FS Programme Briefing | Operational Resilience from a macroprudential perspective
The Financial Stability Institute (FSI) have published their 17th Brief paper, covering the macroprudential perspective of financial service’s quickly developing policy-making environment around operational resilience.
Contrary to the day-to-day micro-policy-making involved within the DP3/22 discussion papers, it is useful to observe operational resilience via a ‘helicopter lens’ to understand the wider complexities of firms adapting and contributing feedback to the ongoing changes within the financial-technological prudential space. This insight will examine the FSI’s Briefing, acknowledging the paper’s 2 key takeaways and its implications on the wider debate of operational resilience regulatory policy.
- Analysis of trending international and national regulatory policy-making environments, and noticeable differences in macro-objectives and institutional targeting
- Basel Committee on Banking Supervision’s (BCBS) ‘Principles for operational resilience’, US’s ‘Sound practices to strengthen operational resilience’ and EU’s ‘Digital Operational Resilience Act’ (DORA)
Both BCBS and the US’s guidelines focus on ‘critical business operations’ within banks, as opposed to the UK regulatory institutions’ attention on ‘important’ financial services firms. Naturally, the international/transnational guidelines focus on operational resilience’s role within tackling and preventing systemic risks in the sector. This is particularly note-worthy within areas including ‘third-party (TP) management’, ‘mapping interconnections and interdependencies’ and ‘testing’. For example, BCBS’s guidelines target when/where testing should occur within the context of specific threats, and their exact responsive procedures and processes.
DORA covers a different range of operational resilience issues and procedures comparatively with BCBS/US and UK national regulatory institutions. The legislative proposal specifically focuses upon possible Information and Communications Technology (ICT) threats across financial institutions and firms. Importantly, the proposals include the requirement of financial institutions and firms to ‘harmonise’ their operational resilience strategies and relevant communications with national, international, and transnational regulatory institutions.
- UK’s HM Treasury’s cross-regulatory institutional regime proposals and the Bank of England’s (BoE) Prudential Regulatory Authority (PRA) and Financial Conduct Authority’s (FCA) DP3/22 Discussion Papers following the Government’s Financial Services and Markets Bill
As techUK’s Market Briefing with both the PRA and FCA included, contrary to the international/transnational proposals, the UK’s proposed regime would retain significant individual responsibility and autonomy for firms and financial institutions to identify risks most important to their customer’s most used services. Outlining how operations, communications, and testing’s focus upon these areas of disruption.
- Analysis of macro-trends within system-level operational resilience
- System-level operational resilience between national and international regulatory coordination
With the growing prevalence of global challenges and crises significantly affecting the day-to-day ongoings of the financial sector, indeed, the national and international economic system in general - it would be no surprise governments, financial institutions and firms are seeking to advance coordination within the key area of operational resilience. However, as the sector has already discussed, greater coordination across proposals has emphasised the different areas of regulatory focus. As discussed above, firms/institutions’ focus areas will determine upon different interpretations of ‘systemic’ – whether the focus should be on individual services and customer experiences, or the stability of the financial system in general.
- Separated/combined policy approaches within regulatory institutions
The paper points towards individual and sectoral wide use of ‘critical technology services’ including ‘cloud computing services (CCS)’ which, considering the diversity of regulatory and firm-priority focuses, presents with numerous system-level resolutions including:
- Financial services firms and institutions to take accountability for on-boarding and processing third-party providers
The FSI suggests skepticism around institutions and firms conducting individual assessments, presenting gaps and un-standarised and inefficient procedures within auditing processes across the sector.
- Financial services firms to use a ‘multi-provider’ process, ensuring the use of multiple suppliers within specific areas of service
Due to the increased complexity of this proposal – auditing and cloud configuration processes would take longer and become more inefficient due to the cross-supplier nature of operations.
