Resilience has become an area of increasing focus across a wide range of industry sectors. After the financial crisis in 2008, regulators around the globe concentrated the reform agenda almost exclusively on financial aspects, leaving operational elements as a secondary consideration.
Since 2020 and accelerated by the COVID-19 pandemic, regulators have started to drive change focusing on improving the framework pertaining to operational risk and the interdependencies across market participants, its supply chain and new emerging risks.
Internationally, there is general alignment in principles and key areas between the various Operational Resilience frameworks, as each country or region defined their own path and implementation roadmap. Since the introduction of the regulation, TORI has been supporting financial service clients and networks to coordinate the different change programmes in order to define and unify a global fit-for-purpose Operational Resilience Framework to allow them to navigate this regulatory business challenge.
As indicated in the table above, Regulators understand the complexity of these changes, so they have established an implementation period of between 24 and 36 months.
Despite the focus (customer-centric versus business-centric), almost all elements of the regulation are principle-based, giving some flexibility to organisations to interpret and incorporate all necessary adjustments around their own Operating Model, technology structure and risk appetite.
Another two critical aspects in common across all regulations are the relevance of Information and Communications & Technology (ICT) Risk including Cyber Security and the dependencies with third-party suppliers as core resilience pillars.
As we stated in our Regulatory Radar 2023, Cyber Security and Supply Chain Risk are at the top of the priority list for the C-Suite, forcing senior management to adopt a more proactive and dynamic approach and to promote actions to de-risk operations to reduce the potential “knockout” impact caused by a potential failure in the value chain.
Resilience is not just a noun, but a sum of a series of actions. The time for embeddedness is now. Regardless of where your organisation is based around the world, how simple or complex, the type of services that it provides or the operating model, there is a clear call to action to immediately address these challenges in order to safeguard and protect the integrity of the business in times of market volatility and turbulence.
How TORI Can Help
TORI is actively supporting financial institutions on their journey towards building Operational Resilience assisting them with:
- Identifying their level of maturity through consideration of regulatory requirements and best practices
- Designing and developing ad-hoc Ops Res Frameworks
- Reviewing and performing independent supplier assessments
- Establishing proactive approaches to managing risks more effectively
- Testing resilience through Business Continuity Planning, Cyber Security Testing, and Event Scenarios