Safeguarding operational resilience: the macroprudential perspective

Highlights

• Financial firms' increased reliance on technology and the additional complexity and interconnections that technology has brought to the financial ecosystem pose risks to the operational resilience not only of individual institutions but also of the financial system.
• Many authorities have chosen to have separate policies or guidelines related to risk management, business continuity management and third-party management to achieve operational resilience, while a few have put all these things together to come up with a holistic operational resilience policy.
• Among those with an operational resilience policy, the definition of important operations/services takes a macroprudential view, but setting standards of resilience for these operations/services and testing against these standards are left to individual firms.
• There is scope for operational resilience policies to be explicit about the need to perform system-level assessment, monitoring and testing.
• Given their implications for system-level operational resilience, there may be an argument for subjecting critical technology providers to an oversight framework, which, when relevant, should be coordinated internationally.
• Given the increased importance in the financial system's value chain of big tech groups that conduct diverse activities and are subject to significant internal interdependencies, there is also value in considering establishing group-wide requirements on operational resilience for these entities.