BCBS issued principles for operational resilience and revised the principles for sound management of operational risk, following an August 2020 consultation. The principles for operational resilience aim to strengthen banks' ability to withstand operational risk-related events that could cause significant operational failures or wide-scale disruptions in financial markets, such as pandemics, cyber incidents, technology failures or natural disasters. The principles for the sound management of operational risk have been revised to make technical revisions to align the principles with the recently finalized Basel III operational risk framework, update the guidance where needed in the areas of change management and information and communication technologies (ICT), and enhance the overall clarity of the principles.
BCBS had conducted, in 2014, a review of the implementation of the principles for sound management of operational risk. The review was aimed to assess the extent to which banks had implemented the principles, identify significant gaps in implementation, and highlight emerging and noteworthy operational risk management practices at banks not currently addressed by the principles. The 2014 review had identified that several principles had not been adequately implemented and further guidance would be needed to facilitate their implementation in certain areas. The revised principles for sound management of operational risk for banks cover governance, the risk management environment, information and communication technology, business continuity planning,; and the role of disclosures. These elements should not be viewed in isolation; rather, they are integrated components of the operational risk management framework and the overall risk management framework (including operational resilience) of the group. BCBS recommends that banks should take account of the nature, size, complexity and risk profile of their activities when implementing the Principles.
The principles for operational resilience build on the principles for sound management of operational risk and are largely derived and adapted from existing guidance on outsourcing-, business continuity- and risk management-related guidance issued by BCBS or national supervisors over a number of years. By building on the existing guidance and current practices, BCBS is seeking to develop a coherent framework and avoid duplication. The operational resilience principles focus on governance, operational risk management, business continuity planning and testing, mapping interconnections and interdependencies, third-party dependency management, incident management, and resilient cyber security and ICT. The approach draws from the previously issued principles on corporate governance for banks as well as outsourcing-, business continuity- and relevant risk management-related guidance.
Keywords: International, Banking, Basel, Operational Risk, Operational Resilience, Guidance, Outsourcing Risk, Third-Party Risk, Cyber Risk, COVID-19, BCBS
Leading economist; commercial real estate; performance forecasting, econometric infrastructure; data modeling; credit risk modeling; portfolio assessment; custom commercial real estate analysis; thought leader.
Previous ArticleBCB Issues Rules on Credit Risk and Reporting Requirements for Banks
The Prudential Regulation Authority (PRA) published the final policy statement PS21/21 on the leverage ratio framework in the UK. PS21/21, which sets out the final policy of both the Financial Policy Committee (FPC) and PRA
The Consumer Financial Protection Bureau (CFPB) proposed to amend Regulation B to implement changes to the Equal Credit Opportunity Act (ECOA) under Section 1071 of the Dodd-Frank Act.
The Prudential Regulation Authority (PRA) decided to maintain, at the 2019 levels, the buffer rates for the Other Systemically Important Institutions (O-SII) for another year, with no new rates to be set until December 2023.
The Financial Stability Board (FSB) published a progress report on implementation of its high-level recommendations for the regulation, supervision, and oversight of global stablecoin arrangements.
In a letter to the authorized deposit taking institutions, the Australian Prudential Regulation Authority (APRA) announced an increase in the minimum interest rate buffer it expects banks to use when assessing the serviceability of home loan applications.
The Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) are consulting on the preliminary guidance that clarifies that stablecoin arrangements should observe international standards for payment, clearing, and settlement systems.
The European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA) have set out their respective work priorities for 2022.
The Malta Financial Services Authority (MFSA) updated the guidelines on supervisory reporting requirements under the reporting framework 3.0, in addition to the reporting module on leverage under the common reporting (COREP) framework.
The European Commission (EC) published the Implementing Decision 2021/1753 on the equivalence of supervisory and regulatory requirements of certain third countries and territories for the purposes of the treatment of exposures, in accordance with the Capital Requirements Regulation or CRR (575/2013).
EC published the Implementing Regulation 2021/1751, which lays down implementing technical standards on uniform formats and templates for notification of determination of the impracticability of including contractual recognition of write-down and conversion powers.