Guidance on Operational Resilience
The Board of Governors of the Federal Reserve System (“Federal Reserve”), Office of the Comptroller of the Currency (“OCC”), and Federal Deposit Insurance Corporation (“FDIC”) have published, in October 2020, a guidance paper outlining sound practices designed to help large banks increase operational resilience.
According to the Federal Reserve publication, the Guidance is designed to increase operational resilience and covers practices that are drawn from existing regulations, guidance, statements, and common industry standards. The practices are grounded in effective governance and risk management techniques, consider third-party risks, and include resilient information systems.
According to the regulatory Guidance, the practices apply directly to US domestic banks with more than $250 billion in total consolidated assets or banks with more than $100 billion in total assets, therefore covering some of the top 15-20 US banking organizations. However, the regulators have indicated that smaller firms should also consider these guidelines in order to strengthen the resilience of their processes and systems, especially as the scope of firms directly affected may change in the future. Furthermore, since the Guidance links several different areas of banking regulation, it may require banks to rethink and reorganize risk and compliance structures, which have, so far, operated in silos.
Principles of Operational Resilience
The Guidance describes seven categories of sound practices that US banking organizations may use to strengthen and maintain their operational resilience.
Most of these categories are already extensively covered by existing regulatory and industry guidance. This paper brings these best practices together and enhances them to provide a robust framework for firms to follow.
Impact on US financial firms
The Guidance reflects the increased importance regulators and the industry place on operational resilience. Many of the practices in the Guidance should be familiar to banking organizations of all sizes and may already be in place.
However, given the broad scope of the Guidance and the spanning of different areas of regulatory interest, firms may have to review their organizations and processes to align with the regulatory expectations.
Furthermore, since this is a hot topic with all regulators (given the DORA in the EU and the FCA rules