Operational resilience for Financial Services
June 13, 2019
June 13, 2019
Mitigating the risk and impact of service outages and becoming resilient to cyber security threats is increasingly vital to firms’ financial wellbeing. Building operational resilience is high on firms’ and regulators’ agendas around the world as both work to protect customers, stakeholders and the economy. Most recently, the Bank of England and the European Banking Authority have issued discussion papers with a view to agreeing and implementing legislation to build up the financial sector’s operational resilience. And other regulators around the globe are expected to follow suit.
Existing legislation already holds financial services firms responsible toward their customers, shareholders and the overall economy; however, technological advancements, increasingly sophisticated cyberattacks and the greater interconnectedness between firms and third-party providers (such as cloud services providers) increases the risk of business interruptions and further impacts to society. Firms’ operational resilience shall be tested.
Central banks and supervisory bodies are moving to address systemic risks to the financial system, including the ecosystems in which they operate. Impending legislation should require firms to define their critical business services and prove their resilience.
Firms’ cyber security, especially in relation to protecting customer data, is also under scrutiny. Firms are more vulnerable to attacks as they form increasingly complex digital ecosystems—cyber security systems are only as good as their weakest link. And unlike many other sources of risk, cyberattacks are often difficult to identify and fully eradicate. Additionally, thanks to social media, the public is much more aware of and vocal about service outages and security issues, potentially damaging to firms’ reputations.
1 OUT OF 7
breach attempts against banks and capital markets firms were successful in 2018.1
1 OUT OF 5
of security breaches at insurers were successful in 2018.2
Making an enterprise resilient is an ongoing journey of continuous improvement. Resilient firms are able to recover key business services from a significant unplanned disruption, protecting their customers, shareholders and the integrity of the financial system. It involves governance, strategy, business services, information security, change management, run processes and disaster recovery, all of which depend on people that understand, adapt to and prioritize operational resilience.
Learn more about the key steps in the journey to operational resilience in our report, “Operational Resilience is Financial Resilience: What the Financial Services Industry can do.”
1 Accenture’s 2018 State of Cyber Resilience for Banking & Capital Markets
About the Authors