BCBS issued principles for operational resilience and revised the principles for sound management of operational risk, following an August 2020 consultation. The principles for operational resilience aim to strengthen banks' ability to withstand operational risk-related events that could cause significant operational failures or wide-scale disruptions in financial markets, such as pandemics, cyber incidents, technology failures or natural disasters. The principles for the sound management of operational risk have been revised to make technical revisions to align the principles with the recently finalized Basel III operational risk framework, update the guidance where needed in the areas of change management and information and communication technologies (ICT), and enhance the overall clarity of the principles.
BCBS had conducted, in 2014, a review of the implementation of the principles for sound management of operational risk. The review was aimed to assess the extent to which banks had implemented the principles, identify significant gaps in implementation, and highlight emerging and noteworthy operational risk management practices at banks not currently addressed by the principles. The 2014 review had identified that several principles had not been adequately implemented and further guidance would be needed to facilitate their implementation in certain areas. The revised principles for sound management of operational risk for banks cover governance, the risk management environment, information and communication technology, business continuity planning,; and the role of disclosures. These elements should not be viewed in isolation; rather, they are integrated components of the operational risk management framework and the overall risk management framework (including operational resilience) of the group. BCBS recommends that banks should take account of the nature, size, complexity and risk profile of their activities when implementing the Principles.
The principles for operational resilience build on the principles for sound management of operational risk and are largely derived and adapted from existing guidance on outsourcing-, business continuity- and risk management-related guidance issued by BCBS or national supervisors over a number of years. By building on the existing guidance and current practices, BCBS is seeking to develop a coherent framework and avoid duplication. The operational resilience principles focus on governance, operational risk management, business continuity planning and testing, mapping interconnections and interdependencies, third-party dependency management, incident management, and resilient cyber security and ICT. The approach draws from the previously issued principles on corporate governance for banks as well as outsourcing-, business continuity- and relevant risk management-related guidance.
Keywords: International, Banking, Basel, Operational Risk, Operational Resilience, Guidance, Outsourcing Risk, Third-Party Risk, Cyber Risk, COVID-19, BCBS
Leading economist; commercial real estate; performance forecasting, econometric infrastructure; data modeling; credit risk modeling; portfolio assessment; custom commercial real estate analysis; thought leader.
Previous ArticleBCB Issues Rules on Credit Risk and Reporting Requirements for Banks
The Australian Prudential Regulation Authority (APRA) found that Heritage Bank Limited had incorrectly reported capital because of weaknesses in operational risk and compliance frameworks, although the bank did not breach minimum prudential capital ratios at any point and remains well-capitalized.
The Office of the Superintendent of Financial Institutions (OSFI) released the annual report for 2020-2021.
The Australian Prudential Regulation Authority (APRA) published, along with a summary of its response to the consultation feedback, an information paper that summarizes the finalized capital framework that is in line with the internationally agreed Basel III requirements for banks.
The Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) issued a consultative report focusing on access to central counterparty (CCP) clearing and client-position portability.
The Australian Prudential Regulation Authority (APRA) released the final Prudential Practice Guide on management of climate change financial risks (CPG 229) for banks, insurers, and superannuation trustees.
The European Banking Authority (EBA) Single Rulebook Question and Answer (Q&A) tool updates for this month include answers to 10 questions.
The European Commission, or EC, finalized the Implementing Regulation 2021/2017 with respect to the benchmark portfolios, reporting templates, and reporting instructions for the supervisory benchmarking of internal approaches for calculating own funds requirements.
The European Commission (EC) has adopted a package of measures related to the Capital Markets Union.
The European Council adopted its position on two proposals that are part of the digital finance package adopted by the European Commission in September 2020, with one of the proposals involving the regulation on markets in crypto-assets (MiCA) and the other involving the Digital Operational Resilience Act (DORA).
The Prudential Regulation Authority (PRA) is proposing, via the consultation paper CP21/21, to apply group provisions in the Operational Resilience Part of the PRA Rulebook (relevant for the Capital Requirements Regulation or CRR firms) to holding companies.