News and resources on payments systems, innovations and initiatives worldwide.
EBAday 2022: Preparing for the operational resilience ‘sea change’

EBAday 2022: Preparing for the operational resilience ‘sea change’

Kicking off the EBAday session titled ‘Building Operational Resilience’, moderator Tom Zink, research director, IDC Financial Insights, posed a poll question to the audience, asking ‘how familiar are you with DORA?’

Over 60% of the EBAday audience responded that they had not heard of the Digital Operational Resilience Act, informally known as DORA.

Putting the focus on the financial services industry and the ICT industry, Zink asked the panel about what considerations financial institutions should be making in order to meet the impending regulatory deadlines.

Nicola Coyne, head of low value and immediate payments, Barclays Bank, explained that resilience is a key part in the banks’ strategy. “Banks always need to be ‘on’ these days - particularly if they’re operating across the globe, and they must be able to respond to unforeseen changes. We’ve all experienced Covid-19, Ukraine, and there are plenty more black swan events. We have to be more resilient and address the vulnerabilities that we find.”

As Barclays is UK based, they are operating to the Bank of England’s timeline around operational resilience, which had significant milestones to meet by March this year and more significant deadlines scheduled for March 2025.

Parth Desai, CEO, Pelican, furthered that his view is that we need to step back and look at operational resilience in its totality. “This isn’t just about ICT or systems fault tolerance, its being able to withstand any unforeseen circumstances that happen in the future.”

Desai added that artificial intelligence can help to achieve this in three key areas:

  1. Analytics: examine at the historical data, what happened and what can happen
  2. Forensic analytics: abnormalities to be monitored closely - alerted and stopped instantly
  3. Process optimisation: so that dependence on manual workforce is significantly reduced

Luigi Paris, head of sales team for central institutions, Nexi Payments, noted that the services Nexi provides are ‘mission critical’ which means they must be functional at all times. Paris added that all of their customers - including EBA Clearing and central banks, rely on them to provide critical services and “we therefore welcome operational activities.”

“We’re quite used to meeting best practices, DORA is essentially already in place in our processes, DORA will just make it mandatory. We view it as a positive thing to make things more stable, secure, reliable,” Paris observed.

Zink asked the panel to provide further detail around how financial institutions are preparing for operational resilience. After explaining how Barclays approached meeting the first DORA requirements earlier this year, Coyne explained that the key lessons she would have liked to know ahead of the project, was to educate the entire bank about why and how this needs to be done.

“It's really important that everybody understands how they're involved, how they can help and why it's important. If you give them the bigger picture. Then when you start to build new systems, new developments, all those exciting things you're doing, you can build-in that resilience mindset.

“Also, if you’re doing a workshop on things like looking for third party suppliers, keep it small and focused. 27 people in a workshop doesn’t get a result.”
Coyne added that its important to get these plans finalised soon, and to think critically about comms plan, “You really have to step back and think strategically around how you are going to approach the project.”

Moving to wider questions around the ecosystem transformation that come with DORA, Zink stated that service providers are increasingly coming under regulators’ scrutiny. Is this where the true “sea change” is going to happen, Zink asked. “Further, how do we need to change our thinking around our increasingly decentralised ecosystem?”

Coyne noted: “It's quite interesting because obviously you've got much more control over your internal systems and processes that then when you go to start working with suppliers, you're sourcing for the purpose that we were talking earlier […] While DORA is places emphasis on critical suppliers, such as AWS and Google etc, but it actually goes further into questioning banks’ own critical suppliers - if that supplier goes down, does that actually impact another whole swathe of banks?”

Comments: (0)