On 6 August 2020, the Basel Committee on Banking Supervision (Basel Committee) published a consultative document seeking comments on proposed Principles for operational resilience. Given the natural relationship between operational resilience and operational risk, the Basel Committee is also proposing to update its Principles for the sound management of operational risk (PSMOR).
The Basel Committee defines operational resilience as the ability of a bank to deliver critical operations through disruption. In considering its operational resilience, a bank should take into account its overall risk appetite, risk capacity and risk profile.
The Principles for operational resilience are organised across seven categories: governance, operational risk management; business continuity planning and testing; mapping of interconnections and interdependencies of critical operations; third-party dependency management; incident management and resilient information and communication technology (ICT), including cybersecurity. The principles are largely derived and adapted from existing guidance that has already been issued by the Basel Committee or national supervisors over a number of years. The Basel Committee recognises that many banks have well-established risk management processes that are appropriate for their individual risk profile, operational structure, corporate governance and culture, and conform to the specific risk management requirements of their jurisdiction.
The Basel Committee also recognises that measuring a bank’s operational resilience is in a nascent stage and further work is required to develop a reliable set of metrics that both banks and supervisors can use to assess whether resilience expectations are being met. In addition to asking for comments on the proposed principles, the Basel Committee asks banks to specify the kind of metrics they find useful for measuring operational resilience and what data is used to produce these metrics.
In terms of the PSMOR, the Basel Committee is proposing a limited number of updates to: (i) align the PSMOR with the recently finalised Basel III operational risk framework; (ii) update the guidance where needed in the areas of change management and ICT; and (iii) enhance the overall clarity of the principles document.
The deadline for comments on both documents is 6 November 2020.