Page 35 - Banking Finance April 2022
P. 35

ARTICLE

             vulnerabilities, the organisation is likely to be exposed  is the approach adopted by the organization that will
             to. The most important point to consider is that no  differentiate them in the long run. To gain a competitive
             plausible scenario should be rejected on the ground that  advantage the organization that adapts and adopts a
             it cannot happen to my organization. They  need to  dynamic risk assessment methodology which is proactive,
             have an action plan in place for such scenarios. The  integrated and based on concept of granularity will increase
             action plan formulated should also be put to test. While  its chances of survival. Going granular helps in identifying
             testing it is important to verify that the scenarios are  its leading indicators. This  not only reduces the complexity
             as per the nature, size, scope of its business activities.  but is easy to communicate  and implement as the
             The action plan should clearly state the people, process  operational level team can relate.
             systems that need to deliver at the time of crisis.
             Bottom up approach works better as resilience not only  Way Ahead:
             needs to be built in the design / functionality of the
             system and process, but it is required to be built in the  Organization level:
             culture of an organization.                      The organizations need to develop on the existing
                                                              governance and risk frameworks and keep pace with
         Challenges:                                          innovations. Operational resilience needs to be built into
                                                              business plans , which would require a clarity of  purpose,
         Internal challenges: There are certain challenges which the  roles and responsibility (individual as well as collective ) and
         financial organizations face especially budget constraints,
                                                              skilling and upskilling at all levels (i.e Board, Senior
         obtaining board approvals. For many institutions they might  Management and operating)
         be still using outdated technology systems, while at the
         same time trying to meet the market needs by innovating
                                                              The approach adopted needs to be continuously reviewed
         new products.
                                                              to tackle disruptions and a routine needs to be developed
         External challenges : In addition  to the budget constraints  to address resilience of critical / important business services.
         there are  external challenges like the emerging     Transparency in regulatory reporting and disclosure of
         technologies such as artificial intelligence, Block chain-  threats to the critical / important business services.
         distributed ledger technology, sophistication of external
         threats in the cyber security space, demand for crypto- Regulator level:
         assets, increased scrutiny on value for money from   The Regulator has an important role to play by setting
         customers, who so easily switch to new providers; system  standards, indicating best practices, and developing stress
         complexity and third party risk. To drive innovation  scenarios considering the common challenges faced across
         organizations, must balance concentration risk that may  sectors and geographies. Mapping of sector dependencies
         provide economies of scale against spreading the risk of  is required to reflect on the common challenges, understand
         supplier failure.                                    the interconnectedness and come up with collective
                                                              solution. The recovery and resolution may be required to
         Thus, the key threats that come out of the           be done across the sector to address issues like complete
         challenges and need to be focused on are:            lockdown. If required, a new framework can be developed
                                                              to bring the third party within the regulatory ambit.
         Y   speed of technological changes
         Y   disruption from less established technologies    Conclusion:
         Y   Increase in the frequency and severity of cyber attacks  Operational Resilience extends beyond business continuity
         Y   Physical Risk due to Climate change: Resilience will be  planning as it includes man made threats like cyber-attacks,
             put to test under physical risk due to climate change  third party failures, natural disasters, and geopolitical risks.
             and disruptions caused to mitigate it            Resilience needs to be recognized as a separate risk and
                                                              managed accordingly.  It requires not only to build on
         Organizations lagging in developing resilience or having  capabilities but embed systems & behaviors so that the
         operational weaknesses will be targeted by fraudsters. These  organization can carry out its mission and implement its
         key threat areas are broadly similar for all organizations, it  strategies in the face of any disruption. T

            BANKING FINANCE |                                                                APRIL | 2022 | 35
   30   31   32   33   34   35   36   37   38   39   40