As the threat of disruptions increases, the need for operational resilience - the ability for organizations to quickly adapt to changing environments - is of paramount importance. This is particularly true in the financial services sector.
Resilience - Prevention + Adaptation
Decisive steps to prevent a disruption, including detective and preventative controls, are essential. 然而, while prevention is still a key component of any resilience strategy, firms also need to adopt comprehensive measures that can provide for an orderly recovery and resumption of operations following a disruptive event, with minimal impact to the marketplace. A clear understanding of how all business and technical processes work from beginning to end (including an understanding of the vendors used in the supply chain) is necessary to ensure a rapid, 然而,安全, recovery of service in the event of a market disruption.
第三方监管
The trend in technology has moved to a more service-oriented model, whereby several providers are fulfilling the needs of many companies, rather than those companies develop the services themselves. 这就是为什么至关重要的是, when we speak about operational resilience, we need to consider the prevalence of third parties and other outsourced providers who may support the processing of financial transactions. When looking at the changing structure of the financial services sector, how can we ensure that third-party vendors provide the same level of protection required of financial firms themselves? Risk protection needs to be the same regardless of who is providing the financial service.
What is the resilience of the outsourced firms? How would an interruption of their business affect the supply chain? While we can gain an understanding of the control structure of a third party, it is much harder to identify how quickly an outsourced provider can return their operations online after a major disruptive event. 一种选择是使用 Financial 服务 Sector Cybersecurity Profile, which will allow third-party and outsourced service providers to demonstrate cybersecurity compliance. The Profile provides insight into the provider’s preparedness and recovery capabilities in the wake of a disruption.
An appropriate oversight model for third parties will require a joint effort between supervisors and the financial sector. Initiatives are needed to instill a level of confidence that these vendors can recover operations in an allotted timeframe. These efforts can include further regulatory coordination, as well as licensing and accreditation requirements. 另外, 应该指出的是, 在某些情况下, certain third parties may exit the business or not support certain sectors if the risk doesn’t meet their business model or profitability objectives.
国际合作
There is a strong need for international consensus from global regulators as we build resiliency, and this must be done in partnership with businesses in the financial sector. Proposals on how best to accomplish resiliency objectives are being discussed at global levels, between the 国际 Organization of Securities Commissions, 金融稳定委员会, and the Basel Committee on Banking Supervision along with the sector to develop a consistent, 基于风险的一套原则. But we still have much more work to accomplish.
Interruptions - regardless of nature or origin – are inevitable and pose a threat to our business models. In order to achieve operational resilience, key areas of focus going forward will be continued regulatory coordination and a coordinated framework for third-parties. 在存, we have long considered resilience an integral part of our business strategy, and we continually evaluate impacts to our business.