How to achieve operational resilience
Banks learned a lot about the quality of their operational resilience during COVID-19 and have shared these learnings with both their boards and regulators. CROs expect regulators will subsequently use those insights to strengthen regulation – indeed, 93% of bank CROs expect tougher resilience standards ahead, especially in data protection, cybersecurity, and end-to-end testing.
However, there isn’t just a regulatory need to improve operational resilience, there’s a business incentive too. With ongoing threats and disruption, banks cannot treat resilience as a stand-alone issue. Instead, it must be built into the fabric of organizations’ decision-making processes, transformation programs, and digital and technological capabilities immediately. CROs can help to shift how banks think about resilience processes by building the necessary business case to secure more investment in resilience measures.
Being more proactive is a major theme when talking to CROs about what they learned about operational resilience during the COVID-19 crisis. There is widespread recognition that no bank had a business continuity plan good enough for a global pandemic of this magnitude.
The lessons learned are now making their way into how organizations will operate in the future. For example, the more executive management teams are informed about risks, the more understanding they have of the critical information, thereby accelerating their risk acceptance decisions. Additionally, there is a greater recognition that resilience is made up of many components, with each playing a crucial role. The pandemic has helped to break up a traditionally siloed mentality toward resilience, to ensure that each operational capability works in harmony with another.