- Removing both SIFIs and FMIs upon relying on third-party providers, resulting in financial institutions becoming ‘self-sufficient’ within their ICT solutions
As the paper amplifiers, this is certainly the most controversial proposal outline within the Brief, requiring the sector to completely re-think its ICT usage. Although this part of the paper cannot be perceived as a serious proposal, it serves as a useful thought exercise in appreciating the significance of third-party providers and their contribution to developing efficiency, governance and system-wide standardization within the sector.
Operational resilience remains a hot topic within the financial-technology space. With regulatory institutions, financial institutions, and firms deep within the complexities of micro-prudential policy-debates, the FSI’s Brief suggests the importance of understanding the regulatory policy environment from a wider view, for two important reasons:
- Observing where/when/why trends within focuses and objectives occur
- Challenges and threats within multiple individual institutions and firms should be resolved at the systemic level
Following this insight’s short analysis of the FSI’s Brief paper, it is clear the rapidly developing regulatory policy-making of operational resilience is already ironing out possible differences in focus of regulation. However, it is important for firms and their relationship to regulatory institutions that these differences are made clear, of which their ‘front-line’ experiences of operational resilience remain central to future developments in policy-making internationally, transnationally and nationally.
As techUK’s interview with the NCC Group’s Regulatory Compliance Solutions Lead suggests, with multiple global challenges both inside and outside the financial services sector, regulatory policy-makers and firms must avoid a path towards policy-making ‘lock-in’, ensuring necessary thought-leadership spaces for critical macro-systemic thinking around financial-technological challenges including operational resilience can take place.
Original article link: https://www.techuk.org/resource/fs-programme-briefing-operational-resilience-from-a-macroprudential-perspective.html
Latest News from
UK-Ukraine Digital Trade Agreement Signed24/03/2023 12:25:00
On 20 March, the UK and Ukraine signed a crucial Digital Trade Agreement.
Budget 2023 | Digitalisation of Trading Authorisations24/03/2023 09:15:00
Following techUK’s ongoing calls for greater Government support in streamlining digital customs facilitations and trade documentation processes, the Spring Budget 2023’s Business investment and tax policy provisions includes an important HMRC policy project; Modernising Authorisations (MA), delivery a digital platform for simplifying and streamlining customs and exercise authorisations for companies trading internationally
Latest UN climate report shows need for urgent action23/03/2023 12:25:00
The latest UN climate science report (called The Synthesis Report of the Sixth Assessment Report (AR6) makes for grim reading indeed.
JES Meeting Summaries | RASSO Tech Working Group | February, 202322/03/2023 13:15:00
Within February's Working Group meeting, members discussed the Police Digital Service's (PDS) technical workstreams and the Group's priorities members inputted their ideas towards
NCSC launches Cyber Aware Spring 2023 campaign21/03/2023 16:25:00
The National Cyber Security Centre (NCSC) is the UK’s technical authority on cyber security.
R&D Tax Credits in the Spring Budget 2023: What’s Happened and What’s Next21/03/2023 11:25:00
techUK has been advocating to defend, reform, and grow crucial R&D tax reliefs support for the tech sector, through working to reverse damaging cuts to SME R&D tax credits, advocating for the expansion of the definition of R&D and supporting prioritisation of stability in tax regimes to attract lasting investment.
AI Adoption in the UK: Putting AI into Action20/03/2023 10:25:00
Artificial intelligence (AI) is changing the face of the technological ecosystem and is unlocking unprecedented opportunities for innovation in the UK, as well as on the global stage
techUK recommendations accepted by Government in Sir Patrick Vallance Digital Technologies Review20/03/2023 09:15:00
The Government has accepted the recommendations of a review into Digital Technologies from the National Technology Advisor Sir Patrick Vallance, including a number of key asks from techUK members.
NHS Transformation Directorate publishes Who Does What framework17/03/2023 10:15:00
National Director for Transformation, Dr Tim Ferris, announced the publication of the Who Does What document at Digital Health Rewired this week, outlining how NHS England and Integrated Care Systems can best utilise digital technologies.