OPERATIONAL RESILIENCE, A KEY REGULATORY FOCUS
Darren Maher, partner: "The continued fall out from COVID-19 has resulted in resiliency, now and into the future, being placed high on the agenda of businesses worldwide and financial services has been no exception. Alongside the increased industry focus on resiliency, we have seen an equally strong regulatory focus, at both a domestic and international level, on operational resilience and in particular, digital resilience. This is a trend which we can expect to continue into 2022 and beyond.
At an Irish regulatory level we have seen operational resilience feature in several outputs of the Central Bank of Ireland ("Central Bank"), including its 2021 regulatory priorities, its Consumer Outlook Report for 2021, and several speeches made by its senior members. This culminated in the publication of the Central Bank's Cross Industry Guidance on Operational Resilience ("OR Guidance") in recent weeks. Additionally, the most recent administrative sanction imposed by the Central Bank also related to operational resilience, where an entity failed to have a robust framework in place to ensure continuity of services for the entity and its customers in the event of a significant IT disruption
At a European level, the European Parliament ("Parliament") and the Council of the EU ("Council") are currently considering the European Commission's ("Commission") legislative proposal for an EU Regulation on digital operational resilience for the financial sector ("DORA"). Additionally, the European Supervisory Authorities ("ESAs") in their second joint risk assessment report for 2021 considered, in particular, the rise seen in cyber risk in financial services and how DORA can play a part in addressing this risk.
Meanwhile, many other jurisdictions are also adopting their own regimes, for example the United Kingdom ("UK") has seen dedicated operational resilience frameworks established by the Prudential Regulatory Authority, the Financial Conduct Authority and the Bank of England. One of the challenges arising from multiple regulatory authorities establishing these regimes concurrently, particularly for multinational financial services entities, is navigating the differences between them in order to ensure full compliance. Compliance with one regime does not guarantee compliance with all.
On the next page we consider some of these key developments in more detail. Finally, Matheson will host a webinar on Tuesday, 18 January 2022 to discuss these trends and in particular, the OR Guidance. We hope you can join us for this event briefing."
To register for our Operational Resilience Webinar please click here.
To view the full article please click here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
