Environmental and social (E&S) risks are the potential negative consequences to a business that result from its impacts on the environment or its stakeholders.

Governance of E&S Risks in Business Continuity Management

The Board of Directors, through the Risk Oversight Committee (ROC), composed primarily of independent members of the Board, plays an active role in setting the Bank’s risk culture and overseeing the risk infrastructure, operating policies, and exposures to ensure a good balance between risk appetite and prudence.

Integrating E&S Risks in Business Continuity Management

The Business Continuity Plan (BCP) Activity Cycle provides guidelines to all business units in the preparation of their BCPlans to enable them to continue the business process/es that may be affected by an emergency/business disruption.

Building Awareness on E&S Risks

Business Continuity Awareness (Workshops, Trainings and Advisories)

Business Continuity Awareness through workshops are continuously conducted by RSK-BORMD-BCD to discuss business continuity activities, roles, responsibilities and deliverables. Participants are composed mainly of business units’ BCP Team Leaders, Assistant Team Leaders and their representatives. Such roles and responsibilities are also communicated with the business units within the group.

Identifying and Assessing E&S Risks Disaster Risk Assessment (DRA)

Disaster Risk Assessment (DRA)

Our DRA tool provides information that is useful in the business continuity planning process. The objective is to determine the potential impact of the threat events on our business operations. This process involves estimation of the likelihood, assumptions of a potential threat scenario, and rating for its severity impact on people, property, and facilities.

Business Impact Analysis (BIA)

The Bank’s BIA tool identifies and measures (quantitatively and qualitatively) the business impact or loss of business processes in the event of a disruption. The quantitative aspect covers the assessment of the potential financial loss due to disruption, while the qualitative aspect pertains largely to the potential reputational impact of the same.

Managing and Mitigating E&S Risks

Business Continuity Plan (BCPlan)

The BCPlan is a documented plan detailing the orderly and expeditious process of recovery, resumption and restoration of business functions in the event of disruption. It should be able to cover and establish linkages amongst its multiple components, such as communication plan, crisis management plan, contingency funding plan and recovery plans (technical recovery plans, manual procedures, risk mitigation measures, work-around procedures, etc.).

Emergency Procedures Manual and HRMG Emergency Response Plan

Our Emergency Procedures Manual provides operational guidelines on how to respond to various fortuitous events or emergency situations that may occur at Metrobank head offices, satellite offices, and branches. Such situations include fires, earthquakes, inclement weather, volcanic eruptions, armed robberies, and bomb threats. The manual uses a two-pronged approach to achieve its goal:

• Preventive Measures: The manual contains measures that can be used by employees to avoid the occurrence of preventable emergency situations.
• Emergency Reference: During an emergency situation, the manual contains important administrative, logistical and procedural information to facilitate accessibility during an emergency when time is critical.

Business Continuity Exercises

Business continuity exercises are designed to test the business continuity plans and evaluate the individual and organizational performance against approved standards and objectives. It is performed for the purpose of training and conditioning business units and validating the Business BCPlan.

Gap Analysis and Corrective Action

This analyzes the gaps (i.e., recommendation / requirement / issues / other remarks / concerns) reported in the signed BCP Activity Report. It aims to identify what is necessary to achieve the acceptable results based on the test objectives (e.g. Recovery Time Objective (RTO) and Recovery Point Objective (RPO), etc.).

E&S Risk Exposure Metrics

The Bank maintains a risk matrix that outlines the risks, its likelihood, severity, and impact on the people, property, and facilities. Measures are in place to mitigate the impact of each risk depending on the threat scenarios identified.