BCBS issued principles for operational resilience and revised the principles for sound management of operational risk, following an August 2020 consultation. The principles for operational resilience aim to strengthen banks' ability to withstand operational risk-related events that could cause significant operational failures or wide-scale disruptions in financial markets, such as pandemics, cyber incidents, technology failures or natural disasters. The principles for the sound management of operational risk have been revised to make technical revisions to align the principles with the recently finalized Basel III operational risk framework, update the guidance where needed in the areas of change management and information and communication technologies (ICT), and enhance the overall clarity of the principles.
BCBS had conducted, in 2014, a review of the implementation of the principles for sound management of operational risk. The review was aimed to assess the extent to which banks had implemented the principles, identify significant gaps in implementation, and highlight emerging and noteworthy operational risk management practices at banks not currently addressed by the principles. The 2014 review had identified that several principles had not been adequately implemented and further guidance would be needed to facilitate their implementation in certain areas. The revised principles for sound management of operational risk for banks cover governance, the risk management environment, information and communication technology, business continuity planning,; and the role of disclosures. These elements should not be viewed in isolation; rather, they are integrated components of the operational risk management framework and the overall risk management framework (including operational resilience) of the group. BCBS recommends that banks should take account of the nature, size, complexity and risk profile of their activities when implementing the Principles.
The principles for operational resilience build on the principles for sound management of operational risk and are largely derived and adapted from existing guidance on outsourcing-, business continuity- and risk management-related guidance issued by BCBS or national supervisors over a number of years. By building on the existing guidance and current practices, BCBS is seeking to develop a coherent framework and avoid duplication. The operational resilience principles focus on governance, operational risk management, business continuity planning and testing, mapping interconnections and interdependencies, third-party dependency management, incident management, and resilient cyber security and ICT. The approach draws from the previously issued principles on corporate governance for banks as well as outsourcing-, business continuity- and relevant risk management-related guidance.
Keywords: International, Banking, Basel, Operational Risk, Operational Resilience, Guidance, Outsourcing Risk, Third-Party Risk, Cyber Risk, COVID-19, BCBS
Leading economist; commercial real estate; performance forecasting, econometric infrastructure; data modeling; credit risk modeling; portfolio assessment; custom commercial real estate analysis; thought leader.
Previous ArticleBCB Issues Rules on Credit Risk and Reporting Requirements for Banks
The European Commission (EC) published a report summarizing responses to the targeted consultation on the supervisory convergence and the single rulebook in the European Union (EU).
The Office of the Superintendent of Financial Institutions (OSFI) published an update on the discussion paper that intended to engage federally regulated financial institutions and other interested stakeholders in a dialog with OSFI, to proactively enhance and align assurance expectations over key regulatory returns.
The European Central Bank (ECB) published its opinion on a proposal for a regulation on European green bonds, following a request from the European Parliament.
The Advisory Scientific Committee (ASC) of the European Systemic Risk Board (ESRB) published a report that explores the expected impact of digitalization on provision of financial and banking services, and proposes policy measures to address the risks stemming from digitalization.
The European Banking Authority (EBA) announced that the guidelines on the reporting and disclosure of exposures subject to measures COVID-relief measures shall continue to apply until further notice.
The Swedish Financial Supervisory Authority (FI) announced that the capital adequacy reporting as at December 31, 2021 must be done by February 11, 2022.
The Central Bank of the Philippines (BSP) issued communications covering developments related to online lending platforms, open finance framework and roadmap, and on the expected regulations in the area sustainable finance.
The Board of Governors of the Federal Reserve System (FED) published the final rule that amends Regulation I to reduce the quarterly reporting burden for member banks by automating the application process for adjusting their subscriptions to the Federal Reserve Bank capital stock, except in the context of mergers.
The European Banking Authority (EBA) published its assessment of risks through the quarterly Risk Dashboard and the results of the Autumn edition of the Risk Assessment Questionnaire (RAQ).
The Malta Financial Services Authority (MFSA) updated the guidelines on supervisory reporting requirements under the reporting framework 3.0.