FSI Brief Studies Operational Resilience Initiatives Amid COVID Crisis

Supervisory discussions at the international level have recently shifted toward achieving operational resilience more broadly. BoE is the first national authority to have issued a consultation on its operational resilience expectations. BoE defines operational resilience as the ability of firms and the financial sector to prevent, adapt, respond to, recover from, and learn from operational disruptions. The objective of addressing operational resilience of  financial institutions to IT outages and cyber attacks has clearly motivated the BoE consultation as well as the international supervisory discussions. However, as seen in the disruption that COVID-19 outbreak has caused in recent weeks, financial institutions need to review and ensure that their operational resilience procedures are also fit for purpose during pandemics.

As shown by the recent spate of supervisory guidance in relation to the COVID-19 outbreak, pandemics may have unique elements that financial institutions need to incorporate in the scenarios to test their operational resilience. International efforts to come up with operational resilience standards should take into account these unique elements, including the following:

• Critical or essential employees—It is important to identify the critical functions and employees who support important business services as well as to ensure employee safety. Financial institutions should ensure that employees can safely resume their duties (remotely, if necessary) so that business services can recover as quickly as possible.
• IT infrastructure—Financial institutions should ensure that their IT infrastructure can support a sharp increase in usage and take steps to safeguard information security.
• Third-party service providers—Financial institutions should ensure that their external service providers and/or critical suppliers are taking adequate measures and are sufficiently prepared for a scenario in which there will be heavy reliance on their services.
• Cyber resilience—Financial institutions’ cyber resilience processes should remain vigilant to identify and protect vulnerable systems. These processes should be able to detect and respond to cyber attacks and help an institution recover from them.

Related Links

• Notification
• FSI Brief (PDF)

Keywords: International, Banking, Insurance, Securities, COVID-19, Business Continuity, Operational Risk, Cyber Risk, Third-Party Arrangements, Operational Resilience, BoE, BIS, FSI