Ten years after the collapse of Lehman Brothers - and a laser-like focus on complying to regulation designed to ensure the integrity of financial markets - banks are now concentrating on operational resilience.
I never thought that I would see a bank fail. But there I was, on Sept 7, 2008, as my colleagues in the Securities Lending group at RBC worked furiously to recall securities loaned out to a failing Lehman Brothers. We’re all too familiar with the crisis and great recession that followed, and the subsequent discovery of regulatory failings that have resulted in banks paying over $321 billion in fines since 2008.
The years immediately following the financial crisis were consumed by complying with addressing misconduct, market manipulation, anti-money laundering, and terrorist financing. By 2015, banks were finally able to reduce the annual reserves they kept to pay penalties associated with bad behavior.
And now the regulators are shifting their focus onto a new area in financial markets: operational resilience and operational risk. As I mentioned in a blog this past summer, the regulators in the UK, together with the Bank of England, have issued a joint discussion paper that describes the key considerations for a FSI’s operational resilience approach:
- Be a strategic initiative driven by the board and senior management
- Be managed by the business in a front-to-back journey level – not by function or siloes
- Operational tolerances and risk appetite measures should be set and monitored by the Board
- The firm should have a mindset that accepts failure is inevitable
The Bank of England has defined operational resilience as “The ability of firms and the financial system as a whole to absorb and adapt to shocks, rather than contribute to them.”
Why are regulators focused on operational resilience now? For two reasons: first, financial services companies are continuing to digitally transform, and with increased digital capability, comes increased risk. Second, with significantly more interconnectivity today beyond the individual firm, disruption can spread even more quickly than it did a decade ago.
This kind of resilience requires visibility and agility. And it needs a strategic approach that Gartner describes as Integrated Risk Management (IRM): “A set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks.”
Think of how powerful it would be if your financial services institution’s business had real-time, full understanding of operational performance - and had the tools and controls to refine processes in response to threats and opportunities.
Click below to learn more about how your firm can turn risk management into a competitive advantage with IRM.