Operational Resilience for Financial Institutions: Will You Be Ready?
The UK’s Operational Resilience Framework
Fast forward to 2022, and the UK is leading the way with the final compliance date for its Operational Resilience framework – SS1/21 – fast approaching on 31 March 2022.
In many ways, the time for comprehensive business resilience requirements for banks, insurers, and assets managers is probably now due. Many of the fundamentals of Operational Resilience were first conceived during more benign times, with regulators readying themselves for more volatile conditions returning in time.
As 2022 continues to unfold, these more volatile times are indeed upon us. Recovering from the pandemic is driving inflationary pressures, driving up interest rates, and raising questions about the directions of economies across the world. The impact of widespread sanctions and fuel price spikes has yet to play out fully.
These changing circumstances will test the resilience of many institutions in ways not seen since 2007/8.
The UK’s lead in implementing an Operational Resilience framework has highlighted some themes familiar to those who have implemented new regulations before.
Firstly, initial compliance project work has focused on making systems and processes compliant rather than streamlined and efficient. The emphasis is typically on adapting existing processes and procedures to fit the new regulatory requirements. The list of workarounds often used is long and can involve using spreadsheets to move data around or regular ‘cutting and pasting’ of data used as a form of ‘systems integration.’ These manual processes expose institutions to reputational, audit, and compliance risks should any of these ad-hoc processes fail. The overhead of managing these manual processes will likely be significant, especially as the business changes to meet new requirements.
A Fresh Look at Operational Resilience
An interesting development this time around is that many institutions are taking a fresh look at how they implement the systems and processes that support Operational Resilience, to deliver end-to-end automated capabilities that will drive efficiency and incur in cost reduction.
In the UK, this fresh look at automating Operational Resilience compliance is partly the result of the increasing need for agility within the business. SaaS solutions are being utilized to swiftly implement GRC capabilities that are critical to achieving successful Operational Resilience. This approach offers an alternative that provides speed and flexibility for business users and one which need not hold back the capacity for innovation in the organization.
Third-Party Risk Management (TPRM) is also now seen as core to Operational Resilience. In the UK, SS2/21 applies the same principles to the supply chain as the prime customer. In the US, recent interagency guidance points US banks in a similar direction. These requirements demand that banks have robust, flexible, and dynamic TPRM capabilities that mirror their own internal GRC capabilities.
Mitratech’s GRC Platform offers a range of next generation GRC and TPRM capabilities that allow institutions to streamline their Operational Resilience processes. Fast to implement and easy to manage, Mitratech supports financial institutions with the technology they need to achieve their business goals. Learn more here.