Banks can Drive Value with Operational Resilience in a Post-Pandemic World

Organizations have maintained a steady rise in digitization over the years, which means that firms like banks and other financial institutions are becoming increasingly reliant on networks, software, data and any other elements that operate within cyberspace as well as increasing their reliance on third- and fourth-parties. While firms continue to increase their competitiveness by pursuing digital transformation and outsourcing operations, such as creating partnerships with FinTech’s, they also introduce new risks to the business. As seen throughout the global pandemic, many organizations rushed to digitize their operations so as to minimize the disruptions that accompanied the work from home movement. While the digital transformation was critical, organizations did not have the opportunity to consider the potential risks that accompany a digital roll-out.

While most financial services organizations and regulations focus on operational risk, it is important to plan in terms of resilience. Maturing the operational resilience program enables firms to move away from a reactive state to a more forward-thinking program. Firms should have a plan to anticipate and mitigate threats before they happen, rather than develop plans to respond once a disruption materializes. A strong, efficient operational resilience program helps to identify any potential impacts to an organization’s critical operations and compiles actionable information and data to monitor and manage threats.

Why is operational resilience important?

Operational resilience plans are put in place to allow an institution the highest possible chance of resilience and recovery from operational disruptions. Such disruptions include pandemics, like COVID-19; natural disasters; cyber threats, such as hackers; and any other action that may disrupt core operations and/or compromise the institution’s or their customers’ data.

Thankfully, the evolution of technology has brought more than just startling news. While there are an increasing number of cyber threats to worry about, advances in technology have allowed organizations like ServiceNow to develop an arsenal of tools, workflows and systems that can compile metrics and instrument key operational elements within organizations to help them strengthen their resiliency.

“Financial services regulation has typically focused on operational risk rather than on operational resilience in a broader sense. This has emphasized the importance of risk management to reduce the probability of a disruptive event occurring, and has focused primarily on the financial consequences of a failure in people, systems or processes. But that is changing…The balance of focus is shifting from reducing the probability of disruption to the response and recovery aspects.”

KPMG, Operational Resilience in Financial Services: Seizing business opportunities, page 8 & 9, 2018.

This excerpt from KPMG recognizes the shift in focus from prevention to response due to the increasing and inevitable cybersecurity risks that come with a technologically advanced society.  Quick response times, then, become of utmost importance to financial institutions and other organizations, and are an integral piece of the puzzle in any efficient operational resilience program. And in order to respond quickly, you need to know exactly what you’re responding to, why you’re responding to it, and how you can recover from it if it does manage to make an impact.

As financial institutions strive to ensure resiliency of their operations through disruptions, they should also strive to continuously mature their operational resilience program to become a more resilient enterprise over time. The benefits of maturing your operational resilience program include:

  1. Improved reporting — it is important to explain risk and resilience to our business stakeholders in language that they understand. You can include business performance and status updates with risk, compliance and resilience information.
  2. Risk intelligence — Contextualize risk for business stakeholders so that they can make more informed decisions.
  3. Continuous monitoring — to drive real-time visibility into risk across the business.
  4. Automation — to drive more timely and informed decisions.

To minimize impact from future disruptions, an organization should strive to break down silos to ensure that the operational resilience program is embedded within all operations within the organization. ServiceNow Operational Resilience Management embeds Risk & Resilience into daily work by:

  1. Cross-leveraging common data
  2. Making Risk & Resilience a part of daily operations
  3. Continuously monitoring risks and controls
  4. Contextualizing risk for business stakeholders
  5. Brings it all to life through a variety of tools and automation

These tried and true principles are sure to strengthen your institution’s resiliency. Let Iceberg’s experts walk you through these steps, and more, in greater detail and find out how ServiceNow Operational Resilience Management can help your institution become more resilient.

*** This is a Security Bloggers Network syndicated blog from Risk Intelligence Academy – Iceberg Networks authored by Meaghan O'brien. Read the original post at: