In today’s increasingly unpredictable world, operational resilience has become a pivotal focus for organisations globally. This is especially pertinent for financial institutions, which are compelled to adhere to a plethora of regulatory requirements designed to ensure they can endure and recover from a variety of disruptions. As these regulations continue to develop, there is a pressing necessity for a new standard of operational resilience to help navigate the intricate and often conflicting landscape in which financial entities operate.
The regulatory framework surrounding operational resilience is both diverse and ever-changing. In the United Kingdom, the Bank of England, the Financial Conduct Authority (FCA), and the Prudential Regulation Authority (PRA) have been proactive in establishing comprehensive standards. These guidelines require firms to pinpoint critical business services and set impact tolerances, aiming to ensure financial institutions remain functional during disruptions, thereby safeguarding consumers and the broader financial system.
Internationally, the Basel Committee on Banking Supervision has promulgated its “Principles for Operational Resilience,” advocating for a principles-based approach to risk management. This framework mandates banks to delineate interconnections and dependencies, manage third-party risks, and maintain robust cybersecurity measures. The principles are crafted to align with the Basel III operational risk framework, highlighting the necessity for a cohesive strategy across disparate regulatory standards. In Canada, the E-21 Operational Risk Management Guidelines are under review to place greater emphasis on operational resilience. Meanwhile, in the United States, the Federal Reserve has issued guidance encouraging the adoption of sound practices and industry standards, albeit without imposing direct regulations.
Organisations operating across multiple jurisdictions face the formidable challenge of reconciling these diverse regulatory requirements. The European Union’s Digital Operational Resilience Act (DORA) seeks to standardise practices among member states, focusing on governance, third-party risk, and incident reporting. However, the implementation of DORA and analogous regulations elsewhere can lead to conflicts, as different jurisdictions may prioritise different aspects and follow distinct timelines. For example, the Central Bank of Ireland’s guidance on operational resilience underscores the necessity for organisations to map out important business services and devise action plans to address vulnerabilities. In contrast, the Australian Prudential Regulation Authority (APRA) has suggested new standards concentrating on effective internal controls and risk management, complete with an implementation action plan.
Amidst this regulatory complexity, there is an urgent need for a new standard of operational resilience—a unified framework that organisations can adopt. Such a standard would aid in harmonising the myriad requirements, enabling firms to streamline their compliance efforts and concentrate on fortifying resilience rather than getting entangled in regulatory conflicts. This new standard should integrate best practices from existing guidelines, such as those from the Monetary Authority of Singapore (MAS), which stress business continuity and technology risk management. By promoting a holistic approach that weaves together governance, technology, and cultural resilience, organisations can be better prepared to respond to disruptions.
The implementation of a unified standard of operational resilience bestows several advantages. It enhances risk management by allowing organisations to anticipate and mitigate potential issues more effectively. A coherent framework also bolsters business continuity, ensuring critical functions remain operational during disruptions. Furthermore, a standardised approach simplifies compliance with existing regulations, mitigating the risk of fines and legal liabilities. It also offers a competitive edge, as operationally resilient companies tend to outperform their peers, particularly during large-scale disruptions.
As the regulatory landscape for operational resilience continues to evolve, the establishment of a new standard becomes increasingly essential. Such a standard would assist organisations in navigating complex requirements and constructing a robust framework for resilience. By embracing a unified approach, firms can enhance their capacity to withstand disruptions and maintain critical operations, ultimately contributing to the stability of the financial system and the wider economy.
Be the first to comment