CBI perspective on Operational Resilience CBI perspective on Operational Resilience CBI perspective on Operational Resilience

Strengthening resilience throughout the financial system is one of the strategic commitments by the Central Bank of Ireland (CBI) . Resilience includes understanding existing vulnerabilities and mitigating those risks to ensure the financial system can withstand and limit the impact of future disruptions. Owen Lewis, Ian Nelson and David Polley from our Operational Resilience team explain below.

The Consultation Paper for Cross Industry Guidance on Operational Resilience (released April 2021) aims to understand different views from stakeholders on how to prepare for, respond to, recover and learn from an operational disruption that impacts a firms’ ability to deliver a critical or important business service and applies to all regulated firms e.g. insurance, credit institutions, investment firms, RCFs, and PIs. 

The Consultation Paper for Cross Industry Guidance on Operational Resilience sets out a holistic approach to the management of operational resilience and related risks which is built around the following three pillars of Operational Resilience:

• Identify & Prepare
• Respond & Adapt
• Recover & Learn

The three pillars are supported by 15 guidelines which have been developed by the Central Bank following engagement with their international regulatory colleagues. The expectation from the Central Bank is that regulated firms should be able to demonstrate that they have applied the guidelines within an appropriate timeframe, by applying the guidelines in a flexible and proportionate manner based on the nature, scale and complexity of the business.

The Operational Resilience concept has been gaining traction globally. New standards and consultations are continually being proposed across multiple jurisdictions. While the various authorities might promote different terms, the core aspects remains the same - regulatory authorities are concerned with ensuring a firm can evidence their approach to operational continuity. Some examples of relevant guidance is detailed below.

• The Basel Committee on Banking Supervision’s (BCBS) ‘Principles for operational resilience’;
  
• The joint Bank of England (BoE), Prudential Regulatory Authority (PRA) and the Financial Conduct Authority (FCA) policy statement on their approach to operational resilience across the financial services sector;
• European Commission published its proposed legislation in digital operational resilience, the ‘Digital Operational Resilience Act’ (DORA);
• The US Federal Reserve Board (FRB), the UK’s PRA, and the European Central Bank (ECB) have agreed coordinated statements on operational resilience, which have been issued to all Global Systemically Important Banks (GSIBs), and non-GSIBs;

The UK has taken the lead in developing the concept of Operational Resilience, with other jurisdictions paying close attention. It is expected that, over time, a global approach will emerge. Operational Resilience is the new consideration all financial services firms will have to adapt to going forward.

The CBI has released the Consultation Paper for Cross Industry Guidance on Operational Resilience in April 2021. The authority expects firms to actively and promptly address their operational resilience vulnerabilities and be in a position to evidence actions / plans to apply the guidance over the next two years.

The Central Bank will conduct supervisory engagements to assess the level of Operational Resilience maturity in firms. This includes looking for evidence that the board is seeking the required information to enable it to understand the risk and resilience profile of the firm, the firm’s understanding of the delivery of its own critical or important business services and the operational assets that underpin the delivery of these services, the firm’s ability to determine appropriate impact tolerances for its important business services and the firm’s consideration of third parties in its response and recovery process.

KPMG has supported clients on their Operational Resilience journeys since 2017 and has extensive experience in Ireland, the UK and Europe via our Operational Resilience Centre of Excellence. Specifically, our team has deep technical expertise across the Operational Resilience Pillars as outlined by the CBI including ICT and Cyber Resilience, Incident Management, and Business Continuity in addition to broad governance risk and compliance skills. If you would like to discuss the potential impact of the above on your business, please contact any of our Operational Resilience experts below.