The extensive levels of disruption caused by the pandemic has encouraged organisations to look at their wider ecosystem and risks posed by contracted external parties as part of their operational resilience plan, according to experts.
Panellists at the AFME Capital Markets Technology and Innovation conference on Thursday highlighted the magnified interdependencies created by the surge in financial services’ digitalisation.
“The biggest risk [is] part of the unknown and the unknown is the third-, fourth- and fifth-party relationships – it’s dependencies to other services,” said Claus Sengler, a head of section at the European Central Bank’s Single Supervisory Mechanism.
“The pandemic has shown us some surprising results that we were unaware of.
“We all think about the big providers,” Sengler warned, “but there may also be smaller companies that provide a service where we are not really sure [about the risk], and they are systemic in nature.”
Organisations need to understand in detail who they are all connected to, he added.
“All these dependencies are very complex, and they need to be managed. You need to understand if one of these things fail, what are the possible consequences so that you can include that in your scenarios.”
Annik Bosschaerts, COO and executive director at The Bank of New York Mellon, said the pandemic spotlighted the importance of using digital solutions but also stepped up demands for firms to enhance their frameworks in relation to operational resiliency.
Russell Jackson, head of division for UK global banks at the Bank of England, said the acceleration in digital transformation and moving processes to the cloud in a short period of time has undoubtedly raised an operational risk.
“The scale of change gives rise to operational risk and vulnerabilities so the degree of scrutiny […] that boards apply within financial sector firms to really challenge those processes, scrutinise what’s happening, […] is really important management of the paradigm shift that we’re going through.”
“It really matters in not just working against the vulnerabilities that could emerge in operating that new set of platforms,” Jackson said, “but also in getting the right controls to make sure that mistakes aren’t made in that paradigm shift, because it is a very significant difference.”
Earlier this year, the Basel Committee published a set of principles for operational resilience. Sengler said using a principle-led approach over a standard-led approach would ensure greater proportionality and help account for different regional circumstances.
“I would think that it’s the only way how we can make it work because things are so different in size and technologies.”
Bosschaerts added that global harmonisation with an aligned taxonomy will help global companies to better manage any scenarios and strengthen its operational resiliency frameworks.