Building Operational Resilience: A Strategic Advantage for Banks in Evolving Times

4 min read


The recent collapses of Silicon Valley Bank and Signature Bank have cast a spotlight on the vulnerabilities within the banking industry. These events highlight the ever-increasing importance of operational resilience – a bank's ability to adapt and function effectively even during major disruptions. 

The risk landscape is constantly evolving, demanding a renewed focus on operational resilience. This urgency is reflected in a wave of recent regulatory decrees that also increasingly acknowledge the role of technology in strengthening resilience. For example, the Basel Committee on Banking Supervision (BCBS) set a new industry standard in 2021 with its Principles for Operational Resilience emphasizing banks' ability to handle and adapt to disruptions. Similarly, the UK and the EU have implemented strict rules, such as the Prudential Regulation Authority (PRA) and Bank of England's guidelines, and the Digital Operational Resilience Act (DORA) respectively. In the United States, regulatory bodies like the SEC Division of Examinations and the US Federal Reserve are also prioritizing operational resilience. 

For banks navigating the evolving regulatory landscape, building operational resilience is no longer just a best practice, it's a strategic imperative. Let’s delve into key strategies for strengthening operational resilience practices in the year ahead.

Leveraging Technology for a Proactive Approach

Banks are increasingly turning to automation and artificial intelligence (AI) to bolster their resilience frameworks. These technologies offer a powerful toolkit that goes beyond mere compliance. AI can sift through vast amounts of data, uncovering hidden patterns and emerging threats that traditional methods might overlook. For example, AI can be used to detect anomalies in transactions, potentially leading to faster fraud identification. 

Automation, on the other hand, streamlines incident response protocols. By automating key tasks, banks can minimize downtime during disruptions and ensure a swift recovery. For instance, if there's a cyberattack, automated systems can detect it and immediately activate predefined responses to contain the threat and minimize damage.

Scenario Testing and Incident Response Planning

Building resilience goes beyond just technology alone. It requires a structured approach to anticipating disruptions. Scenario testing can help financial institutions better understand real-world risk events like cyberattacks and other operational disruptions. These insights are then used to develop incident response plans, outlining employee actions to contain threats, restore operations swiftly, and continuously improve. Regular testing and plan refinement ensure banks are prepared for anything, minimizing downtime during disruptions.

Building a Culture of Preparedness: Every Employee a Line of Defense

Risks are not just a concern for leadership – they should be a concern for every employee at every level of an organization. Employees can be the strongest or weakest link in risk management practices. Resilience-minded leaders should look to their team and culture as an opportunity to build continued resilience. 

Leaders set the standard for risk management by actively engaging with risk and resilience measures, demonstrating the importance of these practices throughout the organization. This involves investing in employee training to recognize and report potential risks, including those related to technology best practices and cyber hygiene. The training should also equip employees to follow incident response protocols during disruptions, ensuring a swift and coordinated response to minimize damage and restore operations. Additionally, creating a user-friendly, anonymous system for employees to report issues and observations empowers them to contribute to the bank's overall resilience. Fostering open communication through regular updates on risk management initiatives and the importance of employee participation solidifies a culture of awareness. A well-informed and engaged workforce becomes a vital "human firewall" – the first line of defense against potential disruptions.

Continuous Improvement: The Key to Sustainable Resilience

Operational resilience isn't a one-time fix. It's an ongoing process that requires continuous assessment and improvement. Banks need to constantly monitor and refine their risk management programs, ensuring they remain relevant and address evolving threats. This includes expanding their focus beyond traditional risk types to consider emerging challenges like geopolitical instability, economic uncertainty, and human-factor risks. By taking a holistic approach and leveraging data-driven insights, banks can develop comprehensive resilience strategies that ensure their long-term success.

The Road to Sustainable Resilience: A Call to Action

To thrive in today's dynamic environment, banks need a proactive approach to operational resilience. A connected, continuous, and technology-driven approach to risk management empowers banks to not only stay ahead of the curve but also foster a culture of resilience that drives sustainable growth. Banks can start by conducting thorough vulnerability assessments to identify potential weaknesses, prioritizing employee training programs to build a culture of awareness, and piloting scenario testing exercises to refine their incident response plans. Failure to prioritize operational resilience can leave core business functions vulnerable during cyberattacks, insider threats, geopolitical events, or pandemics. By building resilience, banks gain real-time visibility into processes and critical assets, enabling better preparation through enterprise-wide plans and responses. 

This blog was initially featured as an article on Nasdaq, Inc. Read the original version here. 

Find out more about MetricStream Operational Resilience Management. Request a personalized demo now.

Prasad MetricStream

Prasad Sabbineni Co-Chief Executive Officer

Prasad Sabbineni serves as the Co-Chief Executive Officer at MetricStream. As the head of products and engineering, Prasad leads our product vision and execution of our market leading GRC products.

Prior to joining MetricStream, Prasad was a Managing Director at Citigroup. He oversaw technology for enterprise functions of Risk Management, Finance, HR, Data, Information Security, Compliance Risk, Internal Audit, Enterprise Supply Chain and Third-Party Management. He was the senior technology executive responsible for implementing regulatory initiatives, such as Basel, CCAR, CLAR, BCBS 239, Volcker, Recovery and Resolution Planning at Citigroup. Prior, Prasad led technology for Market Risk, Credit Risk, Prime Services Risk, Portfolio Risk Margin, and Operational Risk functions at Lehman Brothers. Preceding Lehman, Prasad rolled out derivative trading systems globally and as a Risk Manager, he was also responsible for managing market risk of fixed income and equity derivatives at Bear Stearns.