Be Prepared – Business ContinuityPlanning – Financial ResiliencyInformation Sharing – Response

Kathryne Daniels, CTPWestern Region - Treasury Sales Manager, SVPGlobal Treasury Solutions – Public Sector BankingBank of America Merrill Lynch

August 8, 2013

2

The average is 34 a year….through 2007

• Fire• Earthquake• Fishing losses• Severe storm• Volcano• Snow• Tornado• Severe Drought• Earthquake• Typhoon• Coastal Storm• Severe Ice Storm• Freeze• Mudslide• Landslide• Flood• Tsunami

• Bio-Hazards• Power Failure• Comm. Failure• Cyber• Human

3

Planning

Why is it critical that every agency has a business continuity plan in place?

– Businesses continuity planning can mitigate operational and customer impact, strengthen communities and serves as the foundation to national economic resiliency.

– Pre-Planning is key to understand risks, vulnerabilities and consequences for both the planner and their dependencies.

– Readiness supports deterrence when possible, response actions - and provides for relief to the organization and the responder community while establishing conditions to recover.

– Team Members in Collaboration identify, prioritize and coordinate response and recovery activities. These connections must transcend organizations internally and externally.

– Lessons learned, adapted and applied, are essential for informed, efficient living business continuity plans.

What are some key areas that agencies can work with their financial institution to help prepare for any emergency?

– The key to know your relationship manager and have contact information readily available

– Planning based requirements should align organizational needs with bank services

– Understand the breadth of bank services to ensure “contingencies” can be considered

– Discuss “out of box” scenarios with Relationship Manager to explore the “what if” circumstances– Cash on Sunday?

Why is information sharing between the public and private sector important?

– Timely intelligence for responsible decisions

– Informed prioritization of response and restoral of service

– Coordination of activities

– Consistent messaging to communities for stability, direction, restoral of public trust and confidence

4

Planning

Local emergency management offices can help identify the hazards in your area and outline the local plans and recommendations for each.

1. Evaluate the hazards and your vulnerabilities2. Identify the key activities that require continuity3. Identify key roles in a Disaster4. Develop and document the plan(s) to include process and procedures needed5. Test and update plan(s) as appropriately

Resources:www.ready.gov/business www.sba.gov/content/disaster-preparednesswww.redcross.org/prepare/disaster-safety-librarywww.readyrating.org

5

Planning: Infrastructure

Utilities–You may not have electricity or water (Sewer vs. drinking – water heater)

Building –You may not have an office, back-up office space?–Normal level of security is gone?

Generators for back up – tested?Supplies are essential - to 72 hours (diapers to bottled water – cafeteria?)Assembling Management teamContacting Customers/ClientsTechnology Solutions:

–Communications (GETS, WPS, SMS, Social Media, Reunification Stations)–Car charger and inverters

5 MS counties hardest hit by Katrina – there were NO cell towers and cable service was also destroyed in addition to power and land lines for phones. There was no water. Main traffic arteries were gone (not just damaged). There were not have enough satellite phones and that was the only communication method working in the first few days. Gov Barbor stated that MAJ General Cross (National Guard) was doing communications used the Civil War - runners were the only thing that worked and you had to just hope they could get through.

6

Planning: Insurance, State and Federal Aid

Preparation for insurance claim – appraisals up to date? Do you know how to contact your insurance agent?

Have copies of policies on handKnow claim procedureWhat about disasters for which you have no advance notice? Know the FEMA Public

Assistance Policy Know which of your roads are part of the Federal Highway Program.Have a copy of your State’s Mutual Aid Agreement Purchase Business Interruption Insurance

7

Planning: Plan, Practice and Prepare Yourself

Don’t wait to plan until your Agency/Organization is on the 11 o’clock news

–Practice worst case and increasingly complex scenarios

–Practice both events with warning and no warning, like Earthquake.

