The Bank of England (BoE) has published a speech, given by Charlotte Gerken, BoE Director, Supervisory Risk Specialists, on the BoE’s approach to operational resilience.
Ms Gerken notes that operational resilience is the ability to adapt operations to continue functioning, when – not – if – circumstances change. The BoE’s approach to operational resilience first looks at individual firms as providers of financial services. The BoE assesses how well firms’ business activities and supporting services are designed to adapt to failures in any part of their infrastructure and to test their resilience in a variety of scenarios. The BoE’s approach to operational resilience also aims to take into account the firm’s interconnectedness and looks at their links and dependencies.
In terms of cyber-risk within the operational resilience agenda, the chart from the BoE’s H2 2016 systemic risk survey shows 28% of firms citing cyber-attacks amongst the most challenging risks they have to manage. The BoE’s operational resilience programme seeks to identify, evaluate and drive mitigation of cyber-risks. The BoE has used a cyber-triage questionnaire as part of its supervision of firms and is extending its use to more firms. The BoE also continue CBEST assurance testing of the most systemically important firms. Through this work the BoE has identified some important themes: (i) for example, those that performed best not only had strong defences but had strong detection, response and recovery capabilities; and (ii) they also understood the need to approach resilience as a people, process and technology issue. Not only focussing on technical controls.
In terms of future work, over the coming months, the BoE will articulate tolerance for disruption in the financial services sector. This will help inform its firm-specific and sector-wide interventions, targeting them on the parts of the sector that could have greatest impact on financial stability if they were to be disrupted. The BoE is developing its micro prudential, firm level supervision approach. This will set clear expectations of firms and provide tools to assess firms’ resilience. The BoE will continue its system-wide work through the Financial Policy Committee. Next month’s Financial Stability Report will announce the next steps for the Financial Policy Committee’s cyber-work programme. The BoE will also continue work through international fora. The BoE has key pieces of work which it will help deliver in the coming months through the Financial Stability Board and G7.
View BoE speech on approach to operational resilience in financial services sector, 14 June 2017