Welcome to the Q2 2022 edition of Weather the Disruption. This is a quarterly newsletter intended to highlight the importance of Business Resiliency in today’s world. Our goal is to provide global regulatory updates, industry trends, best practices, and potential threats impacting our clients and sector. In this edition, we discuss how businesses can address their resiliency programs in light of a potential economic slowdown.
An ever-changing economic and technological landscape leads to an increasingly turbulent environment that firms must learn to navigate. In response, firms have begun to overhaul their Business Resiliency programs.
Business Resiliency is a firm’s ability to withstand, recover from, and adapt to disruptions to its operations. Disruptions can be widespread, such as natural disasters, or targeted, such as cyberattacks. Regardless of the cause, firms must be proactive in their preparation and have effective contingency plans for when these disruptions inevitably occur.
In a recent survey, 68% of CEOs are expecting a recession and bracing for it. Business Resiliency needs to be a main focus for businesses to be able to stay competitive in an economic slowdown.
The regulating bodies across the world are focused on enhancing transparency requirements of companies' operational resiliency capabilities. Many countries, such as the UK and US, have implemented regulations for companies to ensure disclosure of their resiliency strategy.
The UK imposed new climate-related disclosure regulations for companies and LLPs with the intention to be able to determine financial impacts resulting from exposure to climate-related risks and opportunities. It would require the disclosure of the company resilience business model and strategy, taking into consideration different climate-related scenarios.
The UK has continued to focus efforts on operational resiliency by providing a roadmap of how the Prudential Regulation Authority (PRA) expects regulation of operational resilience to develop across sectors. As part of the focus, PRA has also introduced insurance stress testing that would require insurance businesses to include extensive information about the impact of stress scenarios to their business.
The US Securities and Exchange Commission (SEC) proposed a plan to implement cyber risk management regulatory requirements as cyberthreats pose more frequent threats to companies, investors, and, as a result, the market.
Here are some recent major events that have disrupted the industry this quarter:
As the war in Ukraine continues, several companies have found it challenging to continue regional operations with nearly 1,000 international businesses having slowed operations in Russia, some of which have closed completely.
More than eight million users of Cash App Investing, the stock trading product of Cash App, were involved in a data breach in April. Sensitive information such as names, brokerage account numbers, and portfolio information was exposed when a regulatory filing was downloaded by a former employee.
Businesses and companies are still dealing with the Great Resignation, where tens of millions of US employees voluntarily left their jobs as the battle for talent intensifies. Staffing shortages and the need for appropriate coverage in key business lines pose significant risk to these firms.
In early June, Tropical Storm Alex caused flash flooding and power outages in Cuba and the southern US. As we enter Hurricane Season, experts say all signs are pointing to yet another busy season. As a direct result, firms with operations in coastal regions are especially susceptible to power outages, damage to offices and data centers, staffing issues, and more.
Here are some ways firms have enhanced their Business Resiliency:
As a result of Russia’s invasion of Ukraine, many companies have begun to reassess the stability of their supply chains in hopes to navigate the recent turbulence. There have even been talks between the US and UK to commit to building more durable supply chains to help reduce any future risk that stems from the invasion.
A major outcome of the recent COVID pandemic was the adoption and refinement of business continuity plans among most major banks. These global banks have relied heavily on their plans to remain operational in China despite a recent resurgence of the virus.
Forward-looking financial institutions are having great success implementing these business resiliency programs:
One of the most effective ways to build technological resilience is to ensure integration across all systems and applications. A cohesive solution approach that eliminates data silos allows firms to build an agile work environment that is able to overcome unforeseen disruptions.
Despite the constant pressure for businesses to constantly improve their overall efficiency, creating redundancies in critical business areas may provide benefits. Back-up systems create a safety net where, if one process were to fail, another can take over without any work stoppages.
Third parties are a tool for firms to reduce costs, increase efficiencies, and expand their product offerings. However, they are also desirable targets for cybercriminals. Taking steps to identify data flows to and from third-party vendors and controlling data access can help strengthen a potential weak point in a firm’s data security.
Firms not only have to navigate a changing risk environment, but also an evolving social environment. As firms adapt to implement environmental and social change, they must also align their resiliency programs accordingly.
The SEC’s proposal to establish a new climate change reporting framework is led by a focus on increased awareness of environmental impacts to the public and to provide more transparency to consumers.
As companies continue to struggle with supply chain limitations, due to ongoing political conflicts, managing climate risk has evolved into an unpredictable variable. To mitigate risks stemming from unforeseeable weather, companies have begun implementing strategic risk management practices and limiting the amount of money they borrow.
The Ukraine war has set back renewable energy efforts worldwide. However, simultaneously it has reinforced investments in renewable energy by encouraging banks and insurers to adapt their financial strategies to formulate financial resiliency to climate-related financial risk.
Cyberattacks and data breaches have increased in frequency and sophistication and will continue due to geopolitical tensions and the expanded use of new technologies. Attacks and breaches are impacting every industry, especially the Critical Infrastructure Segment, of which Financial Services is a key asset.
In March, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022, creating new requirements for organizations operating in critical infrastructure sectors to report cyber incidents and related ransom payments. The main requirements include:
Firms should consider taking steps to review their response plans to ensure that legal and compliance professionals are brought in early.