Operational Resilience assumes that things will go wrong, and it will force organizations to plan on how to recover from the disruption. It is a mindset shift. Rather than trying and controlling disruptions, the approach is to assume disruptions will happen and plan accordingly on how to recover and comeback to normalcy from that state. Rather than just focusing on internal factors as to what could happen to the firm, it takes a wider view as to the impact on the eco system viz. market reputation, counter party, vendors, customers etc.
Operational Resilience – Need of the hour
During this pandemic, firms were tested for their business continuity plans and hit by number of roadblocks like:
- unable to implement the disaster recovery plans,
- lack of availability of technology for employees,
- lack of control on third party outsourcing services,
- increased cybercrime, and threats.
Taking the learnings from COVID-19, regulators and institutions are looking at implementing a robust and sustainable operational resilience programs.
The pandemic has also forced firms to change the way they operate and manage teams and services. Embracing remote working and digital tools, such as video conferencing, cloud computing etc. are need of the hour and critical for making this new age working possible. However, this extensive use of technology also brings with them their vulnerabilities. To counter these firms are implementing risk detection technologies, real time alerts, accountability, and responsibility in the hands of responsible personnel, evaluating potential risks etc.
Regulatory Push for Operational Resilience
At a time when everything is going digital, regulators are laying lot of emphasis on operational resilience. In the days to come operational resilience will be a key pillar of financial regulations and governance boards will look at sharing knowledge and disseminate information to help markets in building best practices in this area.
The Basel Committee defines operational risk in Basel II and Basel III as:
“The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”. So, the focus is to quantify the impact due to these potential risks. This definition includes legal risk but excludes strategic and reputational risk.
However, “Operational Resilience refers to the ability of firms, FMIs and the sector as a whole to prevent, respond to, recover and learn from operational disruptions” – The UK’s Prudential Regulatory Authority.
What is Operational Resilience?
The Basel Committee defines operational resilience as the ability of a bank to deliver critical operations through disruption. This ability enables a bank to identify and protect itself from threats and potential failures, respond and adapt to, as well as recover and learn from disruptive events to minimize their impact on the delivery of critical operations through disruption.
The FCA, PRA and Bank of England released their final rules on operational resilience in March 2021.
Though firms may look at this as an additional cost burden to comply with, this should not be looked at as a pure regulatory burden, rather be seen as an opportunity to strengthen the operations.
Firms should also look at operational resilience as a business opportunity to
- Enhance Customer trust & loyalty.
- Control operational risks and costs due to disruptions
- Introduce new digital services.
- Innovative Customer servicing
The Capco Institute Journal of Financial Transformation, Bovill Resilience or Longevity, Deloitte, KPMG and PWC report on Operation resilience, Simmons & Simmons, PRA- Operational Resilience , Basel committee on Banking supervision