[CM] [OCBC] [E3] [RAR] [T1-1] List of Threats

Part 1: CRA – List of Threats for OCBC Bank [1] Natural and [2] Technological

Introduction

In the ever-evolving landscape of business continuity, identifying and understanding potential threats is fundamental to safeguarding an organisation’s operations, reputation, and assets. Crisis management (CM) requires a proactive approach, which begins with thorough risk analysis and the identification of various threats that could impact an organisation.

For OCBC Bank, this process is especially critical given its central role in the financial ecosystem and its responsibility to provide uninterrupted services to its customers.

The purpose of this chapter, "Part 1-1: CRA - List of Threats," is to systematically catalogue the types of crises that may arise, breaking them down into specific scenarios and their potential impacts.

This list forms the foundation for effective crisis management planning by helping OCBC Bank assess risks at both the country and organisation levels.

By identifying and categorising these threats, the bank can prepare for them in advance through tailored response strategies, ensuring that it can continue operations, protect its stakeholders, and minimise disruption.

The types of threats outlined in this chapter span a wide spectrum of risks, ranging from natural disasters such as floods and earthquakes to man-made disasters like cyberattacks and terrorism, as well as disruptions in critical supply chains and IT infrastructure.

By understanding these diverse threats, OCBC Bank can ensure a comprehensive crisis management framework that is in line with ISO 22361 and the regulatory expectations of the Monetary Authority of Singapore.

Part 1-1: CRA – List of Threats

This is the table format for "Part 1-1: CRA- List of Threats" based on the provided criteria and the crisis management standards outlined in ISO 22361 and the Monetary Authority of Singapore's guidelines for OCBC Bank:

Crisis Type	Type of Threats / Crisis Scenario	Description of Threats	Country Level	Organisation Level
Denial of Access – Natural Disaster	Flood	Flooding due to heavy rainfall, rising sea levels, or dam failures. Can lead to disruption of physical access.	National emergency services may be overwhelmed.	Impact on branches, offices, ATM locations, and physical access to data centres.
	Tremors	Seismic activity that could cause infrastructure damage, collapse buildings, and disrupt transportation routes.	National coordination for disaster response.	Damage to buildings, network disruptions, staff injuries, and operational disruption.
	Storm	Severe storms with high winds and heavy rains, leading to infrastructure damage, communication breakdowns, and flooding.	National and response teams, evacuations, and aid.	Damage to physical infrastructure, disruption to ATM networks, and interruption in banking services.
Denial of Access – Man-made Disaster	Terrorist Attack	Attacks aimed at disrupting public and private infrastructure, including bombings, cyber-attacks, and armed threats.	National security protocols and emergency measures.	Cyber-attacks affecting online banking services, physical damage to bank buildings, and disrupted operations.
	Civil Unrest / Riots	Social unrest is causing violent protests, roadblocks, and damage to infrastructure.	Potential for nationwide curfews and law enforcement mobilisation.	Disruption of operations at branches, ATM locations, and possible threats to employee safety.
Unavailability of People	Pandemic	Widespread health crisis leading to a large-scale absence of employees due to illness, quarantine, or restrictions.	National quarantine measures, public health efforts.	Staffing shortages, operational disruptions, and reduced capacity for services (e.g., branch closures).
	Labour Strikes	Organised work stoppages or protests by employees are impacting daily operations.	National strike action laws, union negotiations.	Suspension of banking services, delays in processing transactions, and reduced operational capacity.
Disruption to the Supply Chain	Supplier Insolvency	Key suppliers or service providers are facing financial or operational failure, leading to a lack of critical supplies.	National economic impact, supply shortages.	Impact on core banking services due to a lack of essential supplies, including hardware, software, and outsourced services.
	Transport Disruption	Disruptions in transportation systems (e.g., road, rail, air) are impacting the delivery of critical supplies and services.	National transport infrastructure interruptions.	Delay in delivery of banking materials, essential equipment, and hardware maintenance services.
Equipment and IT-Related Disruption	Cybersecurity Breach	Cyber-attacks, including hacking, phishing, or ransomware attacks, target OCBC's IT systems and databases.	National law enforcement involvement in cybercrime.	Data breaches, theft of sensitive customer information, and disruption of online and mobile banking services.
	Power Outage	Sudden loss of electrical power is impacting all electronic systems, servers, and communications.	National utility companies may intervene for restoration.	Data centres, ATM networks, and online services were affected, resulting in downtime and service unavailability.
	Hardware Failure	Critical IT infrastructure failures (e.g., server crashes, data centre outages, communication network failures).	National-level IT recovery support may be needed.	Disruption to banking services, delay in transactions, and unavailability of customer services.

Explanation of Columns:

Crisis Type: Identifies the category of the crisis.
Type of Threats / Crisis Scenario: Specific scenarios falling under each crisis type.
Description of Threats: A brief explanation of the identified threat.
Country Level: The response required at the national level, such as coordination by government agencies, emergency responders, and national infrastructure support.
Organisation Level: The impact on OCBC Bank, focusing on the direct operational impact, such as branch closures, IT disruptions, or loss of personnel.

This table format aligns with ISO 22361 crisis management requirements and the regulatory requirements of the Monetary Authority of Singapore, ensuring the bank's preparedness for a variety of crisis scenarios.

The identification and classification of threats outlined in this chapter are pivotal to OCBC Bank’s crisis management strategy.

With a clear understanding of the potential crises that may impact the organisation, the bank is better positioned to implement appropriate risk mitigation measures, response plans, and recovery strategies.

The next steps involve translating these identified threats into actionable crisis scenarios, followed by the development of robust contingency plans for each scenario.

It is essential to recognise that crisis management is a dynamic process. While the threats listed in this chapter represent plausible risks, ongoing monitoring and regular updates to the risk register are necessary to account for emerging risks and changes in the operating environment.

As OCBC Bank continues to strengthen its crisis preparedness, this list of threats serves as a key reference point to guide its decision-making processes, enabling the bank to respond swiftly, minimise the impact of disruptions, and maintain the trust of its customers and stakeholders.

By ensuring the organisation is prepared for both the expected and the unexpected, OCBC Bank can safeguard its operations and contribute to the resilience of the financial sector as a whole, fulfilling its critical role in the economy even during times of crisis.

Leading Through Crisis: Implementing Crisis Management at OCBC Bank
eBook 3: Starting Your CM Implementation
[RAR] [T1-1]	[RAR] [T1-2]	[RAR] [T1-2] [Technology]	[RAR] [T2]

[RAR] [T3]	[CMS] [T1]	[CMS] [T2]	[PD] [CS] [1]

More Information About Crisis Management Blended/ Hybrid Learning Courses

To learn more about the course and schedule, click the buttons below for the CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].