–Coordinate exercises and testing with partners

–Leverage Homeland Security Exercise and Evaluation Program (HSEEP)

–Consider an All Hazards approach

Learn – Connect – Achieve – Suggest

8

Financial Resiliency: Payroll

Pre-date ACH payroll run (early warning)Distribution of checks ahead of time (early warning)With warning some clients were able to distribute payroll in the form of cash two

days ahead of a storm–Note added advantage of not having increased absences due to time spent

looking for places to cash checksEncourage direct depositCross-train employees on payroll issuanceRemote payroll

– Ensure ACH software is on this computerPayroll Checks Alternatives

–Cash Pay–Disaster Pre-paid Card (non-activated) Vaulted by client Activated after disaster/PIN activatedRequires Direct Deposit of Payroll approval by employeesData updates and distribution critical to success

9

Financial Resiliency: Information Management

Have remote site/sister site from which you can run accounting functions

– Identify a contingency location

–Partner with other cities or counties (private institutions)Access bank’s web portal from any PC which provides instant remote access validated

with a digital certificate or other security devices.

–Flash Drive

–Network Drive

–Floppy Disk Ensure all passwords and 800 numbers are on handTest site regularlyHave outside company/courier take backup tapes to secure location/above ground

vault dailyEliminate paper backups

– Imaging/scan all documents-benefits:Information is at fingertipsMajor reduction in storage requirements

10

Financial Resiliency: Purchasing/Disbursements/Vendor Payments

Purchasing Card

–Either implement for regular purchases or have on hand for emergency purchases

–Know how to contact the program administrator to modify spending limits or approve merchant category codes.

–Expanded purchasing authority as requiredRemote processingAutomate vendor paymentsPositive Pay

–Have 800 numbers on hand for exceptions

–Select default choice for exceptions according to your preference

–Know the default that is applied if you do not make a pay-return decision.

–Determine in advance what alternative arrangements are available

–Find out if your bank posts banner messages on their web portal with reminders; and if their ARP department makes "best efforts" calling initiatives to contact clients that had not called in before the decision deadline.

11

Financial Resiliency: Deposits and Cash Needs

Get cash ahead of time – order from banking center with two-day notice if possible

Distribute extra cash among several key employees vs. having it with one personStop depositing cash to have extra on handIdentify key banking centers for deposits and employee check-cashing

–Know where alternative banking centers are located so staff can be directed to them in event of closures. If you have web access you can always look for banking center locations at your bank’s website.

Use of mobile ATMS/banking centersAccess for private critical infrastructure to restore our communitiesConsider hidden icon on own website for employees to reference

12

Financial Resiliency: Receivables Processing

Use of RDS (Remote Deposit Service)Use of lockboxWeb based invoicing/paymentsRemote computerHave all passwords and 800 numbers with you“What does the post office/Fed Ex/UPS do if your building is gone?”

13

Financial Resiliency: Merchant Services

Merchant Services backup processing

•With the loss of electricity your credit card machine will not function.

•Be sure to have your providers back up procedures handy so you can continue to make credit card sales (perhaps use of a “knuckle buster” and voice authorization as cash may not be available).

•Determine in advance your procedures in the event the phone lines are unavailable for voice authorizations (continue to accept payment from known customers only?).

•Be sure to have the voice authorization phone numbers and your merchant ID on hand, as well as your merchant processors customer service number.

14

Financial Resiliency: Vendor Payments and Partners

Check stock

–Keep stored in safe room

–Use blank check stockAlternatives

–Online wire and ACH payment initiation – templates

–Electronic payments (virtual card and ACH)Review the vendor’s business contingency plans to ensure that any mission critical

services can be restored within an acceptable timeframeReview the vendor’s program for contingency plan testingEnsure vendor interdependencies are considered for mission critical services and

applications

15

Financial Resiliency: Wire Transfers and Investments

Wire TransfersInitiate critical wires via bank’s online web-based systemComplete and maintain a telephone wire transfer agreementHave wire room telephone number at handHave designated PINs activated and available

InvestmentsHave your investment account number or tax identification number with youHave your investment representative’s phone number with youKnow what happens if your investment matures on the date of the disaster. Do you

have plans on what to do?If using an online service, ensure your digital certificate is on your laptop, flash drive,

network drive or floppy disk and is current.

–Test a minimum of once a year

16

Information Sharing“The most important information sharing occurs before the information is required”

16

The Homeland Security Information Network (HSIN) A national secure and trusted web-based portal for information sharing and collaboration between federal, state, local, tribal, territorial, private sector,and international partners engaged in the Homeland Security mission.

