- Operational resilience principles aim to increase the capacity of banks to withstand disruptions due to potentially severe events.
- Updated principles on operational risk focus on change management and information and communication technologies (ICT).
- Covid-19 has raised the importance of operational resilience and mitigating operational risk.
In recent years, the growth of technology-related threats has increased the importance of banks’ operational resilience, and the Covid-19 pandemic has made the need to address these threats even more pressing. Given the critical role played by banks in the global financial system, increasing banks’ resilience to absorb shocks from operational risks, such as those arising from pandemics, cyber incidents, technology failures or natural disasters, will provide additional safeguards to the financial system as a whole.
Recognizing that a concerted operational resilience effort may not prevent a significant shock resulting from a specific hazard, the Basel Committee is seeking comment on proposed Principles for operational resilience that aim to mitigate the impact of potentially severe adverse events by enhancing banks’ ability to withstand, adapt to and recover from them.
The Committee said it is of the view that operational resilience is also an outcome of effective operational risk management. Activities such as risk identification and assessment, risk mitigation (including the implementation of controls) and ongoing monitoring work together to minimize operational disruptions and their effects when they materialize. Given this natural relationship between operational resilience and operational risk, the Committee is proposing updates to its Principles for the sound management of operational risk (PSMOR).
Specifically, the Committee is proposing a limited number of updates to: (i) align the PSMOR with the recently finalised Basel III operational risk framework; (ii) update the guidance where needed in the areas of change management and ICT; and (iii) enhance the overall clarity of the principles document.
According to a statement from the Committee, the proposed principles for operational resilience set forth in this consultative document not only build upon the proposed updates to the PSMOR, they are largely derived and adapted from existing guidance on outsourcing, business continuity and risk management-related guidance issued by the Committee or national supervisors over a number of years.
By building upon existing guidance and current practices, the Committee says it is seeking to develop a coherent framework and avoid duplication. The proposed operational resilience principles focus on governance; operational risk management; business continuity planning and testing; mapping interconnections and interdependencies; third-party dependency management; incident management; and resilient cybersecurity and ICT.