What is the Regulators’ perspective on Operational Resilience?
Background and Context
A key priority for supervisory authorities is to put in place a stronger regulatory framework to promote the operational resilience of firms and financial market infrastructures.
The PRA, FCA and Bank of England have adopted a joint approach on Operational Resilience. They published a discussion paper in 2018 followed by a consultation paper in December 2019.
A joint covering document with their respective policy statements (discussed later) was released on 29 March 2021. The PRA’s new policy statement on Outsourcing and Third Party Risk Management was issued at the same time.
From the regulators’ perspective, the objective of Operational Resilience is to improve the market as a whole:
- With a focus on each individual firm
- With a continuous improvement mindset
The publication of these policy statements is in line with parallel developments and convergence happening at international level, notably:
- The Basel Committee for Banking Standards (BCBS) guidelines on principles for operational resilience (31 March 2021)
- The European Commission Digital Operational Resilience Act (DORA) draft proposal (September 2020)
- The US Joint Authorities’ paper on operational resilience (October 2020)
Operational Resilience is an overarching framework which brings together and complements a number of existing regulatory policies and requirements including:
- Recovery and Resolution Planning, Operational Continuity in Resolution, Resolvability Assessment Framework and Business Continuity Planning (BCP)
- European Banking Authority (EBA) Guidelines on Information and Communication Technology (ICT) and security risk management as well as outsourcing arrangements