On 26 August 2022, the Financial Stability Institute (FSI) published a paper on safeguarding operational resilience: the macroprudential perspective.
The FSI was jointly created in 1998 by the Bank for International Settlements and the Basel Committee on Banking Supervision. Its mandate is to assist supervisors around the world in improving and strengthening their financial systems.
The paper that the FSI has produced considers operational resilience through a macroprudential lens. In particular, it examines the progress in developing frameworks for operational resilience and compares the main guidelines issued. It also discusses the macroprudential concerns of operational resilience and sets out some ideas on how to address them.
The paper sets out the following key findings:
- Financial firms’ increased reliance on technology and the additional complexity and interconnections that technology has brought to the financial ecosystem pose risks to operational resilience, not only to individual institutions, but also to the financial system as a whole.
- Many authorities have chosen to have separate policies or guidelines related to risk management, business continuity management and third-party management to achieve operational resilience, while a few have put all these things together to come up with a holistic operational resilience policy.
- Among those with an operational resilience policy, the definition of important operations/services takes a macroprudential view, but setting standards of resilience for these operations/services and testing against these standards are left to individual firms.
- There is scope for operational resilience policies to be explicit about the need to perform system-level assessment, monitoring and testing.
- Given their implications for system-level operational resilience, there may be an argument for subjecting critical technology providers to an oversight framework, which when relevant, should be coordinated internationally.
- Given the increased importance in the financial system’s value chain of big tech groups that conduct diverse activities and are subject to significant internal interdependencies, there is also value in considering establishing group-wide requirements on operational resilience for these entities.