[CM] [OCBC] [E3] [CMS] [T2] Crisis Response Strategy

Crisis Response Strategy

Introduction

In today’s volatile operating environment, financial institutions such as OCBC Bank face a wide spectrum of potential crises—ranging from technology disruptions and cyberattacks to operational failures, fraud, physical threats, and wide-scale societal disruptions.

An effective Crisis Response Strategy ensures that OCBC can rapidly escalate, analyse, and respond to disruptive events in a coordinated and decisive manner.

Aligned with the principles outlined in CST2 Part 2: Crisis Response Strategy, this chapter outlines the key threats and crisis scenarios relevant to OCBC Bank and presents structured response strategies that enable timely decision-making, stakeholder engagement, regulatory compliance, and minimisation of business impacts.

The Crisis Response Strategy focuses on:

Establishing a predictable and repeatable response approach
Ensuring clarity of roles and responsibilities during crisis escalation
Providing strategic direction and tactical options for decision-makers
Maintaining continuity of critical banking operations
Safeguarding customers, employees, assets, and the OCBC brand

Table: Crisis Response Strategy Table

Crisis Type	Type of Threats / Crisis Scenario	Detailed Description of Threat / Scenario	Response Strategy	Details of Strategy	Justification of Strategy	Remarks
Cybersecurity Crisis	Advanced Persistent Threat (APT) Attack	Highly sophisticated, multi-stage cyber intrusion targeting customer data, online banking systems, and internal networks	Containment, Isolation & Digital Forensics	Activate Cyber Response Team, isolate compromised systems, perform forensic investigation, block attacker pathways	Minimises data breach scale, protects regulatory compliance, and preserves customer trust	Ensure alignment with MAS TRM and FS-ISAC threat intel
Cybersecurity Crisis	Distributed Denial of Service (DDoS) Attack	Massive traffic flood targeting OCBC online banking or corporate gateway, degrading or denying service	Network Traffic Rerouting & DDoS Mitigation	Activate DDoS mitigation provider, throttle malicious traffic, and maintain public communications	Maintains service availability and confidence while mitigating reputational exposure	Rehearse with technology partners annually
IT Failure / System Outage	Core Banking System Failure	Failure in the core transactional engine causes interruption to ATM, branch, or digital services	System Recovery & Customer Service Activation	Engage IT Disaster Recovery teams, restore services from backup, and activate the customer notification plan	Ensures continuity of critical services and prevents panic	Align with RPO/RTO requirements
IT Failure / System Outage	Cloud Service Provider Outage	Failure of third-party cloud infrastructure supporting banking applications	Multi-Zone Failover & Vendor Escalation	Switch to backup zones or on-prem infrastructure; escalate to CSP	Reduces downtime and dependency risk	Regular stress tests required
Fraud & Financial Crime	Large-Scale Fraudulent Transaction Event	Coordinated fraudulent transfers affecting multiple customers or corporate accounts	Transaction Freeze & Investigation Workflow	Freeze suspicious accounts, notify regulators, activate fraud investigation team	Limits financial loss and regulatory breach	Coordinate with law enforcement
Operational Crisis	Branch Network Disruption	Fire, power outage, or building failure affecting multiple branches	Alternate Branch & Remote Workforce Activation	Redirect customers to alternate branches; deploy temporary mobile service units	Maintains customer service continuity	Ensure public communication clarity
Operational Crisis	ATM Network Failure	Wide-scale ATM outage across Singapore or regional locations	Technical Restoration & Cash Distribution Plan	Activate the ATM restoration team, deploy cash distribution contingencies	Ensures access to cash during disruption	High public visibility—manage media proactively
Physical Security Threat	Terror Attack Near OCBC Premises	Bomb threat, active shooter, or violent incident near OCBC branch or HQ	Evacuation & Staff Safety Protocol	Activate security lockdown or evacuation; coordinate with police	Prioritizes staff safety and operational resilience	Conduct annual evacuation drills
Physical Security Threat	Civil Disturbances / Public Unrest	Large demonstrations affecting operational centres	Site Closure & Continuity Activation	Temporarily close branches, invoke remote operations	Protects employees while maintaining services	Monitor government advisories
Pandemic or Health Crisis	Infectious Disease Outbreak	The pandemic is affecting workforce availability and customer-facing operations	Split-Team, Remote Work & Health Measures	Deploy split teams, remote work protocols, and staff health monitoring	Sustains banking operations during workforce disruptions	Refer to MOH guidelines
Reputational Crisis	Social Media Crisis / Viral Complaint	Sudden escalation of negative sentiment due to a service outage or a customer grievance	Rapid Communications Response	Activate Crisis Comms Team, issue transparent updates, correct misinformation	Preserves reputation through timely engagement	Monitor media sentiment
Regulatory & Compliance Crisis	MAS Regulatory Breach	Failure in reporting, governance, or risk monitoring framework	Regulatory Response Protocol	Notify MAS, conduct internal investigation, implement corrective action	Critical for regulatory trust and license continuity	Maintain compliance logs
Third-Party Vendor Crisis	Vendor Technology Failure	Critical vendor fails to deliver required services (payments, cybersecurity, cloud)	Vendor Escalation & Alternate Service Activation	Escalate to the vendor, switch to the backup provider, or internal fallback	Ensures service continuity despite third-party disruptions	Maintain updated vendor risk assessments
Environmental Crisis	Flooding, Fire, or Natural Hazard	Natural disaster affecting data centres or operational hubs	Disaster Recovery Facility Activation	Switch operations to alternate data centres or a crisis operating site	Protects critical infrastructure and data integrity	Conduct DR drills
Financial Market Crisis	Sudden Market Shock / Liquidity Crisis	Distressed market conditions are impacting customer deposits, liquidity, and investments	Liquidity Management & Customer Assurance	Activate treasury crisis protocol, daily liquidity monitoring, and customer advisories	Helps maintain financial stability and customer confidence	Coordinate with central bank

A well-designed Crisis Response Strategy is essential for safeguarding OCBC Bank’s reputation, regulatory compliance, and operational continuity.

By identifying key threats, defining detailed crisis scenarios, and establishing structured response strategies, OCBC ensures that crisis managers and senior leadership have clear guidance during critical moments.

This chapter reinforces the core principles of CST2 Part 2—clarity, coordination, speed of response, and informed decision-making.

Through proactive preparation and scenario-based strategy development, OCBC is equipped to respond decisively to any crisis, protect its customers and employees, and uphold its responsibilities as a leading financial institution in Singapore and the region.

Leading Through Crisis: Implementing Crisis Management at OCBC Bank
eBook 3: Starting Your CM Implementation
[RAR] [T1-1]	[RAR] [T1-2]	[RAR] [T1-2] [Technology]	[RAR] [T2]

[RAR] [T3]	[CMS] [T1]	[CMS] [T2]	[PD] [CS] [1]

More Information About Crisis Management Blended/ Hybrid Learning Courses

To learn more about the course and schedule, click the buttons below for the CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].