FEMA National Business Operations CenterIn a crisis, close collaboration between the Federal Emergency Management Agency (FEMA) and the private sector is critical to protecting citizens and rebuilding communities. The National Business Emergency Operation Center (NBEOC) is envisioned as a groundbreaking new virtual organization that serves as FEMA’s clearinghouse for two-way information sharing between public and private sector stakeholders in preparing for, responding to, and recovering from disasters.

National Network of Fusion CentersState and major urban area fusion centers (fusion centers) serve as focal points within the state and local environment for the receipt, analysis, gathering, and sharing of threat-related information between the federal government and state, local, tribal, territorial (SLTT) and private sector partners

17

Sandy

Caribbean and Bermuda

Southeast

Mid-Atlantic

Northeast

Key Team Members In-Action Outcome

Federal Emergency Management Agency

Jersey City, New Jersey & New York City

Private Associations (All Hazards Consortium)

American Red Cross

National Weather Service – NOAA

Situation Reports

Open and Closed Businesses

Real-time communications

Curfew and Transportation Status

Damage Assessment Mapping

Flood Gauges

18

US Airways Flight 1549

January 15, 2009

Flight from New York City to Charlotte

Bank of America associates onboard

Key Team Members In-Action Outcome

Federal Aviation Administration

New York Police Department

Port Authority of New York and New Jersey

Associate well being

Common operational picture

Secure return of personal property

19

Earthquakes

California

Haiti

Chile

Key Team Members In-Action Outcome

United States Geological Survey

Santa Clara County

California Emergency Management Agency

California Utilities Emergency Association

Fusion Centers

American Red Cross

Logistics

Damage assessments

Reentry access protocols

Estimated time of recovery

Relief funding requirements

“Ground truth”

Evacuation routes and shelters

20

Hurricanes / Tropical Storms 2008

Six major storms in three months

Key Team Members In-Action Outcome

Federal, State and Local Emergency Management Agencies

Department of Homeland Security

Financial Sector Coordinating Council

American Red Cross

Evacuation routes; pre-staging

Shelters

Survivor assistance – FEMA Process

Situational awareness

Mobile Banking Center deployments

Critical Infrastructure prioritization

Tropical Storm Dolly Hurricane Gustav

Tropical Storm Eduardo

Hurricane Hanna

Tropical Storm Fay Hurricane Ike

21

Wildfires

2009 California Wildfires (July – October)

71 individual fires

Burned more than 336,000 acres

Neighborhood evacuations

Unpredictable weather impact

Key Team Members In-Action Outcome

City and County of Los Angeles

California Resiliency Alliance

California Department of Forestry and Fire Protection

American Red Cross

California Emergency Management Agency

Containment status

Fire maps

Buffer zones

Public assembly areas

Supplies needed (essential services)

Resource requests

22

Notice to RecipientConfidential

“Bank of America Merrill Lynch” is the marketing name for the global banking and global markets businesses of Bank of America Corporation. Lending, derivatives, and other commercial banking activities are performed globally by banking affiliates of Bank of America Corporation, including Bank of America, N.A., member FDIC. Securities, strategic advisory, and other investment banking activities are performed globally by investment banking affiliates of Bank of America Corporation (“Investment Banking Affiliates”), including, in the United States, Merrill Lynch, Pierce, Fenner & Smith Incorporated and Merrill Lynch Professional Clearing Corp., all of which are registered broker‑dealers and members of FINRA and SIPC, and, in other jurisdictions, by locally registered entities. Investment products offered by Investment Banking Affiliates: Are Not FDIC Insured * May Lose Value * Are Not Bank Guaranteed.

