Operational resilience for Financial Services

Mitigating the risk and impact of service outages and becoming resilient to cyber security threats is increasingly vital to firms’ financial wellbeing. Building operational resilience is high on firms’ and regulators’ agendas around the world as both work to protect customers, stakeholders and the economy. Most recently, the Bank of England and the European Banking Authority have issued discussion papers with a view to agreeing and implementing legislation to build up the financial sector’s operational resilience. And other regulators around the globe are expected to follow suit.

Why firms should prioritize operational resilience

Existing legislation already holds financial services firms responsible toward their customers, shareholders and the overall economy; however, technological advancements, increasingly sophisticated cyberattacks and the greater interconnectedness between firms and third-party providers (such as cloud services providers) increases the risk of business interruptions and further impacts to society. Firms’ operational resilience shall be tested.

Central banks and supervisory bodies are moving to address systemic risks to the financial system, including the ecosystems in which they operate. Impending legislation should require firms to define their critical business services and prove their resilience.

Firms’ cyber security, especially in relation to protecting customer data, is also under scrutiny. Firms are more vulnerable to attacks as they form increasingly complex digital ecosystems—cyber security systems are only as good as their weakest link. And unlike many other sources of risk, cyberattacks are often difficult to identify and fully eradicate. Additionally, thanks to social media, the public is much more aware of and vocal about service outages and security issues, potentially damaging to firms’ reputations.