[MTE] [Sep 2024 Q&A] Questions Asked and Answered During MTE From Implementation of Operational Resilience: Global Pains and Learnings

Operational resilience is critical to modern business, especially in the financial sector. It involves an organization's ability to maintain essential functions and services during and after a disruptive event.

This is a summary of questions asked by the webinar participants. Given time constraints, Dr Goh Moh Heng provided the answers.

This blog post provides insights from an expert Q&A session on operational resilience, focusing on common challenges and practical implementation strategies.

In the subsequent two postings, we will summarise the speaker's presentation.

Summary: Key Takeaways from the Q&A Session

Navigating Operational Resilience: Key Takeaways from an Expert Q&A

Misconceptions and Clarifications

• Operational Resilience vs Business Continuity Management (BCM). While BCM is a component of operational resilience, the broader scope encompasses cyber resilience, third-party risk management, and incident response.
  
  
• The Role of Technology. Technology is crucial in enabling operational resilience but is not the sole solution. Human factors, processes, and governance are equally important.

Mapping Critical Dependencies

•  Identify Critical Business Services (CBS) and map all essential processes that deliver value to customers and the market.
  
  
• Analyse Dependencies. Understand the interconnectedness between CBS and supporting functions, such as IT, data, personnel, sourcing, and facilities.
  
  
• Prioritise Risks. Assess the potential impact of disruptions on each dependency and prioritise accordingly.

Scenario Testing

• Develop Realistic Scenarios. Consider natural disasters, cyberattacks, and economic downturns to create severe but plausible scenarios.
  
  
• Utilise Diverse Testing Methods. To test resilience, combine tabletop exercises, live simulations, and self-assessments.
  
  
• Focus on High-Risk Dependencies. Prioritise testing scenarios that involve critical dependencies identified through mapping.

Governance and Roles

• Clear Roles and Responsibilities. Establish clear roles and responsibilities for operational resilience across the organisation's different levels.
  
  
• Collaborative Approach. Foster collaboration among IT, risk management, compliance, and business operations departments.
  
  
• Centralised Oversight. Implement a centralised steering committee to provide guidance and ensure consistency.

Third-Party Management

• Contingency Planning. Develop contingency plans for disruptions to critical third-party services.
  
  
• Diversification. Consider diversifying suppliers to reduce dependence on any single provider.
  
  
• Contractual Obligations. Include operational resilience clauses in contracts with third parties to ensure their alignment with your organisation's goals.

Additional Takeaways

• Standardisation vs. Customisation. Balance global guidelines with local regulatory and cultural adaptations to achieve a tailored approach.
  
  
• Continuous Learning. Operational resilience is an ongoing process that requires regular reviews, adjustments, and learning from incidents.
  
  
• Regulatory Landscape. Stay updated on evolving regulatory requirements and best practices in operational resilience.

Conclusion

Building a robust operational resilience framework requires a comprehensive approach that addresses each organisation's unique challenges.

By understanding the key factors, implementing effective strategies, and fostering a culture of resilience, financial institutions can enhance their ability to withstand disruptions and deliver critical services to their clients.

Contact Dr Goh Moh Heng if you have any questions.

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

They are the [OR-3] OR-300 Operational Resilience Implementer course and the [OR-5] OR-5000 Operational Resilience Expert Implementer.

	If you have any questions, click to contact us.