These materials have been prepared by one or more subsidiaries of Bank of America Corporation for the client or potential client to whom such materials are directly addressed and delivered (the “Company”) in connection with an actual or potential mandate or engagement and may not be used or relied upon for any purpose other than as specifically contemplated by a written agreement with us. These materials are based on information provided by or on behalf of the Company and/or other potential transaction participants, from public sources or otherwise reviewed by us. We assume no responsibility for independent investigation or verification of such information (including, without limitation, data from third party suppliers) and have relied on such information being complete and accurate in all material respects. To the extent such information includes estimates and forecasts of future financial performance prepared by or reviewed with the managements of the Company and/or other potential transaction participants or obtained from public sources, we have assumed that such estimates and forecasts have been reasonably prepared on bases reflecting the best currently available estimates and judgments of such managements (or, with respect to estimates and forecasts obtained from public sources, represent reasonable estimates). No representation or warranty, express or implied, is made as to the accuracy or completeness of such information and nothing contained herein is, or shall be relied upon as, a representation, whether as to the past, the present or the future. These materials were designed for use by specific persons familiar with the business and affairs of the Company and are being furnished and should be considered only in connection with other information, oral or written, being provided by us in connection herewith. These materials are not intended to provide the sole basis for evaluating, and should not be considered a recommendation with respect to, any transaction or other matter. These materials do not constitute an offer or solicitation to sell or purchase any securities and are not a commitment by Bank of America Corporation or any of its affiliates to provide or arrange any financing for any transaction or to purchase any security in connection therewith. These materials are for discussion purposes only and are subject to our review and assessment from a legal, compliance, accounting policy and risk perspective, as appropriate, following our discussion with the Company. We assume no obligation to update or otherwise revise these materials. These materials have not been prepared with a view toward public disclosure under applicable securities laws or otherwise, are intended for the benefit and use of the Company, and may not be reproduced, disseminated, quoted or referred to, in whole or in part, without our prior written consent. These materials may not reflect information known to other professionals in other business areas of Bank of America Corporation and its affiliates.

Bank of America Corporation and its affiliates (collectively, the “BAC Group”) comprise a full service securities firm and commercial bank engaged in securities, commodities and derivatives trading, foreign exchange and other brokerage activities, and principal investing as well as providing investment, corporate and private banking, asset and investment management, financing and strategic advisory services and other commercial services and products to a wide range of corporations, governments and individuals, domestically and offshore, from which conflicting interests or duties, or a perception thereof, may arise. In the ordinary course of these activities, parts of the BAC Group at any time may invest on a principal basis or manage funds that invest, make or hold long or short positions, finance positions or trade or otherwise effect transactions, for their own accounts or the accounts of customers, in debt, equity or other securities or financial instruments (including derivatives, bank loans or other obligations) of the Company, potential counterparties or any other company that may be involved in a transaction. Products and services that may be referenced in the accompanying materials may be provided through one or more affiliates of Bank of America Corporation. We have adopted policies and guidelines designed to preserve the independence of our research analysts. These policies prohibit employees from offering research coverage, a favorable research rating or a specific price target or offering to change a research rating or price target as consideration for or an inducement to obtain business or other compensation. We are required to obtain, verify and record certain information that identifies the Company, which information includes the name and address of the Company and other information that will allow us to identify the Company in accordance, as applicable, with the USA Patriot Act (Title III of Pub. L. 107-56 (signed into law October 26, 2001)) and such other laws, rules and regulations as applicable within and outside the United States.

We do not provide legal, compliance, tax or accounting advice. Accordingly, any statements contained herein as to tax matters were neither written nor intended by us to be used and cannot be used by any taxpayer for the purpose of avoiding tax penalties that may be imposed on such taxpayer. If any person uses or refers to any such tax statement in promoting, marketing or recommending a partnership or other entity, investment plan or arrangement to any taxpayer, then the statement expressed herein is being delivered to support the promotion or marketing of the transaction or matter addressed and the recipient should seek advice based on its particular circumstances from an independent tax advisor. Notwithstanding anything that may appear herein or in other materials to the contrary, the Company shall be permitted to disclose the tax treatment and tax structure of a transaction (including any materials, opinions or analyses relating to such tax treatment or tax structure, but without disclosure of identifying information or, except to the extent relating to such tax structure or tax treatment, any nonpublic commercial or financial information) on and after the earliest to occur of the date of (i) public announcement of discussions relating to such transaction, (ii) public announcement of such transaction or (iii) execution of a definitive agreement (with or without conditions) to enter into such transaction; provided, however, that if such transaction is not consummated for any reason, the provisions of this sentence shall cease to apply. Copyright 2013 Bank of America Corporation.