Corporate Governance

Global Resiliency and Crisis Management

Print Version



JPMorgan Chase (JPMC) is committed to providing high quality and resilient service to our customers and clients and has developed a rigorous program to do so. We are committed to meeting our legal and regulatory obligations in each of the jurisdictions where we do business, as well as to maintaining high standards of resiliency at all times during our daily practices.

Our Global Resiliency and Crisis Management (GRCM) program is designed to provide an integrated firm-wide resiliency program aligned to our business strategy and principles, as well as the requirements of our customers and clients globally. We do this by:
 

  • Providing continuity of client and customer services while protecting the firm's employees and assets;
  • Engaging senior management on all aspects of the program, including determining the resiliency risk appetite, strategy, leadership and program oversight;
  • Proactively managing resiliency risks to incorporate appropriate mitigation and controls;
  • Developing and maintaining resiliency plans based on impact analysis and criticality; and
  • Helping employees understand their role in recovery scenarios and undertake validation tests and exercises for all critical functions and locations.

The information below provides details about the key aspects of our program.


Regulation and Compliance:


Our GRCM policies and standards establish rules for resiliency planning, response and recovery across the firm. The GRCM Program is:

  • Managed by a firm-wide GRCM Steering Committee, comprised of Senior Management of each line of business as well as JPMC corporate functions;
  • Reviewed and approved by the Audit Committee of the Board of Directors of JPMC on an annual basis;
  • Subject to risk-based examinations by JPMC Internal Auditors; and
  • Subject to regular inspection by regulatory authorities, including the US Office of the Comptroller of the Currency (OCC), The Federal Reserve Board (FRB), The UK Financial Conduct Authority (FCA), Prudential Regulation Authority(PRA), Monetary Authority of Singapore (MAS) and other national regulatory authorities.


Crisis Management Processes:


A robust crisis management process is in place that seeks efficient, effective and timely response to incidents of varying severity and types.

  • A firm-wide notification tool is used internally to communicate in crises;
  • Escalation processes are in place and are routinely tested;
  • Post event reviews are undertaken to ensure event management procedures and resiliency capabilities are continually enhanced; and
  • The firm also responded effectively to 18 incidents in 2014, such as severe winter weather in US, tropical storms in the Philippines, and geopolitical events in Brazil.


Resiliency Planning:


Managers throughout the firm develop and maintain resiliency plans as part of the GRCM program.

  • Annually, impact analyses are performed to determine and confirm the relative criticality of processes;
  • All businesses develop recovery plans, based on their business impact analysis and risk assessments, addressing business, operations and technology components (including critical services provided by third parties);
  • Quality reviews and audit assessments are undertaken and where appropriate corrective measures implemented; and
  • Senior management approves resiliency plans annually.


Testing and Exercising:


The firm employs a comprehensive testing approach to regularly validate the effectiveness of the recovery program in different incident types.

  • Tests include tabletop exercises and physical recovery of strategies; and
  • Test results are communicated to the firm's senior management for all business functions as appropriate.


Special Contingencies:


Plans address high-level absenteeism events, including pandemic and severe weather.

 

  • JPMC businesses have incorporated special contingency events into their resiliency planning; and
  • The firm has participated in several market-wide and regulatory exercises.