Strengthening Operational Resilience in Financial Markets

Operational resilience in financial services ensures firms can withstand and recover from disruptions, maintaining critical operations under adverse conditions. This concept is crucial due to increasing risks from cyber threats, technological failures, and other operational challenges. Recent regulatory developments highlight the importance of robust operational resilience frameworks for financial firms, especially those in the derivatives market.

Current Landscape and Trends

The regulatory landscape for operational resilience has seen significant advancements. In the UK, operational resilience regimes became effective in March 2022, with firms expected to fully comply by March 2025. These regulations require firms to identify important business services, conduct mapping and testing, remain within impact tolerances, and perform self-assessments. Similarly, the EU’s Digital Operational Resilience Act (DORA), effective January 2025, mandates comprehensive ICT risk management frameworks, mapping and testing of critical services, and new contractual requirements to ensure resilience.

Key trends in operational resilience include:

1. Third-Party Risk Management: Beyond outsourcing, firms must implement strategies to manage risks associated with third-party providers effectively.
2. Evidencing Resilience: Firms need to collect and analyse data to demonstrate their resilience capabilities to regulators and stakeholders.
3. Data Management: Emphasis is placed on gathering and utilising data about third-party dependencies to enhance operational resilience.

Upcoming Milestones

Several important milestones are on the horizon for operational resilience. In the UK, firms must transition to full compliance with operational resilience regimes by March 2025. This includes identifying important business services and conducting necessary testing. The UK’s critical third-party regime, with final rules expected in 2024, will introduce a supervisory framework for critical third-party providers (TPPs), fundamental rules, mapping and testing requirements, and a financial sector continuity playbook. The EU’s DORA will require financial entities to establish ICT risk management frameworks, perform mapping and testing, and adapt contractual obligations for critical ICT TPPs starting January 2025.

Four Key Learnings for Enhancing Operational Resilience

To enhance operational resilience, financial firms should focus on four key areas:

1. Clear Definitions: Establish precise definitions for key concepts and processes to ensure consistency and clarity across the organization.
2. Evidence-Based Approaches: Maintain comprehensive documentation and data to demonstrate compliance and resilience capabilities to regulators and stakeholders.
3. Early Engagement: Engage with regulators and stakeholders early to understand requirements and ensure timely compliance.
4. Forward Planning: Look beyond immediate compliance deadlines and plan for future resilience challenges and regulatory changes.

Conclusion

Operational resilience is essential for maintaining stability in the financial system, particularly for derivatives market participants. By staying informed about regulatory developments, engaging in resilience exercises, and leveraging analytical tools, firms can enhance their ability to withstand disruptions and ensure continuity of critical operations. As we approach key milestones in 2025, proactive planning and continuous improvement will be vital for achieving and maintaining robust operational resilience.

Get in touch to find out more about Cumulus9.