By Jonathan Shiery
With the recent market volatility and recession fears, not all businesses are able to maintain revenue necessary to retain employees. It costs organizations1.5-2 times the employee's salary, including dedicated time and resources to recruit, onboard, and train a new team member.
While turnover, both voluntary or involuntary, will always be a part of business, high turnover can have a massive effect on business resiliency. Resilient firms ensure employees are properly trained, to ensure that proper coverage is available and that there is a widespread understanding of recovery strategies.
Across the world, regulators are understanding the importance of business resiliency as it relates to the stability and advancement of the financial sector and the global economy as a whole. As a result, many have implemented regulations to outline standards and guidance to enhance resiliency programs:
After UK financial firms were tasked with identifying their key business services in March of this year, the next deadline is March 31, 2025, when firms must have performed all testing to ensure they are able to remain within their previously identified impact tolerances.
The European Parliament reached an agreement on the Digital Operational Resiliency Act (DORA) in response to the increasing risk of cyberattacks within the financial industry. DORA outlines specific requirements around Information and Communications Technology risk management, incident reporting, and threat-led penetration testing.
The US and UK released a Joint Statement on the Financial Regulatory Working Group, which has been focused on a variety of topics, including the need to bolster business resiliency. The working group stressed the need to strengthen the resilience of the sector, including strengthening liquidity risk management practices and the need for future cooperation.
The Australian Prudential Regulation Authority (APRA) has proposed a new standard for operational risk management in the banking, insurance, and superannuation industries. This standard will outline the minimum standards for managing operational risk, including updated requirements for business continuity and service provider management. APRA will review industry feedback before the standard comes into effect at the beginning of 2024.
Here are some recent major events that have disrupted the industry this quarter:
As fear of a potential recession looms, many firms are reassessing their headcount and have already begun widespread layoffs. Major global banks have begun layoffs in an effort to cut costs, some even reimplementing their pre-COVID-19 programs of annual layoffs during performance reviews.
Severe flooding has left one-third of Pakistan underwater, claiming more than 1,300 lives and has led to damages totaling more than $10 billion. Additionally, severe damage to crops and livestock has prompted the Pakistani government to warn of a potential food crisis.
A recent drought has shut down Chinese factories and further stalled crippled international supply chains for automobiles, electronics, and other goods. Economists and trade experts warn that such events will become more frequent as we begin to feel the effects of climate change.
Climate change has taken a toll on Europe this summer, resulting in destructive forest fires across southwest Europe. The global average temperature for June 2022 was about 0.3°C higher than the 1991-2020 average, making it the third-warmest June on record. Climate change poses a huge risk to the economy, causing billions of dollars in losses.
Here are some best practices for firms looking to enhance their business resiliency:
Banks across Europe are setting up backup generators and dimming lights in preparation for potential power cuts. As Russia continues to cut gas supplies to the rest of Europe, these banks are testing how they can best operate under prolonged power shortages.
While Data Breaches are of rising concerns across all industries, firms within the financial sector have been especially stringent in their data protection. The financial sector is second behind only the healthcare sector in average cost per data breach, costing firms an average of $5.97 million per breach in 2021 and 2022.
Forward-looking financial institutions are having great success improving business resiliency programs by considering these best practices:
Recently, banks have seen a rapid digitization in their payments systems to keep pace with consumer needs and may need to reassess their business resiliency programs to address unforeseen gaps. A resilient payment program includes well-documented requirements, governance, and risk management, as well as an established incident management system. The Federal Reserve has made resiliency a key component in their new FedNow instant payment platform as it begins its testing phase.
As firms begin to enhance their internal business resilience, they have also begun to look externally to identify key relationships with third parties that may pose potential threats to their own operations. The UK’s Prudential Regulation Authority has even published Supervisory Statement 2/21 that outlines requirements for Third-Party (and subsequent agreements) Agreements to ensure greater resilience to the industry.
Firms not only have to navigate a changing risk environment, but also an evolving social environment. As firms adapt to implement environmental and social change, they must also align their resiliency programs accordingly.
The energy crisis and inflation have a direct correlation that effects businesses across the globe and in Europe, where the energy sub-index is up 26% this year. These high energy prices affect how a business functions and its ability to operate efficiently.
In July, Russia halted the gas supply through the Nord Stream 1 pipeline, which can send a maximum of 120 million cubic meters of gas per day from Russia to Germany. As a result, within one day the wholesale price of gas in Europe increased by 10%. In response, the EU has agreed that members will voluntarily reduce 15% of gas use between August and March, leaving companies to decide what cuts or reductions are needed.
Lloyd’s of London is the most recent insurer to announce that it will be reducing the breadth of its ransomware cyber insurance coverage options starting in 2023. This change has significant impact to organizations planning to “buy down” risk exposure while implementing organizational or technical changes to better protect them from today’s cyberthreats. Ransomware attacks nearly doubled, rising by 92.7% in 2021, according to Security Magazine. The rate of ransomware payments also doubled last year. Fifty-two percent of Financial Services organizations paid ransoms to restore access to data, higher than the global average of 46%, according to IT security firm Sophos. Companies will need to continue to make investments to enhance their organic ransomware protections, in addition to their own cyber-resiliency programs to reduce the likelihood of impact to their business.
Thanks for contributions by: Chris Chen, Andrew Vegliante, Devinne Cook, and Kevin Michels.
Complexity demands a trusted guide with the unique expertise and cross-sector versatility to deliver unwavering success. We work with organizations across regulated commercial and public sectors to catalyze transformation and pioneer new directions for the future.