Weather the Disruption: Business Resiliency Preparedness in a Potential Slowdown

Welcome to the Q2 2022 edition of Weather the Disruption. This is a quarterly newsletter intended to highlight the importance of Business Resiliency in today’s world. Our goal is to provide global regulatory updates, industry trends, best practices, and potential threats impacting our clients and sector. In this edition, we discuss how businesses can address their resiliency programs in light of a potential economic slowdown.

 

Bracing for Economic Slowdown

An ever-changing economic and technological landscape leads to an increasingly turbulent environment that firms must learn to navigate. In response, firms have begun to overhaul their Business Resiliency programs.

Business Resiliency is a firm’s ability to withstand, recover from, and adapt to disruptions to its operations. Disruptions can be widespread, such as natural disasters, or targeted, such as cyberattacks. Regardless of the cause, firms must be proactive in their preparation and have effective contingency plans for when these disruptions inevitably occur.

In a recent survey, 68% of CEOs are expecting a recession and bracing for it. Business Resiliency needs to be a main focus for businesses to be able to stay competitive in an economic slowdown.

Regulators Globally Demand Documented Resiliency Strategy

The regulating bodies across the world are focused on enhancing transparency requirements of companies' operational resiliency capabilities. Many countries, such as the UK and US, have implemented regulations for companies to ensure disclosure of their resiliency strategy.

United Kingdom:

The UK imposed new climate-related disclosure regulations for companies and LLPs with the intention to be able to determine financial impacts resulting from exposure to climate-related risks and opportunities. It would require the disclosure of the company resilience business model and strategy, taking into consideration different climate-related scenarios.

The UK has continued to focus efforts on operational resiliency by providing a roadmap of how the Prudential Regulation Authority (PRA) expects regulation of operational resilience to develop across sectors. As part of the focus, PRA has also introduced insurance stress testing that would require insurance businesses to include extensive information about the impact of stress scenarios to their business.

United States:

The US Securities and Exchange Commission (SEC) proposed a plan to implement cyber risk management regulatory requirements as cyberthreats pose more frequent threats to companies, investors, and, as a result, the market.

Major Breaches and Disruptive Events

Here are some recent major events that have disrupted the industry this quarter:

Continued Russia-Ukraine Conflict

As the war in Ukraine continues, several companies have found it challenging to continue regional operations with nearly 1,000 international businesses having slowed operations in Russia, some of which have closed completely.

Cash App Data Breach

More than eight million users of Cash App Investing, the stock trading product of Cash App, were involved in a data breach in April. Sensitive information such as names, brokerage account numbers, and portfolio information was exposed when a regulatory filing was downloaded by a former employee.

The Great Resignation

Businesses and companies are still dealing with the Great Resignation, where tens of millions of US employees voluntarily left their jobs as the battle for talent intensifies. Staffing shortages and the need for appropriate coverage in key business lines pose significant risk to these firms.

Hurricane Season

In early June, Tropical Storm Alex caused flash flooding and power outages in Cuba and the southern US. As we enter Hurricane Season, experts say all signs are pointing to yet another busy season. As a direct result, firms with operations in coastal regions are especially susceptible to power outages, damage to offices and data centers, staffing issues, and more.

Business Resiliency Trends

Here are some ways firms have enhanced their Business Resiliency:

Reinforced Supply Chains

As a result of Russia’s invasion of Ukraine, many companies have begun to reassess the stability of their supply chains in hopes to navigate the recent turbulence. There have even been talks between the US and UK to commit to building more durable supply chains to help reduce any future risk that stems from the invasion.

Business Continuity Plans

A major outcome of the recent COVID pandemic was the adoption and refinement of business continuity plans among most major banks. These global banks have relied heavily on their plans to remain operational in China despite a recent resurgence of the virus.

Business Resiliency Best Practices

Forward-looking financial institutions are having great success implementing these business resiliency programs:

Integrated Tech Ecosystem

One of the most effective ways to build technological resilience is to ensure integration across all systems and applications. A cohesive solution approach that eliminates data silos allows firms to build an agile work environment that is able to overcome unforeseen disruptions.

Creating “Redundancies”

Despite the constant pressure for businesses to constantly improve their overall efficiency, creating redundancies in critical business areas may provide benefits. Back-up systems create a safety net where, if one process were to fail, another can take over without any work stoppages.

Mitigating Third-Party Risks

Third parties are a tool for firms to reduce costs, increase efficiencies, and expand their product offerings. However, they are also desirable targets for cybercriminals. Taking steps to identify data flows to and from third-party vendors and controlling data access can help strengthen a potential weak point in a firm’s data security.

Resiliency in a Net-Zero World

Firms not only have to navigate a changing risk environment, but also an evolving social environment. As firms adapt to implement environmental and social change, they must also align their resiliency programs accordingly.

SEC’s Climate Change Reporting Framework

The SEC’s proposal to establish a new climate change reporting framework is led by a focus on increased awareness of environmental impacts to the public and to provide more transparency to consumers. 

Weatherproofing Supply Chains

As companies continue to struggle with supply chain limitations, due to ongoing political conflicts, managing climate risk has evolved into an unpredictable variable. To mitigate risks stemming from unforeseeable weather, companies have begun implementing strategic risk management practices and limiting the amount of money they borrow.

Russian-Ukraine War Stunts Renewable Energy Progress

The Ukraine war has set back renewable energy efforts worldwide. However, simultaneously it has reinforced investments in renewable energy by encouraging banks and insurers to adapt their financial strategies to formulate financial resiliency to climate-related financial risk.

Cybersecurity

Cyberattacks and data breaches have increased in frequency and sophistication and will continue due to geopolitical tensions and the expanded use of new technologies. Attacks and breaches are impacting every industry, especially the Critical Infrastructure Segment, of which Financial Services is a key asset.

Cyber Incident Reporting for Critical Infrastructure Act

In March, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022, creating new requirements for organizations operating in critical infrastructure sectors to report cyber incidents and related ransom payments.  The main requirements include:

  • Report "substantial" cyber incidents to the Cybersecurity and Infrastructure Security Agency within 72 hours.
  • Provide reports of substantial new information that becomes available.
  • Report ransom payments within 24 hours after making the ransom payment.

Firms should consider taking steps to review their response plans to ensure that legal and compliance professionals are brought in early.

 
Special thanks to Chris Chen and Andrew Vegliante and Melany Farinango for co-authoring and contributing to this article.

About the Experts

Back to top