RESEARCH REPORT

In brief

In brief

  • Operational resilience is arguably now as important to the financial services industry as financial resilience.
  • Central banks and supervisory bodies are moving toward asking financial services firms to evidence their operational resilience.
  • Our report explains what this trend means for financial services firms around the world and how they can strengthen their organization’s resilience.


Mitigating the risk and impact of service outages and becoming resilient to cyber security threats is increasingly vital to firms’ financial wellbeing. Building operational resilience is high on firms’ and regulators’ agendas around the world as both work to protect customers, stakeholders and the economy. Most recently, the Bank of England and the European Banking Authority have issued discussion papers with a view to agreeing and implementing legislation to build up the financial sector’s operational resilience. And other regulators around the globe are expected to follow suit.

Why firms should prioritize operational resilience

Existing legislation already holds financial services firms responsible toward their customers, shareholders and the overall economy; however, technological advancements, increasingly sophisticated cyberattacks and the greater interconnectedness between firms and third-party providers (such as cloud services providers) increases the risk of business interruptions and further impacts to society. Firms’ operational resilience shall be tested.

Central banks and supervisory bodies are moving to address systemic risks to the financial system, including the ecosystems in which they operate. Impending legislation should require firms to define their critical business services and prove their resilience.

Firms’ cyber security, especially in relation to protecting customer data, is also under scrutiny. Firms are more vulnerable to attacks as they form increasingly complex digital ecosystems—cyber security systems are only as good as their weakest link. And unlike many other sources of risk, cyberattacks are often difficult to identify and fully eradicate. Additionally, thanks to social media, the public is much more aware of and vocal about service outages and security issues, potentially damaging to firms’ reputations.

1 OUT OF 7

breach attempts against banks and capital markets firms were successful in 2018.1

1 OUT OF 5

of security breaches at insurers were successful in 2018.2

The journey to operational resilience

Making an enterprise resilient is an ongoing journey of continuous improvement. Resilient firms are able to recover key business services from a significant unplanned disruption, protecting their customers, shareholders and the integrity of the financial system. It involves governance, strategy, business services, information security, change management, run processes and disaster recovery, all of which depend on people that understand, adapt to and prioritize operational resilience.

Learn more about the key steps in the journey to operational resilience in our report, “Operational Resilience is Financial Resilience: What the Financial Services Industry can do.”

1 Accenture’s 2018 State of Cyber Resilience for Banking & Capital Markets

2 Accenture’s 2018 State of Cyber Resilience for Insurance

About the Authors

Colm Kilfeather

Managing Director – Financial Services Lead, United Kingdom/Ireland


Heather Adams

Managing Director – Finance & Risk, Cyber Resilience and Risk Lead, UK and Ireland


Kieran Hanley

Senior Manager – Financial Services


Vanessa Duffy

Senior Manager – Financial Services


Claire Aldworth

Senior Manager – Finance & Risk

MORE ON THIS TOPIC


Subscription Center
Stay in the Know with Our Newsletter Stay in the Know with Our Newsletter