Why strong communication surveillance is at the heart of enhanced operational resilience

Once viewed as little more than a tick-box exercise, operational resilience has become an essential function in financial services organizations given the extended market turmoil businesses have endured. The 2008 financial crisis resulted in numerous regulatory reforms to internal structures and capital buffer requirements, but nothing in the way of business continuity demands appeared until the onset of COVID-19.

Critical sectors, in particular financial services given its role underpinning the global economy, were rocked by the pandemic, which underlined the need for advanced, often technology-powered capabilities to react to widespread disruption and threats to operations. In 2021, the Basel Committee on Banking Supervision (BCBS), an international rule-maker, noted that strengthening banks’ ability to absorb significant jolts should be a priority, and regulatory expectations soon shifted away from the traditional risk management and continuity practices, to one of enhanced operational resilience.

Operational resilience and financial services regulation

A new operational resilience regime entered the UK in March 2022, introducing requirements for domestic banks and insurers to ensure the UK financial sector has a strong enough framework to weather major risk-related events. The deadline for firms to be in full compliance with the laws is March 2025. The European Union has enacted a similar regulation on digital operational resilience, while the US consolidated several regimes with a broadly corresponding end goal; to help firms measure their “tolerance for disruption” and ensure they have the capacity to endure a disrupting occurrence.

While the nature of operational resilience means a business won’t truly know how strong its function is until disaster strikes, COVID gave way to a relentless barrage of market shocks that meant many organizations had to upgrade their resilience capabilities in live environments

From geopolitical unrest to inflation, climate change, and energy market volatility, the ability to withstand these disruptions, along with pandemics, cyberattacks, technological failures, or natural disasters, has remained top of boardroom agendas. And as experts are quick to note, the advantages of going beyond mere compliance can manifest in clear benefits for firms who leverage automation and machine learning technologies to improve their efficiencies.

“The competitive advantage to individual firms of being operationally resilient and the key role it plays in the wider market’s overall financial stability cannot be overestimated,” said Pauline Hawkes-Bunyan risk, culture and resilience director at the UK Investment Association.

The foundations of enhanced operational resilience

Enhanced operational resilience is built around five pillars:

1. Business continuity planning
2. Disaster recovery
3. Cyber resilience
4. Communications surveillance
5. Third-party risk management.

Regulators want comprehensive strategies, processes and procedures to be drawn up that allow for uninterrupted continuation of critical business functions during disruptions. Key dependencies must be identified, whilst backup systems are implemented and alternative work arrangements are established.

The organization’s technology stack must have disaster recovery capabilities in order to help the business withstand significant events and restore or maintain operations. Recovery plans help to minimize downtime and guard against the threat of data loss.

Cyber resilience has also become a particularly important aspect of the process given the increasing frequency of cyberattacks. Robust cybersecurity measures, regular risk assessments and the creation of incident response plans are paramount.

Many financial institutions rely on third-party vendors and service providers, and these relationships must be mapped to prevent disruptions caused by outside failings.

Underpinning each of these pillars is the need for strong, intelligent communications surveillance. Effective and targeted monitoring of supervised individuals can help to ensure a prompt and accurate response to any incident is carried out, and ensures no further threats emerge from inside the business.

Powered by machine learning and artificial intelligence, advanced communications surveillance has become an integral part of operational resilience strategy, with machine learning engines trained on internal datasets capable of identifying risks before they escalate.

Operational Resilience requirements during incidents

Digital communications compliance is vital for an organizations success. Enacting a solution that meets today’s standards and future-proofs your organization is within reach. What can be an often overwhelming strategic decision, finding a software partner that can help automate once manual processes and create team efficiencies, allows your team to maintain compliance.

Future regulatory focus of operational resilience

It has become clear that operational resilience is a focus area for regulators over the upcoming economic cycle, “and firms in all regions can expect to be required to review and, where necessary, refresh their approach,” added Jonathan Rogers, financial services partner at law firm White & Case.

“To meet all of these requirements, firms will need to ensure they have sufficient internal resources to implement the assessments, mapping, testing and other additional actions the new regime demands,” Rogers said.

Communications surveillance technology has a pivotal role to play in helping organizations keep services running, safeguarding customer data and maintaining stability. It can detect and respond to operational risks and threats faster and more effectively than human analysts alone and is an increasingly important part of the robust framework regulators are looking for.

Proactive endeavors not only protect organizations from financial losses but also foster confidence among customers, regulators, and stakeholders, nurturing a resilient and trustworthy financial ecosystem.