Lyndon Nelson of BoE on Ensuring Operational Resilience in Cyber Era
Lyndon Nelson, Deputy CEO and Executive Director, Regulatory Operations and Supervisory Risk Specialists, spoke in London about the ongoing work to ensure operational resilience in the financial services sector in UK, particularly in the face of increasing cyber threats. BoE expects to publish a discussion paper on operational resilience, which would contain recommendations for both the industry and regulators.
In his speech, Mr. Nelson highlights the importance of a strong collaboration when it comes to building resilience in the financial sector. He mentioned that, last year, the UK authorities had issued a discussion paper, setting out an ambitious and innovative outcome-based approach to enhancing operational resilience of the UK finance sector. At a policy level, the paper set out that firms should assume that operational disruption would occur and plan accordingly. The paper has received very positive feedback from industry and globally, particularly its outcome-based approach and the concept of impact tolerance but it also raised issues that require clarification, most notably the family tree of operational risk, operational resilience, operational continuity in resolution, and a number of other terms. The UK authorities will respond to this and other questions in the Autumn. He also mentioned that the discussion paper is a joint document from different authorities such as the Financial Policy Committee, FCA, BoE's Financial Market Infrastructure supervisors, and PRA. This reflects how highly prized BoE considers collaboration to be in this area.
Next, he offered an overview of the activities of the Cross-Market Operational Resilience Group (CMORG), which was historically chaired exclusively by BoE, but has now been re-shaped with the introduction of a co-chair structure—"I now co-chair with UK Finance." said Mr. Nelson. The most visible of CMORG’s activities is to support a regular cross-sector operational exercise program, which helps industry and authorities alike understand our operational capabilities when things go wrong and build capabilities to address these before they do. In addressing the threat from Cyber, BoE welcomes the announcement by UK Finance of the formation of the Financial Sector Cyber Collaboration Center, which promises to bring a step change to industry collaboration and, therefore, defensive capabilities on cyber. This is a great example of where firms can address risks that are unmanageable by firms individually by tackling the problem for the broader public good. There is still room for industry to go further. The last sector exercise identified a number of areas that lend themselves to this approach and a report will be released shortly about these. However, the key points are:
- Developing ideas on how to protect systems and data more robustly against both accidental and deliberate damage
- Balancing system availability with protecting data integrity during periods of operational stress
- How to secure data against permanent loss, so that we can absolutely guarantee data integrity and availability
- How to resume key services safely when disruptions have occurred, without losing data, damaging integrity, or causing contagion into the wider financial system
Mr. Nelson said that these are all complex issues, which neither regulator nor firms can fix in isolation, but they do define the key operational disruptions scenarios for which better solutions are needed compared to those we have today. He concluded, that, in the next ten to twenty years, there is an opportunity to add to the many advantages of the UK by making it one of the most operationally resilient locations anywhere in the world. "Imagine being able to justifiably claim that even with operational disruption payments can be made and business can still be conducted after only a short delay. As a central bank and a regulator we are ready to take up the challenge."
Related Link: Speech
Keywords: Europe, UK, Banking, Cyber Risk, Operational Resilience, Cyber Testing, International Cooperation, CMORG, Operational Risk, PRA, BoE
Previous Article
EBA Report on MREL Shows Progress in Resolution PlanningRelated Articles
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
ECB to Expand Climate Change Work in 2024-2025
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.