In a co-ordinated effort to minimise the impact of IT glitches, cyber attacks, and other disruptions on financial markets and the availability of banking services to consumers, regulators in the UK, the USA and in Europe have co-ordinated efforts to introduce new regulations requiring financial institutions to demonstrate appropriate levels of operational resilience.
Maintaining a secure, reliable and available network is important for all organisations, but its importance is amplified within the financial sector.
A fundamental part of operational resilience is being able to continue providing mission-critical services in the event of disruptions, which, in turn, depends on the stability and availability of an organisation’s network.
Today, customers expect 24/7 availability of key services, such as online banking accounts cash withdrawals and credit union accounts. Customers rely on financial organisations to not only keep their finances secure, but to also safeguard their data and identities.
Commercially, financial institutions such as Banks need to be able to communicate and transact globally on request with clearing houses, settlement platforms, stock markets and payment processors. With the RTGS system in the UK alone processing over £600 billion of transactions every working day, just one financial institution experiencing a severe and extended network outage can have systemic impacts on the wider system.
It’s evident that solid network management underpins all internal and customer-facing systems upon which a functioning financial sector depends. Monitoring network components and performance, combating cyber threats, backing up configurations for key network devices and enabling the swift recovery of network infrastructure after a disruption are all vital aspects of ensuring operational resilience.
The Bank of England’s Prudential Regulation Authority (PRA) worked with the Financial Conduct Authority (FCA) to establish the rules for demonstrating operational resilience within financial institutions. The rules will come into force on March 31st, 2022. Here are the rules at a glance:
While the Bank of England rules are specific to the UK, there is a global call to strengthen operational resilience in the financial sector as a whole. For example, The Basel Committee released a 2020 paper on Principles for Operational Resilience. In the same year, the US Federal Reserve released an interagency paper on Sound Practices to Strengthen Operational Resilience.
The need for improved operational resilience in the financial sector calls for some coordination in strategies, tools, and methodologies. Existing standards, such as the US NIST framework, are candidate standards for cross-regional adoption. The NIST framework specifies security measures, tools, and controls that help ensure the reliable functioning of critical network infrastructure.
Although it remains to be seen whether Nations will work together to coordinate the implementation of a single framework, it is clear that there is a global shift towards accountability and operational resilience within financial institutions.
Not being operationally resilient is a huge risk for financial institutions that carries a range of damaging consequences, such as:
The solutions for operational resilience should principally revolve around building a resilient IT network infrastructure. It’s imperative that the networks of financial institutions are equipped to adequately respond to hardware malfunctions, software errors, and cyber attacks such that impact tolerances aren’t exceeded for important business services. The solution should include:
At Restorepoint, we can help financial organisations improve their operational resilience and achieve compliance with the new regulations by strengthening network resilience.
We help customers such as Deloitte, Societe Generale, Fidelity International, Unicredit and Luxembourg Stock Exchange to dramatically shorten audit cycles, reduce network downtime and meet internal compliance standards by automating critical network processes.
Book a live demo and see how you could use Restorepoint to drive network efficiency, eliminate time-consuming manual processes and achieve operational resilience.