Lyndon Nelson, Deputy CEO and Executive Director, Regulatory Operations and Supervisory Risk Specialists, spoke in London about the ongoing work to ensure operational resilience in the financial services sector in UK, particularly in the face of increasing cyber threats. BoE expects to publish a discussion paper on operational resilience, which would contain recommendations for both the industry and regulators.
In his speech, Mr. Nelson highlights the importance of a strong collaboration when it comes to building resilience in the financial sector. He mentioned that, last year, the UK authorities had issued a discussion paper, setting out an ambitious and innovative outcome-based approach to enhancing operational resilience of the UK finance sector. At a policy level, the paper set out that firms should assume that operational disruption would occur and plan accordingly. The paper has received very positive feedback from industry and globally, particularly its outcome-based approach and the concept of impact tolerance but it also raised issues that require clarification, most notably the family tree of operational risk, operational resilience, operational continuity in resolution, and a number of other terms. The UK authorities will respond to this and other questions in the Autumn. He also mentioned that the discussion paper is a joint document from different authorities such as the Financial Policy Committee, FCA, BoE's Financial Market Infrastructure supervisors, and PRA. This reflects how highly prized BoE considers collaboration to be in this area.
Next, he offered an overview of the activities of the Cross-Market Operational Resilience Group (CMORG), which was historically chaired exclusively by BoE, but has now been re-shaped with the introduction of a co-chair structure—"I now co-chair with UK Finance." said Mr. Nelson. The most visible of CMORG’s activities is to support a regular cross-sector operational exercise program, which helps industry and authorities alike understand our operational capabilities when things go wrong and build capabilities to address these before they do. In addressing the threat from Cyber, BoE welcomes the announcement by UK Finance of the formation of the Financial Sector Cyber Collaboration Center, which promises to bring a step change to industry collaboration and, therefore, defensive capabilities on cyber. This is a great example of where firms can address risks that are unmanageable by firms individually by tackling the problem for the broader public good. There is still room for industry to go further. The last sector exercise identified a number of areas that lend themselves to this approach and a report will be released shortly about these. However, the key points are:
- Developing ideas on how to protect systems and data more robustly against both accidental and deliberate damage
- Balancing system availability with protecting data integrity during periods of operational stress
- How to secure data against permanent loss, so that we can absolutely guarantee data integrity and availability
- How to resume key services safely when disruptions have occurred, without losing data, damaging integrity, or causing contagion into the wider financial system
Mr. Nelson said that these are all complex issues, which neither regulator nor firms can fix in isolation, but they do define the key operational disruptions scenarios for which better solutions are needed compared to those we have today. He concluded, that, in the next ten to twenty years, there is an opportunity to add to the many advantages of the UK by making it one of the most operationally resilient locations anywhere in the world. "Imagine being able to justifiably claim that even with operational disruption payments can be made and business can still be conducted after only a short delay. As a central bank and a regulator we are ready to take up the challenge."
Related Link: Speech
Keywords: Europe, UK, Banking, Cyber Risk, Operational Resilience, Cyber Testing, International Cooperation, CMORG, Operational Risk, PRA, BoE
Previous ArticleIOSCO-GEMC Publishes Recommendations Related to Sustainable Finance
EBA issued a revised list of validation rules with respect to the implementing technical standards on supervisory reporting.
EBA published its response to the call for advice of EC on ways to strengthen the EU legal framework on anti-money laundering and countering the financing of terrorism (AML/CFT).
NGFS published a paper on the overview of environmental risk analysis by financial institutions and an occasional paper on the case studies on environmental risk analysis methodologies.
MAS published the guidelines on individual accountability and conduct at financial institutions.
APRA published final versions of the prudential standard APS 220 on credit quality and the reporting standard ARS 923.2 on repayment deferrals.
SRB published two articles, with one article discussing the framework in place to safeguard financial stability amid crisis and the other article outlining the path to a harmonized and predictable liquidation regime.
FSB hosted a virtual workshop as part of the consultation process for its evaluation of the too-big-to-fail reforms.
ECB updated the list of supervised entities in EU, with the number of significant supervised entities being 115.
OSFI published the key findings of a study on third-party risk management.
FSB is extending the implementation timeline, by one year, for the minimum haircut standards for non-centrally cleared securities financing transactions or SFTs.