Current work to improve resilience focuses on being prepared for the unexpected as well as looking at the impact your business has on those around you. This is particularly important where firms operate internationally. Complex supply chains including group services and third parties increase the need for boards to understand and manage their risks effectively.
Facilitating resilience in an international environment:
In August 2020 the Basel Committee for Banking Supervision (BCBS) issued its proposals to strengthen the global banking infrastructure. Its objective being to:
Effective management of operational risks results in creating a resilient framework. However operational resilience is more than implementing a risk management framework. Creating a resilient business relies on the coordination of several elements. We see various international bodies setting standards for adoption including the BCBS and International Organization of Securities Commissions (IOSCO).
BCBS’s Principles for Operational Resilience focus on the following areas:
- Governance
- Operational risk management
- Business continuity planning and testing
- Mapping interconnections and interdependencies
- Third-party dependency management
- Incident management
- Resilient cyber security and ICT
It’s important to note that these areas of focus are not new standards. Regardless of jurisdiction, most banks and other regulated firms will have processes and controls in place to support these principles. It’s the improvement and coordination of these elements that will help create a resilient framework. The regulatory messages are that firms need to be able to identify threats and protect themselves from potential failures. Assuming disruptions will occur, firms need to consider their vulnerabilities and plan for disruption.
BCBS recommends building upon existing practices to address risks from increased reliance on technologies, remote working and increased risk from cyber-attacks. It also encourages firms operating internationally to coordinate efforts and seek harmonisation.
Aside from looking at supporting resources (or assets) there is a need to identify any critical shared services. This means looking at third parties where a failure could lead to the disruption of services such as: third party administrators, payments, custody arrangements, lending and deposit taking activities. In 2008, failures in financial services had a huge impact globally. Since then, the sector has developed rapidly and requires even greater coordination of regulatory efforts to maintain financial stability.
IOSCO also published a report in May 2021. This particular report focused on business continuity planning and requirements for trading venues and intermediaries. Emphasising the need for firms to focus on:
- Identifying all outsourcing arrangements & risks posed by such third parties and
- Improving governance arrangements.
This requires firms to understand outsourcing processes and their weaknesses, identify cut off points in a service and have an agreed action plan. Improved governance means boards receive more information to increase awareness of identified risks. It also means that where there are material changes to services, processes or new third party arrangements, this should trigger a review of risk frameworks, controls and continuity plans. Leading to board review and sign off of appropriate mitigants.
Supporting this process of identification and assessment, firms need strong relationships with its service providers. Speedy, accurate and reliable information needs to be fed to senior management and boards to enable oversight and inform decision-making. Collating information over time enables firms to identify trends and potential red flags. This enables faster action as the business will have developed an action plan to implement when a severe disruption occurs.
How Ruleguard can help you:
Get in touch with the Ruleguard team to learn more.
Tel: 020 3965 2166 or hello@ruleguard.com
Webinars
Ruleguard hosts regular webinars on a variety of themes including Operational Resilience. To be added to our mailing list click here.
Further resources:
See our blog page for further articles or contact us via: hello@ruleguard.com
Visit our website to find out more about how Ruleguard can help.
Contact the author
Head of Client Regulation| Ruleguard