Lyndon Nelson, Deputy CEO and Executive Director, Regulatory Operations and Supervisory Risk Specialists, spoke in London about the ongoing work to ensure operational resilience in the financial services sector in UK, particularly in the face of increasing cyber threats. BoE expects to publish a discussion paper on operational resilience, which would contain recommendations for both the industry and regulators.
In his speech, Mr. Nelson highlights the importance of a strong collaboration when it comes to building resilience in the financial sector. He mentioned that, last year, the UK authorities had issued a discussion paper, setting out an ambitious and innovative outcome-based approach to enhancing operational resilience of the UK finance sector. At a policy level, the paper set out that firms should assume that operational disruption would occur and plan accordingly. The paper has received very positive feedback from industry and globally, particularly its outcome-based approach and the concept of impact tolerance but it also raised issues that require clarification, most notably the family tree of operational risk, operational resilience, operational continuity in resolution, and a number of other terms. The UK authorities will respond to this and other questions in the Autumn. He also mentioned that the discussion paper is a joint document from different authorities such as the Financial Policy Committee, FCA, BoE's Financial Market Infrastructure supervisors, and PRA. This reflects how highly prized BoE considers collaboration to be in this area.
Next, he offered an overview of the activities of the Cross-Market Operational Resilience Group (CMORG), which was historically chaired exclusively by BoE, but has now been re-shaped with the introduction of a co-chair structure—"I now co-chair with UK Finance." said Mr. Nelson. The most visible of CMORG’s activities is to support a regular cross-sector operational exercise program, which helps industry and authorities alike understand our operational capabilities when things go wrong and build capabilities to address these before they do. In addressing the threat from Cyber, BoE welcomes the announcement by UK Finance of the formation of the Financial Sector Cyber Collaboration Center, which promises to bring a step change to industry collaboration and, therefore, defensive capabilities on cyber. This is a great example of where firms can address risks that are unmanageable by firms individually by tackling the problem for the broader public good. There is still room for industry to go further. The last sector exercise identified a number of areas that lend themselves to this approach and a report will be released shortly about these. However, the key points are:
- Developing ideas on how to protect systems and data more robustly against both accidental and deliberate damage
- Balancing system availability with protecting data integrity during periods of operational stress
- How to secure data against permanent loss, so that we can absolutely guarantee data integrity and availability
- How to resume key services safely when disruptions have occurred, without losing data, damaging integrity, or causing contagion into the wider financial system
Mr. Nelson said that these are all complex issues, which neither regulator nor firms can fix in isolation, but they do define the key operational disruptions scenarios for which better solutions are needed compared to those we have today. He concluded, that, in the next ten to twenty years, there is an opportunity to add to the many advantages of the UK by making it one of the most operationally resilient locations anywhere in the world. "Imagine being able to justifiably claim that even with operational disruption payments can be made and business can still be conducted after only a short delay. As a central bank and a regulator we are ready to take up the challenge."
Related Link: Speech
Keywords: Europe, UK, Banking, Cyber Risk, Operational Resilience, Cyber Testing, International Cooperation, CMORG, Operational Risk, PRA, BoE
Previous ArticleIOSCO-GEMC Publishes Recommendations Related to Sustainable Finance
EC published the Implementing Regulation 2021/763 that lays down implementing technical standards for supervisory reporting and public disclosure of the minimum requirement for own funds and eligible liabilities (MREL).
APRA announced the standardization of quarterly reporting due dates for authorized deposit-taking institutions.
The private sector working group of ECB on euro risk-free rates published the recommendations to address events that would trigger fallbacks in the Euro Interbank Offered Rate (EURIBOR)-related contracts, along with the €STR-based EURIBOR fallback rates (rates that could be used if a fallback is triggered).
Bundesbank published a list of "EntryPoints" that are accepted in its reporting system; the list provides taxonomy version and name of the module against each EntryPoint.
EBA published the phase 1 of its reporting framework 3.1, with the technical package covering the new reporting requirements for investment firms (under the implementing technical standards on investment firms reporting).
Asia Pacific Australia Banking APS 111 Capital Adequacy Regulatory Capital Basel RBNZ APRA
ESMA published the final guidelines on outsourcing to cloud service providers.
EBA published annual data for two key concepts and indicators in the Deposit Guarantee Schemes (DGS) Directive—available financial means and covered deposits.
OSFI has set out the schedule for release of draft guidance on the management of technology risks by federally regulated financial institutions and private pension plans.
MAS updated rules for new housing loans by banks and finance companies.