Banks across the EU are failing to adequately meet guiding Principles on operational resilience and risk laid down by the Basel Committee in 2021.
An early 2023 assessment of adoption of the Principles - intended to promote banks' ability to withstand operational risk-related events that could cause significant operational failures or wide-scale disruptions in financial markets - found that the effectiveness and maturity of the measures vary across banks and jurisdictions.
The mapping of interconnections and interdependencies for critical operations, and the definition of tolerances for disruption to these operations are the most common challenges that banks face when adopting the Principles.
The progress report notes that while banks' operational risk management governance is well established, board members' roles and responsibilities and capabilities for operational resilience are still under development.
The report also found gaps in capabilities and effectiveness of self assessment tools intended to identify threats and vulnerabilities and failure to adequately map interconnections and interdependencies.
In terms of business continuity, the study finds banks are facing considerable challenges in consideration of end-to-end delivery of critical operations, and the plausibility and severity of scenarios. For some banks, there is still work to do on developing appropriate business continuity and contingency plans and exit procedures where third parties provide critical operations.
The Committee says that further effort is needed by banks enhance practices, which will require adequate resourcing and prioritisation, and that full adoption may take another two years to achieve.