Global menu

Our global pages

Print Friendly and PDF
Default New Image

Operational Resilience, Fintech, Cyber Security and Outsourcing

The international regulatory response to the global financial crisis of 2008-09 resulted in significant changes to rules and regulations to ensure that financial institutions (FIs) were financially resilient and better placed to withstand future shocks to the financial system.

Since then, the regulatory focus has shifted to the operational resilience of FIs and financial market infrastructure (FMI) to withstand significant disruption to critical services. Major global banks like the Bank of England have openly stated that operational resilience is as important as financial resilience. In part, this is a consequence of high-profile incidents involving technological failures at major banks and the increasing number of cyber-attacks affecting FIs, which lead to severe disruption to the delivery of financial services.

However, there are more fundamental reasons for why regulators and governments are coordinating internationally to develop and implement operational resilience requirements. Key amongst those reasons is the exponential growth in the digital and technological infrastructure to support financial services, with increasing numbers of FIs relying on a core pool of third party outsource service-providers (an issue described by regulators as “concentration risk”). Without a proper grip on the resilience of this infrastructure, regulators are concerned the financial sector will be vulnerable to another crisis-level event of the nature experienced in 2008-09.

The global COVID19 pandemic heightened awareness of these issues as the financial sector shifted overnight to a remote working environment, which depended on a resilient operational and technological framework to maintain the delivery of important business services.

FIs and FMI are therefore under increasing levels of scrutiny to demonstrate their ability to respond to and recover from significant disruption, and they need to ensure this approach is built into financial technology. Any failure to demonstrate compliance or, ultimately, to deliver resilience when a disruption occurs will likely result in regulatory action. It will also increase litigation risk both for the FI concerned and also for any third parties providing services to the FI, where they might have been the cause of the disruption.

Top three things on the horizon

1. It's the final countdown to operational resilience (or is it?) - As we reach the final Operational Resilience deadline set by UK regulators today, Financial Services firms would be wise not to rest on their laurels, with numerous cybersecurity and outsourcing issues arising from the conflict in Ukraine – Read more
2. Building Operational Resilience: The PRA view - On 5 May 2021, Lyndon Nelson (Deputy CEO of the PRA), delivered a speech to UK Finance, following the publication of PS6/21: “Operational Resilience: Impact tolerances for importance business services” in March this year – Read more
3. Operational Resilience: the clock has started; the time to act is now -Lyndon Nelson (Deputy CEO, PRA) and Suman Ziaullah (Head of Department for Technology, Resilience and Cyber Specialists, FCA) delivered key note addresses at City & Financial’s 8th Operational Resilience and Cyber Security Summit – Read more

View previous articles 

Default New Image
Default New Image