US Regulation Blog-Gieom

New Operational Resilience Regulation for Financial Institutions in United States (USA)

Vinod Menon
Head – Customer Success
Vinod Menon
Head – Customer Success

The Federal Reserve, the Central Bank of the United States in August 2021 has released a paper intended to help community banks assess threats when considering connections with financial technology (fintech) companies.

This paper came up after the European Central Bank and the UK Prudential Regulatory Authority released regulations around operational resilience earlier in 2021. The Federal Reserve understood the global and interconnected nature of banks and the importance of a supervisory coordination among banks.

Innovations in the financial services geography is changing the way products and services are offered to the customers. Community Banks are looking at enhancing business potential by entering in arrangement with fintech companies.

Still, like any other third- party association, arrangement with fintech companies also introduce risks. Assessing the benefits and threats posed by these associations is crucial to a community bank’s due diligence.


What is Due Diligence?


Due diligence is an important element of an effective third- party risk management process, as emphasized in the federal banking agencies’ individual guidance”.

During due diligence, a community bank collects and analyses information to decide whether third- party alliances would support its strategic & fiscal aims and whether the association can be executed in a secure and Well-Grounded manner, coherent with applicable legal and regulatory requirements.

The scope and depth of due diligence performed by a community bank will depend on the threat to the bank from the nature and criticality of the prospective activity. Banks may also choose to supplement or augment their due diligence works with other resources as appropriate, such as use of diligence utilities or institutions that focus on third- party oversight.

The guide covers six crucial areas of due diligence that community banks can consider when exploring arrangements with fintech companies’ business experience and qualifications, financial condition, legal and regulatory compliance, risk management and control processes, information security, and operational resilience. The aim of this write-up is to try and understand the sixth area viz. operational resilience in detail.


What is Operational Resilience and its steps for evaluation?


The ability of an enterprise to continue delivering services to consumers despite an unforeseen disturbance is known as operational resilience. The ability to forestall, respond to, recover from, and learn from operational interruptions is a crucial priority of operational resilience.

Community Bank needs to estimate the fintech company’s capability to continue operations through a disturbance.

As part of the evaluation the bank must:

  • Look at the fintech company’s processes to identify, respond to, and secure itself and its customers from threats and implicit failures, as well as recover and learn from disruptive events.
  • The continuity and adaptability planning are commensurable with the nature and criticality of activities performed for the bank.

Requirements for an operational resilient framework


A fintech should maintain the following in order to assure that the company follows an operational resilience framework

  • A business continuity, incident response and a disaster recovery plan.
  • Test results of set impact tolerance and factual recovery time and recovery point.
  • Changes in tolerance degree to accommodate new types of incidents, threats and changes in market conditions. Also recording the impact of similar events.
  • In sourced and outsourced activity of the fintech as well as the reliance of technology, on-premise or on-cloud, where data is stored, applicable laws.
  • Proper checks and balances for outsourced activities.
  • Status of insurance cover, coverage and fiscal capability.
  • Service level agreements with well-defined recovery and response times.

Recent Blog’s


Explore more

Risk Management

Key Risk Indicators -A Powerful Tool to Anticipate Your Risk Within the Enterprise

In simple terms, Key Risk Indicator (KRI) is a metric used to measure the level of exposure to risk. These are indicators that denote the …

Hongkong regulation blog| Gieom Operational Resilience
Operational Resilience

Hongkong’s Regulations for Operational Resilience

On 22nd December, 2021 HKMA (Hong Kong Monetary Authority) came up with a Supervisory Policy Manual for Operational Resilience to provide Authorized Institutions (AI) with …

Operational Resilience

Irelands’ Financial Service Sector Guidance on Operational Resilience

The Central Bank of Ireland`s objective of this guidance is to communicate to industry how to prepare for, respond to and recover and learn from …

Operational Resilience

Process Mapping is an important step in building an Operational Resilience Framework

The Covid -19 pandemic has clearly shown two trends within firms: The intensified use of technology and Operations can be managed through digital work force …

Game-based Learning

What is Game-Based Employee Onboarding? Tips and tricks to implement the right gamification strategy

Learning begins with joining. Effective Onboarding contributes to a newbie commencing with confidence, feeling supported, and acclimatizing much sooner. Conversely, employees who spend weeks and …

Digital Transformation

Strategies for Improving Banks’ Operating Efficiency

Banks occupy a place of pride because of its structure of undivided attention and contemporary functions. They have come an extended way from merely performing …

Digital Identity

Get started with Digital Identity Verification

In a growing interconnected digital economy, identity verification of an individual’s real-world identity against their digital one has become ever critical in fraud detection. The …

Operational Resilience

Growing Importance of Operational Resilience in the Digital Era

Operational Resilience assumes that things will go wrong, and it will force organizations to plan on how to recover from the disruption. It is a …

Digital Identity

Why are organizations jumping onto the AI-enabled Identity verification bandwagon?

Who has not experienced being asked to show some kind of government ID, be it to receive your courier, or check into a hotel, or …

Digital Identity

What is Identity Proofing?

As per the Digital Identity Guidelines published by NIST, a US agency, Identity Proofing is verifying the claimed identity of an applicant by authenticating the …

Digital Identity

New Amendment to KYC Regulation by RBI – 10th May, 2021

In Jan 2020, Reserve Bank of India amended the KYC norms allowing banks and other lending institutions to use Video based Customer Identification Process (VCIP) …

Digital Transformation

5 Steps to a Successful Execution of a Digital Transformation Project

Digital Transformation is bringing about a radical shift in the way you run your business, deliver services or manage your customers. The objective of digital …