Significant regulatory policy development on operational resilience is now occurring at the national, jurisdictional and international level. New standards are being finalised and important consultations on supervisory approaches are in train.
COVID-19 will accelerate the shift in mindset that many regulators have adopted, towards asking firms to identify their most important business services, consider vulnerabilities to them that are broader than cyber-attacks and IT failures, and assume that severe system-wide threats will occur and lead to the failure of those services.
In our view, financial services groups will perform best, and be more resilient to unexpected operational threats, if they implement a consistent group-wide approach to managing operational resilience that is based on international leading practice.
In this report, we examine the emerging operational resilience requirements for firms in the EU, UK and US. We put forward our own outcomes-based framework - our Key Attributes for enhancing operational resilience in financial services, drawing from the most ambitious and innovative regulatory and private sector approaches we have observed around the world.
Our view is that a firm that bases its group-wide approach to operational resilience on these Key Attributes will be better placed to deal with evolving regulatory demands across jurisdictions going forward.
The Deloitte Centre for Regulatory Strategy is a powerful resource of information and insight, designed to assist financial institutions manage the complexity and convergence of rapidly increasing new regulation.
With regional hubs in the Americas, Asia Pacific and EMEA, the Centre combines the strength of Deloitte’s regional and international network of experienced risk, regulatory, and industry professionals – including a deep roster of former regulators, industry specialists, and business advisers – with a rich understanding of the impact of regulations on business models and strategy.