With 45 members including central banks from nearly 30 jurisdictions, the Basel Committee on Banking Supervision is undoubtedly a global standard setter for the regulation of banks, with a mandate to improve the quality of banking supervision worldwide.
What is The Basel Committee?
The Basel Committee audits how well banks are adopting Principles for Operational Resilience and the Sound Management of Operational Risk
The Committee carries out this mandate by providing guidelines and standards. And as the world economy was recovering from the COVID shock in 2021, the Committee put out Principles for Operational Resilience (POR) and revised Principles for the Sound Management of Operational Risk (PSMOR).
The explicit purpose of these principles (especially the POR) was to promote banks’ ability to withstand operational risk-related events that could cause significant operational failures or wide-scale disruptions in financial markets.
Those events had, of course, been coming in spades. Not just the pandemic, but also cyber incidents, technology failures, natural disasters, and more.
Over thirty months later, the Committee queried how banks were doing on these fronts. This article, in turn, recapitulates the results of the audit into how well banks are adopting the Basel Principles for Operational Resilience and Operational Risk. It also asks, what banks can do to close any gaps, to strengthen adoption?
The Basel Committee finds Adoption lacking
So, what did the audit find?
Recently, the Committee issued findings from its assessment of bank adoption of the POR and PSMOR. The assessment itself took place earlier in the year but was released in a November supervisory newsletter.
Report findings were stark. Banks needed to do better on operational resilience, blasted headlines across the financial press.
Report headlines themselves included:
- Effectiveness and maturity of POR and PSMOR adoption vary across banks and jurisdictions.
- The most common challenge was mapping interconnections and interdependencies for critical operations and the definition of tolerances for disruption to these operations.
- Better resourcing and prioritization were needed.
Sure, the report noted that banks had taken positive steps to leveraging Risk and Control Self-Assessments (RCSAs) to identify threats and vulnerabilities to the delivery of critical operations. More significantly, though, the Committee found wide gaps in capabilities and effectiveness.
That’s not all.
Banks need to get better at mapping dependencies
Indeed, the consensus takeaway was that bank’s mapping of interconnections and interdependencies did not provide a sufficiently granular end-to-end view of critical operations, complexity, and supporting people, processes, and systems.
Why does that matter?
Citing the centrality of mapping and defining tolerances for disruptions to critical operations, the Committee argued that the reliability of other activities, such as risk management and testing, would be called into question, potentially compromising operational resilience.
On a positive note, the Basel Committee found that banks’ operational risk management governance was well established as were many banks’ business continuity practices and frameworks.
On the flip side, however, board members’ roles and responsibilities and capabilities for operational resilience remained under development. Banks were also struggling to adopt the corresponding POR on business continuity and testing.
Add to that, third-party risk management was also a stumbling block. For some banks, there was still significant work left to do to develop appropriate business continuity and contingency plans and exit procedures where third parties provide critical operations.
Steps to take to adopt POR and PSMOR
What steps did the report recommend banks take to strengthen POR and PSMOR adoption? A few broad themes emerged, with the Committee encouraging banks to:
- Leverage all aspects of operational risk management to achieve operational resilience and to recognize the latter’s importance alongside financial resilience
- Acknowledge that operational resilience is more than just business continuity
- Adequately resource and prioritize POR and PSMOR adoption
Of course, the Committee gave more concrete guidance, as well.
Banks were advised to establish and maintain accurate data at an appropriate level of granularity on critical operations, in recognition of the foundational role of mapping interconnections and interdependencies. This was in answer to deficiencies cited in capturing, structuring, and using data on critical operations that may have originally been collected for resolution and recovery planning, business continuity, or other purposes.
Digital technology to help banks successfully adopt the Principles
Much of this guidance amounts to operational resilience best practice, which banks can go a long way towards adopting more efficiently with integrated resilience management software. For banks looking to make significant progress toward adopting the Basel Principles specifically, these software solutions seamlessly unify relevant solution areas such as operational & third-party risk management, operational resilience, business continuity, and more.
In particular, Noggin, an industry-leader in resilience and critical event management, offers the following relevant functionality in its integrated resilience workspace:
Business continuity management
Dependency mapping. Quickly identify dependencies between business activities and supporting assets or vendors and stay informed when one is at risk. Visualize and track dependencies to make informed decisions and take appropriate actions to mitigate risks effectively.
Exercises and scenario testing. Don’t wait for a real-world crisis to test your organization’s readiness. With Noggin’s exercise management solution, you can be confident that teams are prepared to handle any situation that comes their way.
Operational risk management
Noggin helps organizations proactively identify, assess, and mitigate potential risks that could cause operational failures or disruptions to their normal operations. The centralized workspace provides a holistic view of risks, streamlines operational risk-related processes, and fosters effective stakeholder collaboration and communication.
Third-party risk management
Seamlessly collaborate with third parties in a unified workspace dedicated to enhancing resilience. From onboarding and due diligence to risk monitoring, contract, and action management, Noggin equips teams to pinpoint and address the top issues across the vendor ecosystem.
Finally, the Committee has identified major steps banks can take toward the adoption of its Principles, including adequate resourcing. In this article, we’ve sought to argue that integrated resilience management software, like Noggin’s, should be part of that resourcing discussion.
Beyond enhancing targeted resilience practices, these solutions also give banks a more comprehensive and holistic approach to resilience, facilitate crucial collaboration and co-ordination, unlock critical insights, keep stakeholders informed, and streamline essential workflows for planning and response.