The Institute of International Finance (IIF) and the Global Financial Markets Association (GFMA) have released together “Discussion Draft Principles Supporting the Strengthening of Operational Resilience Maturity in Financial Services.” These principles support the financial industry’s efforts to continuously improve and strengthen the level of operational resilience for the firms, the customers, markets, the sector, and the broader economies they support nationally and across the globe.
The Associations believe that the public and private sectors should work together to develop and mature an international approach to operational resilience. We believe this approach should be developed based on these discussion draft principles that can be applied in a proportionate manner considering the importance of services and the risks they present at the level of each firm, its customers and the industry. The approach should remain risk-and principles- based enabling firms to have the latitude to use their judgement and discretion to identify critical business functions, impact tolerances, and scenarios or types of disruptions that are the most relevant and proportionate to their business and risk profile, as well as the evolution of risk(s).
Operational resilience has been defined by regulators as the ability of firms, Financial Market Infrastructure(s) and the financial system as a whole to identify, detect, protect, adapt and respond to, as well as recover and learn from, operational disruptions. Operational resilience is not a specific process, rather it is an outcome and as such the path to maintaining it will differ between firms. Operational Resilience is a priority for the public and private sectors to maintain confidence in the industry and support financial stability and economic growth. Operational resilience should be viewed as having a level of importance similar to financial resilience. Like financial resilience, operational resilience is a key pillar underlying the soundness of broader economies and markets.
Achieving operational resilience is an evolutionary process expanding upon areas such as business continuity and cyber resilience. Consequently, governance models for operational resilience should leverage existing structures that are used to govern and manage these areas. The financial industry is constantly learning from events and incidents, identifying any gaps and implementing the changes necessary to continue improving and updating processes in line with the fast-changing financial industry ecosystem.
As authorities seek to establish how to assess operational resilience there is a risk that national level approaches begin to diverge and become inconsistent. This potential for fragmentation due to divergences in regulatory standards and supervisory oversight poses substantial risks and operational challenges for financial services firms that operate globally and, in turn, for the financial system. A good operational resilience approach encompasses the people, processes and communication channels necessary to efficiently connect with clients, internal stakeholders, and global authorities across the industry.
The IIF and GFMA are advocating for global standard setters and specific jurisdictions to consider these discussion draft principles as they develop approaches to operational resilience. Those jurisdictions who are furthest along in developing approaches are encouraged to play an active role in global forums and relevant standard setting bodies, and collaborate with other public and private sector stakeholders via supervisory colleges, roundtables, or other forums to ensure that a globally coordinated and consistent approach is developed across the industry.