Our robust approach to business resiliency is designed to allow us to deliver on the Travelers Promise to take care of our customers, communities and employees in the face of unexpected disruptions. Travelers Business Resiliency Management is our internal ecosystem that is focused on ensuring that we can operate consistently for our employees, agents and customers despite crises and operational disruptions and, accordingly, continue to deliver for our shareholders. Our Business Resiliency Management takes a holistic, three-pronged approach that encompasses business continuity, disaster recovery and crisis management. With senior management direction and support and with oversight by the Risk Committee of our Board of Directors, our program is focused on both preventive measures (including technology availability design, facility resilience and training/awareness programs) and response preparation (including business contingency planning, technology restoration and crisis management/emergency response).
The Travelers Business Resiliency Risk Committee, composed of members of our executive team, oversees the implementation of our business resiliency program and, along with our management-level Enterprise Risk Committee, is charged with reviewing and approving mission- and business-critical processes, identifying risks to business resiliency and facilitating decisions to accept, mitigate or remediate these risks.
Pursuant to its charter, the Risk Committee of our Board of Directors oversees “the strategies, processes and controls pertaining to business continuity and executive crisis management for the Company and its business operations.” In exercising its oversight, the Risk Committee of our Board meets annually with members of the Business Resiliency Risk Committee and the Enterprise Risk Committee to review the company’s business continuity, disaster recovery and crisis management efforts. Among other things, the Risk Committee reviews the enterprise event response protocols, discusses how those protocols would be (and were) triggered for events ranging from catastrophes to local shootings to bomb threats, and evaluates lessons learned from actual events, such as the COVID-19 pandemic. The Risk Committee also receives quarterly reports regarding preventive measures relating to cyber incidents, including those affecting suppliers that impact Travelers, as well as the steps taken to reduce future risk and continuously improve our threat detection and response processes.
The primary objective of business continuity is to ensure that the company is prepared to respond to, and recover from, an unexpected disruption. This requires a solid understanding of the risks to our operational structure and involves contingency planning and testing of hundreds of business processes across Travelers. We have inventoried our business processes and categorized them according to their criticality and urgency to the company, and we have tailored our resiliency measures accordingly.
Through annual risk reviews, which are facilitated centrally, each business function updates its resiliency plans with respect to key operational aspects. The plans include specific recovery scenarios and detailed workaround plans to be leveraged in the event of a disruption related to technology, facility, workforce or supplier issues. In addition, we conduct validation exercises to test the effectiveness of those plans.
In addition, as a fundamental part of our enterprise supplier management program, we identify supplier risks and mitigating controls, enabling the company to make informed decisions throughout the life cycle of a supplier relationship. Specifically, we assess the business continuity and disaster recovery risk of our suppliers to evaluate their overall business resiliency, recovery capabilities and limitations, as well as Travelers’ business process contingency strategy.
We base our approach to disaster recovery on a model that provides redundant infrastructure, application and platform solutions designed to enable continued operation in the event of a disruption. We strategically review these solutions on a regular basis to align with our business strategy. In addition, we conduct disaster recovery testing annually.
We inventory all computing platforms with a detailed plan to move to an alternate site, the specifics of which vary by application design and business criticality. We maintain technology availability standards to ensure adequate designs are deployed and sufficient procedures are in place and tested to restore infrastructure, applications and data in the event of a disaster.
We perform daily backups of changed production data from our primary facility to our alternate site. Critical technology components are designed with sufficient levels of redundancy to support the ability to recover from local or geographic service disruption events. In addition, we perform disaster recovery testing on all of our mission critical and supporting applications.
Our Crisis Management Operating Model includes two teams: the Operational Response Team (ORT) and the Enterprise Event Response Team.
Our integrated ORT comes together to manage events, both planned and unplanned, providing a coordinated and facilitated response to situations of all types. The ORT is a group of employees from across the organization, prepared to come together before, during or shortly after an event to ensure that we respond appropriately. The ORT manages corporate security, real estate, technology, cyber, business continuity and environmental health and safety events. This team is activated and engaged regardless of the severity of the incident, event or crisis. This response team maintains well-documented emergency response procedures and conducts regular training, scenario planning and exercises in anticipation of potential emergency scenarios. Travelers maintains event-specific playbooks covering protocols for various scenarios, including a pandemic, natural disaster, data center outage and cybersecurity incident. For example, our corporate pandemic plan, which outlines our strategy for maintaining a safe and healthy workplace while continuing to deliver uninterrupted service to our customers and agent and broker partners, was activated when the COVID-19 outbreak began. Roles and responsibilities of team members are clearly defined, enabling an efficient response to a national crisis or a technology, worksite, workforce or supplier event.
The Enterprise Event Response Team manages catastrophes, underwriting and exposure, claim response and regulatory events. When escalation is required, these teams engage with the appropriate group of senior executives tasked with overseeing the execution of our crisis management and emergency response plans with regard to the event at issue.
Travelers Business Resiliency Management in Action This Year
Despite the extraordinarily challenging circumstances related to COVID-19, we were able to continue to serve our customers, our agent and broker partners and each other seamlessly due to our extensive planning and preparation for unforeseeable circumstances; the commitment, resourcefulness and professionalism of our team; and the tremendous efforts of our Technology and Operations group. Upon initial reports of the emerging coronavirus in January 2020, we activated our Business Continuity, Crisis Management and Disaster Recovery teams to track the outbreak and begin executing our robust business resiliency plans. In February, the group expanded to include the Executive Crisis Management team, which effectively oversaw and managed the company’s response to the rapidly evolving events in real time.
Anticipating a scenario where nearly all employees would need to work remotely and necessary Claim professionals would need to safely engage with customers, our Operational Response Team acted quickly to limit business disruption and maintain the security of information. As part of those efforts, we assessed risk and mitigation levers on hundreds of business processes while activating and developing plans to assess and further strengthen our technology infrastructure and cybersecurity.
During the first few months of the COVID-19 pandemic, our Board of Directors met biweekly with our Chief Executive Officer to review management’s operational response to the pandemic, as well as strategies to minimize and mitigate the short- and long-term risks to the company. The meeting topics covered all aspects of our event response and business continuity, including our transition to a remote working environment, workforce health and safety, productivity, technology and cybersecurity, supply chain management, capital and liquidity management, legislative and regulatory activity, short- and long-term business impacts, financial results and community relief efforts.
Due to our Business Resiliency Management program and our corporate pandemic plan, we were able to seamlessly transition almost our entire workforce practically overnight to safely and effectively work from home, all while maintaining employee productivity and engagement. Our comprehensive planning and ongoing testing, as well as the exceptional response of Travelers employees to the crisis, enabled us to continue to deliver the risk management products and services that our customers need to live their lives and run their businesses, as well as the outstanding, uninterrupted service that our customers and agent and broker partners have come to expect.