https://no-cache.hubspot.com/cta/default/3893111/b76a622a-f295-4503-87fa-4c58f5f087a8.png)
![[OR] [P2] [S5] [LL] [C2] The Role of Lessons Learned in the OR Lifecycle](https://no-cache.hubspot.com/cta/default/3893111/b9f0d952-dfd0-400d-b37f-24d9c59f2baa.png)
![[OR] [P2] [S5] [LL] [C3] Governance and Ownership of Lessons Learned](https://no-cache.hubspot.com/cta/default/3893111/8e352c01-ff6a-4ff6-b81b-90ad0ad15f46.png)
![[OR] [P2] [S5] [LL] [C4] Sources and Triggers for Capturing Lessons Learned](https://no-cache.hubspot.com/cta/default/3893111/856c1acb-96c5-49ed-afa3-ffbb8e61d9e6.png)
![[OR] [P2] [S5] [LL] [C5] Lessons Learned Framework and Methodology](https://no-cache.hubspot.com/cta/default/3893111/c86a2b1e-05a8-44b9-a74f-730d85b6d046.png)
![[OR] [P2] [S5] [LL] [C6] Root Cause Analysis (RCA) Techniques](https://no-cache.hubspot.com/cta/default/3893111/b3d2f707-1f82-4f0a-8d51-f3451c78c337.png)
![[OR] [P2] [S5] [LL] [C7] Linking Lessons Learned to CBS](https://no-cache.hubspot.com/cta/default/3893111/f484c1bf-992a-4298-8752-6fec87c33912.png)
![[OR] [P2] [S5] [LL] [C8] Integration with Scenario Testing and Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/5eaa1a40-8d88-414b-8f38-9db2edd6ca0b.png)
![[OR] [P2] [S5] [LL] [C9] Developing and Prioritising Improvement Actions](https://no-cache.hubspot.com/cta/default/3893111/af3c93f2-7736-4431-84d3-664e4bc9e425.png)
![[OR] [P2] [S5] [LL] [C10] Embedding Continuous Improvement](https://no-cache.hubspot.com/cta/default/3893111/505103ad-4012-41a7-9fb9-afda3baeb58d.png)
![[OR] [P2] [S5] [LL] [C11] Communication of Lessons Learned](https://no-cache.hubspot.com/cta/default/3893111/fba3d8cc-8854-4f13-9408-37d1ebc49091.png)
![[OR] [P2] [S5] [LL] [C12] Technology and Tools for Lessons Learned Management](https://no-cache.hubspot.com/cta/default/3893111/2b75ccca-cdc3-4327-84ff-e06677302878.png)
![[OR] [P2] [S5] [LL] [C13] Regulatory Expectations and Compliance](https://no-cache.hubspot.com/cta/default/3893111/516c631b-bb38-4b5f-9446-afcedbe2751c.png)
![[OR] [P2] [S5] [LL] [C14] Common Challenges and Pitfalls](https://no-cache.hubspot.com/cta/default/3893111/afb5b7fb-efcb-4832-a6bd-44f3f36c97ee.png)
![[OR] [P2] [S5] [LL] [C16] Future Trends in Lessons Learned](https://no-cache.hubspot.com/cta/default/3893111/b0a94161-20fe-4a63-a164-12d2be9c007c.png)
![[OR] [P2] [S5] [LL] [C17] Key Takeaways and Call to Action](https://no-cache.hubspot.com/cta/default/3893111/edcf7673-1c76-45e7-9b70-12cda97ceac6.png)
![[OR] [P2] [S5] [LL] [C18] Back Cover](https://no-cache.hubspot.com/cta/default/3893111/6b6d918c-c6a7-4861-8e83-5760b1c19713.png)
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
