- Operational resilience principles aim to increase the capacity of banks to withstand disruptions due to potentially severe events.
- Updated principles on operational risk focus on change management and information and communication technologies (ICT).
- Covid-19 has raised the importance of operational resilience and mitigating operational risk.
In recent years, the growth of technology-related threats has increased the importance of banks’ operational resilience. The Covid-19 pandemic has made the need to address these threats even more pressing. Given the critical role played by banks in the global financial system, increasing banks’ resilience to absorb shocks from operational risks, such as those arising from pandemics, cyber incidents, technology failures or natural disasters, will provide additional safeguards to the financial system as a whole.
Recognising that a concerted operational resilience effort may not prevent a significant shock resulting from a specific hazard, the Committee seeks comment on proposed Principles for operational resilience that aim to mitigate the impact of potentially severe adverse events by enhancing banks’ ability to withstand, adapt to and recover from them.
The Committee is of the view that operational resilience is also an outcome of effective operational risk management. Activities such as risk identification and assessment, risk mitigation (including the implementation of controls) and ongoing monitoring work together to minimise operational disruptions and their effects when they materialise. Given this natural relationship between operational resilience and operational risk, the Committee is proposing updates to its Principles for the sound management of operational risk (PSMOR). Specifically, the Committee is proposing a limited number of updates to: (i) align the PSMOR with the recently finalised Basel III operational risk framework; (ii) update the guidance where needed in the areas of change management and ICT; and (iii) enhance the overall clarity of the principles document.
The proposed principles for operational resilience set forth in this consultative document not only build upon the proposed updates to the PSMOR, they are largely derived and adapted from existing guidance on outsourcing, business continuity and risk management-related guidance issued by the Committee or national supervisors over a number of years.
By building upon existing guidance and current practices, the Committee is seeking to develop a coherent framework and avoid duplication. The proposed operational resilience principles focus on governance; operational risk management; business continuity planning and testing; mapping interconnections and interdependencies; third-party dependency management; incident management; and resilient cyber security and ICT.
Note to editors:
The Basel Committee is the primary global standard setter for the prudential regulation of banks and provides a forum for cooperation on banking supervisory matters. Its mandate is to strengthen the regulation, supervision and practices of banks worldwide with the purpose of enhancing financial stability. The Committee reports to the Group of Central Bank Governors and Heads of Supervision and seeks its endorsement for major decisions. The Committee does not possess any formal supranational authority, and its decisions do not have legal force. Rather, the Committee relies on its members’ commitments to achieve its mandate. The Basel Committee is chaired by Pablo Hernández de Cos, Governor of the Bank of Spain. More information about the Basel Committee is available here.