Operational Resilience, BCP2.0 or A Paradigm Shift in Risk Management
capitalmarketsciooutlook

Operational Resilience, BCP2.0 or A Paradigm Shift in Risk Management

By James Ross, Head of Regulatory Developments EMEA, Columbia Threadneedle Investments

James Ross, Head of Regulatory Developments EMEA, Columbia Threadneedle Investments

In 2018, the Bank of England and the FCA published a discussion paper setting out their expectations that financial institutions and financial market infrastructures (FMIs) should become more ‘operationally resilient.’ There is currently no accepted definition of operational resilience, it is however expected to comprise of the following key elements:

A focus on continuity of service provision over systems and processes. Business services are defined as ‘products and services that an institution or FMI provides to its customers. These will vary by institutions or FMI, but examples could include the delivery and management of particular loan or insurance products.’

"Operational resilience will be put at the forefront of the regulatory agenda, and at a minimum this will be a ‘step change’ in any approach to business continuity"

The development and board approval of new ‘impact tolerances.’ This describe firms’ and FMIs’ tolerance for disruption, under the assumption that disruption to a particular business service will occur. Impact tolerance is expressed by reference to specific outcomes and metrics. Such metrics could include the maximum tolerable duration or volume of disruption, the criticality of ensuring data integrity or the number of customers affected. Impact tolerances are different from risk appetite, in the sense that they presume that a particular risk has crystallized, but they will inform the risk appetite of a firm or FMI’s board and senior management.

As highlighted above, an automatic presumption of the inevitability of failure in any scenario planning. This approach removes probability from risk scenarios and requires planning for extreme events.

An emphasis on the speed and effectiveness of communications with those impacted as an important part of institutions overall response.

A supervisory focus on boards and senior management oversight of resilience of business services.

According to the discussion paper, implementing operational resilience is likely to require actions from institutions including:

Production of clear communication plans, escalation paths and identified decision makers.

Production of communication plans for customers other market participants and supervisory authorities.

Ensuring a detailed knowledge of systems and processes substitutable during any disruption. 

Tested plans ensuring continuity of business services when disruptions occurs (the presumption of failure).

A comprehensive understanding and mapping of systems and processes, including outsourced activities and intra group entities globally.

Knowledge of how systems and process impacts provision of key business services.

A clear understanding of the most important business service or services.

The discussion paper does provide a useful framework for institutions to consider as part of the delivery of the above actions. In summary:

Identify: The most important business services and how much disruption could be tolerated in what circumstances.

Map: The systems and processes that support these business services.

Assess: How the failure of an individual system or process could impact the business service.

Test: Using scenarios and by learning from experience, that resilience meets the firm’s tolerance.

Invest: In ability to respond and recover from disruptions through having appropriate systems, oversight and training.

Communicate: Timely information to internal stakeholders, supervisory authorities, customers, counterparties and other market participants.

The discussion paper also highlights some useful guidance on supervisory expectations which includes:

Preparation: Can institutions identify and focus on the continuity of the most important business services, set impact tolerances and demonstrate ‘substitutability.’

Recovery: Do institutions assume disruptions will occur, developed processes and practices in the event of shocks in order to preserve continuity of service.

Communications: Do institutions have strategies for communicating with their internal and external stakeholders.

Governance: Do Boards and senior management demonstrate their role in oversight of operational resilience.

What is clear for institutions and FMI’s in 2020, is that operational resilience will be put at the forefront of the regulatory agenda, and at a minimum this will be a ‘step change’ in any approach to business continuity, if not a paradigm shift in institutions and FMI’s approach to enterprise risk management.

 

Weekly Brief

Read Also

How Fintech is Capitalizing on Machine Learning

How Fintech is Capitalizing on Machine Learning

Levi Lewis, Vice President of Product Strategy, Lendio
Fintech and Enhancing Transparency- The Evolution of ALFA

Fintech and Enhancing Transparency- The Evolution of ALFA

James Wallin, SVP, Fixed Income, AllianceBernstein Tim Morbelli, SVP, Emerging Markets, & Credit Derivative Trading, AllianceBernstein
New Politics Present a New World for Fintech Innovation

New Politics Present a New World for Fintech Innovation

Ralph Achkar, Director of Strategic Alliances, Capital Markets, Colt Technology Services
Compete or Partner-Banks See Rise of FinTech Solutions

Compete or Partner-Banks See Rise of FinTech Solutions

Christopher Kennedy, VP-Quantitative Finance Manager, BankUnited [NYSE:BKU]
The Rise of Fintech for Investment Management

The Rise of Fintech for Investment Management

Giorgio Carlino, Chief Investment Officer, Multi Asset US, Allianz Global Investors
New Alliances will Drive FinTech Innovation

New Alliances will Drive FinTech Innovation

Sheri Rhodes, Chief Technology Officer, Western Union