Regulatory Requirement for Operational Resilience

Written by Moh Heng Goh | Jun 10, 2022 11:03:52 AM

Changing Regulatory Attention to Operational Resilience

Operational resilience has been a priority for the regulatory community for years. Today, the regulatory focus is on how effectively financial service institutions (FSIs) can prevent incidents and how FSIs can recover from them in the shortest possible time.

The respective authorities are setting requirements and expectations for financial institutions (FIs) to identify their critical or important business services by considering how disrupting their services can impact their consumers, the industry, and the overall economy.

Regulatory authorities expect organizations such as the FSIs to understand their vulnerabilities and invest in protecting the end-users and themselves, their consumers, and the market to preserve the public's interest and retain continuity of supply of products and services, even during operational disruptions.

Regulatory and Governance Requirements

These are some of the regulations published and are being circulated now. Please click the icon on the right for the latest copy of the regulatory requirement. However, if it is dated, please click the URL for the regulator and search for "Operational Resilience".

International Regulators

Basel Committee on Banking Supervision (BCBS) Principles for Operational Resilience Latest: https://www.bis.org/bcbs/publ/d516.htm Revision: https://www.bis.org/bcbs/publ/d515.pdf Website: https://www.bis.org/ and search for "Operational Resilience" for the latest update
Bank of England Operational Resilience: Statement of Policy Website: https://www.bankofengland.co.uk/prudential-regulation/publication/2021/march/operational-resilience-sop Operational Resilience published by Prudential Regulation Authority (PRA) Access https://www.bankofengland.co.uk/ and search for "Operational Resilience" for the latest update Website: https://www.bankofengland.co.uk/prudential-regulation and search for "Operational Resilience" for the latest update
Financial Conduct Authority (FCA) PS21/3 Building operational resilience Website: https://www.fca.org.uk/publications/policy-statements/ps21-3-building-operational-resilience Website: https://www.fca.org.uk/ and search for "Operational Resilience" for the latest update
Central Bank of Ireland Cross-Industry Guidance on Operational Resilience Website: https://www.centralbank.ie/financial-system/operational-resilience-and-cyber/operational-resilience Website: https://www.centralbank.ie and search for "Operational Resilience" for the latest update
International Organization of Securities Commissions (IOSCO) IOSCO consults on lessons learned from the operational resilience of trading venues and market intermediaries during the pandemic Website: https://www.iosco.org/news/pdf/IOSCONEWS631.pdf https://www.iosco.org/library/pubdocs/pdf/IOSCOPD694.pdf Proceed to https://www.iosco.org and search for "operational resilience" for the latest report published.
European Commission Digital Operational Resilience Act (DORA) The European Commission published a draft DORA report on 24 September 2020 Website: https://ec.europa.eu/info/sites/default/files/business_economy_euro/banking_and_finance/200924-presentation-proposal-digital-operational-resilience_en.pdf This is related to regulatory documentation. The Digital Operations Resilience Act, or DORA, is the European Union’s attempt to streamline the third-party risk management process across FSIs. Digital operational resilience for the financial sector https://data.consilium.europa.eu/doc/document/PE-41-2022-INIT/en/pdf
Federal Reserve System (FED) SR 20-24: Interagency Paper on Sound Practices to Strengthen Operational Resilience November 2020 Website: https://www.federalreserve.gov/supervisionreg/srletters/SR2024.htm Website: https://www.federalreserve.gov/econres/notes/feds-notes/an-approach-to-quantifying-operational-resilience-concepts-20220701.htm Website: https://www.federalreserve.gov and search for "Operational Resilience" for the latest update Website: https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/e21-dft.aspx
Australian Prudential Regulation Authority COVID-19: A real-world Test of operational resilience Website: https://www.apra.gov.au/covid-19-a-real-world-test-of-operational-resilience Prudential Standard CPS 230 Operational Risk Management (Draft) Website: https://www.apra.gov.au/sites/default/files/2022-07/Draft%20Prudential%20Standard%20CPS%20230%20Operational%20Risk%20Management.pdf Website: https://www.apra.gov.au and search for "Operational Resilience" for the latest update

Asian Regulators

Hong Kong Monetary Authority (31 May 2022)

Supervisory Policy Manual (SPM): OR-2 on “Operational Resilience”
Website: https://www.hkma.gov.hk/media/eng/doc/key-functions/banking-stability/supervisory-policy-manual/OR-2.pdf
Objective: To set out the HKMA’s supervisory approach to operational resilience
and provide AIs with guidance on the general principles which they are
expected to consider when developing their operational resilience
framework.

Monetary Authority of Singapore (6 June 2022)

Guidelines on Business Continuity Management
Website: https://www.mas.gov.sg/regulation/guidelines/guidelines-on-business-continuity-management
Website: https://www.mas.gov.sg/-/media/MAS/Regulations-and-Financial-Stability/Regulatory-and-Supervisory-Framework/Risk-Management/BCM-Guidelines/BCM-Guidelines-June-2022.pdf
Click the links above and not the icon. Click the right icon and search "Business Continuity Management" for the latest update.

Objective: The Guidelines on Business Continuity Management (BCM) set out the need for financial institutions to take an end-to-end service-centric view in ensuring the continuous delivery of critical business services to their customers.

Financial Services Agency, The Japanese Government JFSA

Basic Approach to Ensuring Operational Resilience (Draft) 16 Dec 2022
Website: https://www.fsa.go.jp/news/r4/ginkou/20221216.html

Operational Resilience and Operational Risk Management - Draft guideline (2023)

OSFI (Canada) views operational resilience as an important objective of operational risk management and believes that operational resilience encompasses several risk management practices and capabilities; these include articulating risk appetite and setting risk tolerances for operational risk; identifying and analyzing critical operations, interconnections, and interdependencies; using scenarios and testing to assess resilience capabilities; and preventing, responding, adapting, recovering and learning from operational disruptions.
Website: https://www.osfi-bsif.gc.ca/en/guidance/guidance-library/operational-resilience-operational-risk-management-draft-guideline-2023

More Information About Blended Learning OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.



	If you have any questions, click to contact us.

View full post