Lyndon Nelson, Deputy CEO and Executive Director, Regulatory Operations and Supervisory Risk Specialists, spoke in London about the ongoing work to ensure operational resilience in the financial services sector in UK, particularly in the face of increasing cyber threats. BoE expects to publish a discussion paper on operational resilience, which would contain recommendations for both the industry and regulators.
In his speech, Mr. Nelson highlights the importance of a strong collaboration when it comes to building resilience in the financial sector. He mentioned that, last year, the UK authorities had issued a discussion paper, setting out an ambitious and innovative outcome-based approach to enhancing operational resilience of the UK finance sector. At a policy level, the paper set out that firms should assume that operational disruption would occur and plan accordingly. The paper has received very positive feedback from industry and globally, particularly its outcome-based approach and the concept of impact tolerance but it also raised issues that require clarification, most notably the family tree of operational risk, operational resilience, operational continuity in resolution, and a number of other terms. The UK authorities will respond to this and other questions in the Autumn. He also mentioned that the discussion paper is a joint document from different authorities such as the Financial Policy Committee, FCA, BoE's Financial Market Infrastructure supervisors, and PRA. This reflects how highly prized BoE considers collaboration to be in this area.
Next, he offered an overview of the activities of the Cross-Market Operational Resilience Group (CMORG), which was historically chaired exclusively by BoE, but has now been re-shaped with the introduction of a co-chair structure—"I now co-chair with UK Finance." said Mr. Nelson. The most visible of CMORG’s activities is to support a regular cross-sector operational exercise program, which helps industry and authorities alike understand our operational capabilities when things go wrong and build capabilities to address these before they do. In addressing the threat from Cyber, BoE welcomes the announcement by UK Finance of the formation of the Financial Sector Cyber Collaboration Center, which promises to bring a step change to industry collaboration and, therefore, defensive capabilities on cyber. This is a great example of where firms can address risks that are unmanageable by firms individually by tackling the problem for the broader public good. There is still room for industry to go further. The last sector exercise identified a number of areas that lend themselves to this approach and a report will be released shortly about these. However, the key points are:
- Developing ideas on how to protect systems and data more robustly against both accidental and deliberate damage
- Balancing system availability with protecting data integrity during periods of operational stress
- How to secure data against permanent loss, so that we can absolutely guarantee data integrity and availability
- How to resume key services safely when disruptions have occurred, without losing data, damaging integrity, or causing contagion into the wider financial system
Mr. Nelson said that these are all complex issues, which neither regulator nor firms can fix in isolation, but they do define the key operational disruptions scenarios for which better solutions are needed compared to those we have today. He concluded, that, in the next ten to twenty years, there is an opportunity to add to the many advantages of the UK by making it one of the most operationally resilient locations anywhere in the world. "Imagine being able to justifiably claim that even with operational disruption payments can be made and business can still be conducted after only a short delay. As a central bank and a regulator we are ready to take up the challenge."
Related Link: Speech
Keywords: Europe, UK, Banking, Cyber Risk, Operational Resilience, Cyber Testing, International Cooperation, CMORG, Operational Risk, PRA, BoE
Previous ArticleJamey Hubbs of OSFI Announces Bi-Annual Review of Buffer for D-SIBs
APRA issued a letter on the loss-absorbing capacity (LAC) requirements for domestic systemically important banks (D-SIBs) and published a discussion paper, along with the proposed the prudential standards on financial contingency planning (CPS 190) and resolution planning (CPS 900).
The European Commission (EC) launched a call for evidence, until March 18, 2022, as part of a comprehensive review of the macro-prudential rules for the banking sector under the Capital Requirements Regulation (CRR) and Directive (CRD IV).
The Financial Stability Board (FSB) published a report that sets out good practices for crisis management groups.
The Australian Prudential Regulation Authority (APRA) found that Heritage Bank Limited had incorrectly reported capital because of weaknesses in operational risk and compliance frameworks, although the bank did not breach minimum prudential capital ratios at any point and remains well-capitalized.
The Office of the Superintendent of Financial Institutions (OSFI) released the annual report for 2020-2021.
Through a letter addressed to the banking sector entities, the Office of the Superintendent of Financial Institutions (OSFI) announced deferral of the domestic implementation of the final Basel III reforms from the first to the second quarter of 2023.
EIOPA recently published a letter in which EC is informing the European Parliament and Council that it could not adopt the set of draft regulatory technical standards for disclosures under the Sustainable Finance Disclosure Regulation (SFDR) within the stipulated three-month period, given their length and technical detail.
The Financial Conduct Authority (FCA) published the third in a series of policy statements that set out rules to introduce the UK Investment Firm Prudential Regime (IFPR), which will take effect on January 01, 2022.
The Australian Prudential Regulation Authority (APRA) published, along with a summary of its response to the consultation feedback, an information paper that summarizes the finalized capital framework that is in line with the internationally agreed Basel III requirements for banks.
The Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) issued a consultative report focusing on access to central counterparty (CCP) clearing and client-position portability.