Welcome to the first edition of Weather the Disruption. This is a quarterly newsletter intended to highlight the importance of Business Resiliency in today’s world. Our goal is to provide global regulatory updates, industry trends, best practices, and potential threats impacting our clients and sector.
In today’s turbulent economic and geopolitically charged environment, Business Resiliency should be top of mind for financial institution leaders. As these organizations push the boundaries of innovation, regulatory agencies will follow—forcing financial institutions to reconsider their resiliency approach.
Business Resiliency is a firm’s ability to withstand, recover from, and adapt to disruptions to its operations. These disruptions can range from an economic downturn to cybersecurity issues to, perhaps most topically, global pandemics.
However, as the idea of Business Resiliency becomes more prevalent, the unpreparedness of firms has become more apparent. Less than 40% of CEOs globally say they believe they are well prepared to meet challenges posed by a major crisis related to inflation, cybersecurity, supply chain disruptions, or climate change.
There have been major regulatory changes surrounding Business Resiliency of late, with more expected:
United Kingdom: The UK is leading the global charge in the realm of Business Resiliency regulation. In March 2021, the Financial Conduct Authority published new rules and guidance surrounding the operational resiliency of UK Financial Institutions. By April of 2022, all financial services companies must have identified their essential business services and measured their impact tolerances and maximum tolerance disruptions.
United States: The UK regulatory environment serves as a basis for where US regulation is headed. In December 2021, the Financial Industry Regulatory Authority (FINRA) decided to maintain FINRA’s Rule 4370, a law that requires member firms to create, maintain, review, and update a Business Continuity Plan. In addition, the SEC is proposing similar rules to require cybersecurity policies and procedures for incident response and prevention.
The past quarter has had no shortage of Business Resiliency events. Here are some examples of recent major events:
Here are some examples of steps firms have taken to enhance their Business Resiliency:
Digital Transformation
Digital transformation that organizations are undergoing for operational improvements can also lead to fewer disruptions and faster recovery from the disruptions that do occur. The cloud allows for businesses to be more agile and adaptable with multi-cloud infrastructure necessary to maximize growth and efficiency.
Low-Code/No-Code Applications
Low-code or no-code tools are a way of building applications without the need for significant lines of handwritten code. They help to strengthen operational resiliency by making developing solutions easier and able to involve more of the workforce to contribute compared to costly, complex legacy systems.
Forward-looking financial institutions are having great success implementing these business resiliency programs:
Remote/Hybrid Work
During the COVID-19 pandemic, firms across the globe had to accommodate a mass shift to remote/hybrid work that, in turn, led to improvements to firms’ operational resilience. For example, firms with a less geographically condensed workforce are able to recover and adapt easier in times of disruption. Remote work has also forced companies to make improvements to their networks and IT infrastructure, thus reinforcing their resilience from a technological standpoint.
Identifying Essential Services
To best plan for possible operational disruptions, an organization should first determine the services that are most essential. By doing so, they are highlighting areas in which the greatest degree of harm could be inflicted. In addition, firms can identify the assets that prove critical to these essential services, and in turn, the continuity of the firm as whole.
Firms not only have to navigate a changing risk environment, but also a changing social environment. As firms adapt to implement environmental and social change, they must also align their resiliency programs accordingly.
RMA Climate Risk Consortium
Nineteen major North American banks announced the launch of the Risk Management Association Climate Risk Consortium. The consortium hopes to be industry leaders in climate risk management by developing consistent taxonomy, frameworks, and standards.
Net-Zero Banking Alliance
The Net-Zero Banking Alliance has received commitments from 103 banks across 40 countries with $68 trillion in total assets since being launched by the United Nations in April 2021. The goal of the Alliance is to support the global transition to a net-zero emissions world.
BlackRock on Climate Risk
In BlackRock’s latest proxy voting guidelines, the firm is asking companies to disclose business plans on how they will meet global net-zero goals while delivering on financial performance.
Developments in the digital world, along with new cyberthreats, have driven the US government to increase its attention on protecting essential service areas such as the financial services community.
SEC Proposal
The Security and Exchange Commission has started the process of imposing new rules on investment funds and advisors to improve cybersecurity protections, and to alert the SEC within 48 hours of a suspected hacking incident. These requirements, when enacted, will necessitate changes to existing business and communications plans, as well as potentially affecting current governance models.
NIST Report 8389
The National Institute of Standards and Technology (NIST) is also looking to protect the future of our evolving banking practices by soliciting comments in upcoming guidance in the form of NIST Report 8389, “Considerations of Open Banking Technology and Emerging Standards” focused on the new “Open Banking” financial ecosystem. This report contains a definition and description of open banking, its activities, enablers, and cybersecurity, and privacy challenges.
Special thanks to Andrew Vegliante for contributing to this article.