Operational resilience – what you need to know

Lucy Hilton Date published: Apr 26, 23

Operational resilience has become an area of increasing focus in recent years, particularly in the financial services sector, and rightfully so. The financial sector is interconnected and interdependent. Operational disruption in one area of the market can threaten other areas and cause huge market turmoil. It is therefore of no surprise that it is vital for consumers, firms, and financial markets to remain resilient to avoid financial failures and to protect market integrity.

What’s the big deal?

Following the 2008 financial crisis, we saw reforms to bank frameworks and structural changes that address and strengthen financial resilience. These changes, however, did not address operational resilience. In 2021, the Basel Committee on Banking Supervision (BCBS) noted that action was needed to strengthen financial firms’ ability to absorb operational risk-related events, such as pandemics, cyber-attacks, and technology failures.

The war in Ukraine is a clear example of the importance of investment in operational resilience strategies. The sudden geopolitical uncertainty brought on by the war triggered sudden policy responses, including sanctions imposed on Russia, escalated commodity prices, and influenced energy market and infrastructure stress, all of which contributed to increased volatility and risk aversion. This was magnified by the demand and supply chain disruptions brought on by the post-COVID-19 environment.

The layers upon layers of disruptions over the past few years have persistently kept operational resilience near the top of the agenda in all sectors, particularly in the financial sector. But are all financial firms confident in their operational resilience?
Credit Suisse bank collapsed in March 2023 after a colourful history of errors and scandals, eventually destroying the bank’s market confidence. Silicon Valley Bank collapsed in the same month after a poor risk management strategy left the bank with insufficient funds to meet the needs of their clients. Operational resilience may seem like a buzz word, but without it, organisations can crumble.

What are firms obligated to do?

The UK introduced a new operational resilience framework which took effect in March 2022. Under this new regime, firms and FMIs must identify their important business services, set impact tolerances for each service, and ensure they are able to deliver on each service and remain within the impact tolerance during severe (but plausible) scenarios. Another statutory framework has been proposed in the Financial Services and Markets Bill 2022-23 to manage systemic risks raised by critical third parties (CTPs).

In the EU, the Digital Operational Resilience Act (DORA) was adopted by the European Parliament in 2022 and is expected to come into force early 2025. Similarly to the UK, DORA aims to improve the operational resilience of financial institutions. It will require financial institutions to have a fully comprehensive ICT risk management framework and to assess risks relating to third-party services.

The US federal banking regulators have sought to identify and consolidate existing guidance, known as “Sound Practices to Strengthen Operational Resilience”, that can be used to form an operational resilience framework for the banking organisations that are deemed systemically important. While US regulators do not currently have a specific operational resilience framework that is similar to the UK, the fundamental provisions within the UK regime are addressed in existing US regimes that govern business continuity and resolution planning.

Next steps for financial firms

Financial firms need to take a proactive and comprehensive approach to operational resilience, continuously assessing their risks and implementing measures to prevent, detect, and respond to potential disruptions.

Learn more about how to become more operationally resilient

To find out how to put learnings into practice and become more operationally resilient, read our e-book.

Read the e-book