Powering Your Operational Resilience Journey With an Integrated Risk Management ApproachRisk Management | 3 Min Read |04 August 21|by Charles Nicholls
The regulatory focus on operational resilience, particularly of financial services institutions, has intensified in the post-pandemic world. Central banks and other regulatory authorities are increasingly publishing guidance and policies to help financial firms navigate these untested waters and recover quickly from any operational disruption.
Regulatory Guidance and Initiatives
In March 2021, the Basel Committee published “Principles for operational resilience” to promote a principles-based approach to improving operational resilience. The committee said that the principles aim to “strengthen banks’ ability to withstand operational risk-related events that could cause significant operational failures or wide-scale disruptions in financial markets, such as pandemics, cyber incidents, technology failures or natural disasters.”
In the U.S., federal bank regulatory agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC), released a paper in October 2020 outlining sound practices for large banks to help them enhance operational resilience.
In the European Union, the draft legislation, Digital Operational Resilience Act (DORA), was published in 2020. The objective is to ensure that all participants in the financial system have the necessary safeguards in place to mitigate cyberattacks and other risks.
In the UK, the Bank of England (BoE), the Financial Conduct Authority (FCA), and the Prudential Regulation Authority (PRA) published a joint discussion paper on Operational Resilience in 2018 followed by a joint consultation paper in 2019 with the primary objective of promoting the operational resilience of firms and financial market infrastructures (FMIs). Similar efforts are being made by regulators in other jurisdictions, including the Monetary Authority of Singapore (MAS), Hong Kong Monetary Authority (HKMA), and others.
The heightened regulatory focus, however, is not surprising given the paradigm shift in the business environment spurred by the pandemic. Organizations today have to operate in an extremely unsettled business environment and withstand cyberattacks, supply chain disruptions, third-party risks, geopolitical upheaval, and many other risks on a daily basis.
[Read more: Top 5 Operational Resilience Challenges in the Post-Pandemic Era (eBook)]
Operational Resilience: Key Considerations
Last year, I wrote this paper based on the focus of the BoE & FCA joint consultation paper and the Institute of Risk Management’s Innovation Special Interest Group focus on this topic of operational resilience. Given the continued market focus on this subject, I have looked to revisit this subject and present prevailing views from across the industry in a new eBook.
I simply look to explore what achieving resilience really means in practice and how financial firms can gain a view and report to the board, investors, and regulators in an agile and meaningful fashion to attest to their “State of Operational Resilience”. Here are some key considerations for organizations:
- Adopting a robust operational risk management program with fully integrated loss/risk event management, which in turn fully integrates with an organization’s business impact assessments from their business continuity management system.
- Proactively planning crisis responses, periodically testing recovery procedures, and enabling rapid recovery from disruptive incidents affecting business operations.
- Improving the quality and assurance around supply chain, including setting up cadence for review of critical suppliers.
- Aligning business processes, associated risks, controls, assets, and policies together on an integrated platform for enhancing risk visibility and improving the understanding of interdependencies.
- Ensuring effective management of data to uphold data quality and integrity
I believe that to be able to readily view the enterprise status of operational resilience, organizations need to focus on people, processes, systems, and data. To pull these effectively together, they need a simplified clear vision and adaptable risk and controls framework that can adapt and change with innovation and ever-changing regulations and standards pulled together across all three lines on a powerful integrated risk management platform.
Implementing an integrated risk program can help organizations in their pursuit of achieving operational resilience. A technology-driven, integrated risk management program that spans the organization across multiple functions and regions, products, and segments will help aggregate to a single source of truth.
MetricStream Integrated Risk Management empowers organizations to manage both current and emerging risks across geopolitical, digital, strategic, third-party, cybersecurity, and compliance areas. The solution helps to unify risk management activities across all business functions, align assurance programs, and gain comprehensive visibility into both risk exposure and relationships. By providing deeper visibility and understanding of risk inter-linkages and their impact on business performance, Integrated Risk Management Solution strengthens resilience, enhances agility, and empowers risk-aware decision making.
To download the eBook, click here.