Strengthening resilience throughout the financial system is one of the strategic commitments by the Central Bank of Ireland (CBI) . Resilience includes understanding existing vulnerabilities and mitigating those risks to ensure the financial system can withstand and limit the impact of future disruptions. Owen Lewis, Ian Nelson and David Polley from our Operational Resilience team explain below.
The Consultation Paper for Cross Industry Guidance on Operational Resilience (released April 2021) aims to understand different views from stakeholders on how to prepare for, respond to, recover and learn from an operational disruption that impacts a firms’ ability to deliver a critical or important business service and applies to all regulated firms e.g. insurance, credit institutions, investment firms, RCFs, and PIs.
The Consultation Paper for Cross Industry Guidance on Operational Resilience sets out a holistic approach to the management of operational resilience and related risks which is built around the following three pillars of Operational Resilience:
The three pillars are supported by 15 guidelines which have been developed by the Central Bank following engagement with their international regulatory colleagues. The expectation from the Central Bank is that regulated firms should be able to demonstrate that they have applied the guidelines within an appropriate timeframe, by applying the guidelines in a flexible and proportionate manner based on the nature, scale and complexity of the business.
The Operational Resilience concept has been gaining traction globally. New standards and consultations are continually being proposed across multiple jurisdictions. While the various authorities might promote different terms, the core aspects remains the same - regulatory authorities are concerned with ensuring a firm can evidence their approach to operational continuity. Some examples of relevant guidance is detailed below.
The UK has taken the lead in developing the concept of Operational Resilience, with other jurisdictions paying close attention. It is expected that, over time, a global approach will emerge. Operational Resilience is the new consideration all financial services firms will have to adapt to going forward.
The CBI has released the Consultation Paper for Cross Industry Guidance on Operational Resilience in April 2021. The authority expects firms to actively and promptly address their operational resilience vulnerabilities and be in a position to evidence actions / plans to apply the guidance over the next two years.
The Central Bank will conduct supervisory engagements to assess the level of Operational Resilience maturity in firms. This includes looking for evidence that the board is seeking the required information to enable it to understand the risk and resilience profile of the firm, the firm’s understanding of the delivery of its own critical or important business services and the operational assets that underpin the delivery of these services, the firm’s ability to determine appropriate impact tolerances for its important business services and the firm’s consideration of third parties in its response and recovery process.
KPMG has supported clients on their Operational Resilience journeys since 2017 and has extensive experience in Ireland, the UK and Europe via our Operational Resilience Centre of Excellence. Specifically, our team has deep technical expertise across the Operational Resilience Pillars as outlined by the CBI including ICT and Cyber Resilience, Incident Management, and Business Continuity in addition to broad governance risk and compliance skills. If you would like to discuss the potential impact of the above on your business, please contact any of our Operational Resilience experts below.