FSI published a brief that examines the operational resilience initiatives of financial-sector authorities, in response to the COVID-19 outbreak. The brief focuses on examples of business continuity guidance issued by authorities in response to COVID-19, including updates to the existing guidance and the incorporation of pandemic scenarios into testing operational resilience. The brief emphasizes that pandemics may have unique elements that financial institutions need to incorporate in the scenarios to test their operational resilience.
Supervisory discussions at the international level have recently shifted toward achieving operational resilience more broadly. BoE is the first national authority to have issued a consultation on its operational resilience expectations. BoE defines operational resilience as the ability of firms and the financial sector to prevent, adapt, respond to, recover from, and learn from operational disruptions. The objective of addressing operational resilience of financial institutions to IT outages and cyber attacks has clearly motivated the BoE consultation as well as the international supervisory discussions. However, as seen in the disruption that COVID-19 outbreak has caused in recent weeks, financial institutions need to review and ensure that their operational resilience procedures are also fit for purpose during pandemics.
As shown by the recent spate of supervisory guidance in relation to the COVID-19 outbreak, pandemics may have unique elements that financial institutions need to incorporate in the scenarios to test their operational resilience. International efforts to come up with operational resilience standards should take into account these unique elements, including the following:
- Critical or essential employees—It is important to identify the critical functions and employees who support important business services as well as to ensure employee safety. Financial institutions should ensure that employees can safely resume their duties (remotely, if necessary) so that business services can recover as quickly as possible.
- IT infrastructure—Financial institutions should ensure that their IT infrastructure can support a sharp increase in usage and take steps to safeguard information security.
- Third-party service providers—Financial institutions should ensure that their external service providers and/or critical suppliers are taking adequate measures and are sufficiently prepared for a scenario in which there will be heavy reliance on their services.
- Cyber resilience—Financial institutions’ cyber resilience processes should remain vigilant to identify and protect vulnerable systems. These processes should be able to detect and respond to cyber attacks and help an institution recover from them.
Keywords: International, Banking, Insurance, Securities, COVID-19, Business Continuity, Operational Risk, Cyber Risk, Third-Party Arrangements, Operational Resilience, BoE, BIS, FSI
BCBS Finalizes Revisions to Credit Valuation Adjustment Risk Framework
PRA published a statement to insurers that clarifies the approach to application of the matching adjustment during COVID-19 crisis.
EBA published a report on the implementation of selected COVID-19 policies within the prudential framework for banking sector.
EC launched a consultation to revise the network and information systems (NIS) Directive (2016/1148), which was adopted in July 2016 and is the first horizontal internal market instrument aimed at improving the resilience of the EU against cybersecurity risks.
PRA published a statement that outlines its view on the implications of LIBOR transition for contracts in scope of the “Contractual Recognition of Bail-In” and “Stay in Resolution” parts of the PRA Rulebook.
PRA published the policy statement PS15/20 to reflect additional resilience associated with higher macro-prudential buffers in a standard risk environment with a reduction in Pillar 2A capital requirements.
BCBS published the eighteenth progress report on implementation of the Basel III regulatory framework in member jurisdictions.
FCA announced proposals that would provide continued support for certain consumer credit products to users, who are facing a financial impact because of the exceptional circumstances arising from the COVID-19 pandemic.
ACPR published a draft version of taxonomy RAN 1.4.0_PWD1, along with the related documentation, for Solvency II reporting.
BCBS amended the guidelines on sound management of risks related to money laundering and financing of terrorism (ML/FT).