The WFE has published its response to the BoE-FCA-PRA Discussion Paper on Operational Resilience. The discussion paper calls on firms to demonstrate their operational resilience in the event of a cyber-attack or IT disruption.
The key points of the WFE's response are as follows:
- The Bank of England-Financial Conduct Authority-Prudential Regulation Authority's (BoE-FCA-PRA) proposed approach - service rather than systems-based - relating to continuity of business services does not seem to be far removed from existing current business continuity management (BCM) planning. Organisations already take a service approach through risk assessment, business impact analysis, scenario testing, stress testing, and business continuity testing.
- The maturity of business services mapping (i.e. linking of business services, processes, systems, owners etc.) tends to vary from organisation to organisation.
- The WFE can see some benefit in the possibility of firms being asked to set impact tolerances. It may take time to perform to the level regulators would be comfortable with, and it may be worthwhile for regulators to define a scope and framework to ensure consistency between market infrastructures.
- Communication processes are defined in incident management and crisis management planning.