Image

“The financial sector needs an approach to operational risk management that includes preventative measures and the capabilities – in terms of people, processes and organisational culture – to adapt and recover when things go wrong,” they said.The paper also highlights the role of firms’ senior officials when responding to incidents, recommending setting “board-approved impact tolerances quantifying the level of disruption that could be tolerated.” Regulators suggested two days as an acceptable limit for disruption to a business service, according to one scenario detailed in the discussion paper. “Operational disruption can impact financial stability, threaten the viability of individual firms and financial market infrastructures, or cause harm to consumers and other market participants in the financial system,” states the paper. Another important concept that regulators advised financial firms to address involves an effective communication plan. “The speed and effectiveness of communication with the people and institutions most affected, in particular customers, should be at the forefront of every firm’s response,” the discussion paper noted. Firms that fail to demonstrate adequate back-up plans could face fines and other sanctions, such as a requirement for higher capital levels or demanding additional IT investment.