It’s no news that the financial sector is heavily dependent on interconnected technology ecosystems. But did you know that in the first quarter of 2020, the number of large-scale cybersecurity breaches increased by 273%?
Since the pandemic hit, Operational Resilience has taken centre stage, and several regulators, including the Federal Reserve, European Central Bank and BCBS (Basel Committee on Banking Supervision) have all issued consultations on this subject. In the UK, the Prudential Regulation Authority and the Financial Conduct Authority are also publishing a policy in the first quarter of 2021.
The question is: is there value for banks in this regulation? And how can financial institutions test and strengthen their operational resilience?
In 2017, the US defence secretary had a light installed in his bathroom which would flash if North Korea launched a nuclear missile, enabling him to respond to that threat immediately, even when he was in the shower. Thankfully, that alarm never went off.
But three years later, the unprecedented nature of COVID has forced everyone to rethink their preparation, response and recovery measures for the unexpected. In short, we learnt that Operational Resilience, that is “the ability to prevent, respond to, recover and learn from operational disruptions”, is vital, especially for financial service organisations.
In particular, these institutions need to focus on core three pillars:
But, how do you know if you are truly resilient?
One way we have adopted with our clients is running what we call War Games. By simulating a realistic, real-time critical incident, we validate existing response and recovery procedures, expose blind spots and resilience gaps in real-time, and secure buy-in for improvements from all participants.
Monitoring the end-to-end payment ecosystems is crucial in this exercise, as it will surface critical issues across silos of systems, departments and external partners. These findings drive the enhancement of the recovery runbook and the development of a practical and implementable remediation plan.
Are war games for you?
Well, speaking from 1st hand experience, this approach has dramatically increased the resilience of critical services for our clients, enabling them to fulfil regulatory, business and customer expectations when the unexpected happens. But, if you are still not convinced, you can always try to install a light in your bathroom, and hope the alarm never goes off.
As the Latins said: “If you want peace, prepare for war”. Operational risk continues to increase as the complexity of our financial ecosystem grows, so thinking about preparedness beyond regulation is critical to both gain and maintain a competitive advantage.
Is there a lot to do? Absolutely.
Can it be done? Definitely!
And if you need a hand validating your Payments Operational Resilience, we are here to help.