Driving digital operational resiliency in banking

Today’s volatile business world is pressuring organizations across industries to rethink their business continuity strategies and solutions, and banks are no exception. Increasing financial crime, heavy regulation, a greater dependency on technology, complex ecosystems, and other challenging business dynamics are making business continuity a higher priority for bank executives.

With the right approach and technology, investment in business continuity can move beyond operational necessity to strategic advantage. Banks can achieve digital operational resiliency, protecting their business and customers from disruptions while driving performance and growth.

In this blog, I’ll share insights on the benefits and challenges of digital operational resiliency, along with some recommendations for pursuing it.

Attributes of digital operational resiliency

As banks become increasingly dependent on digital technologies to carry out their day-to-day operations, digital risks, such as cyber-attacks, are increasing exponentially. The need for digital operational resiliency has never been greater.

Key attributes of digital operational resiliency include the following:

• Establishing and prioritizing appropriate measures for reacting to major incidents
• Understanding how to minimize losses resulting from disruptions
• Identifying critical processes and implementing ways to prevent their disruption
• Promoting continuous improvement in business continuity through competence centers, plans, and policies
• Investing in business continuity tools focused on critical processes
• Complying with applicable laws and regulations

A fundamental approach to digital operational resiliency

Achieving digital operational resiliency, however, can be challenging, especially as the use of digital technologies and their related risks continue to increase. Key roadblocks include the following:

• Legislation/regulation: Numerous legislative and regulatory mandates at every level of government must be understood and followed.
• Monitoring: Monitoring risks is an around-the-clock effort, requiring significant investment.
• Reporting: Reporting requirements, such as new European Union reporting rules, are constantly emerging and evolving.
• Testing: Testing by financial entities and competent authorities must be coordinated.

In our experience in working with banks across the globe, the path to digital operational resiliency requires a comprehensive, integrated, and automated approach that includes three fundamentals:

• Business continuity consulting: Experts with proven experience who can help banks build robust business continuity and disaster recovery plans and policies that extend across the enterprise.
• Integration of software-based intelligent process automation (SBIPA): SBIPA tools enable around-the-clock monitoring, testing, and reporting of incidents through intelligent process automation.
• Cloud computing and data analytics: Each enables banks to implement traceability mechanisms for detecting malicious attempts to breach data and systems security and maintaining operational records.

With these fundamentals in place, a bank can efficiently increase its business continuity maturity level and achieve the full benefits of digital operational resiliency.

The impact of DORA

In September 2020, the European Commission published the first draft of the Digital Operational Resilience Act (DORA), which aims to ensure financial institutions maintain not only financial resiliency but also operational resiliency, as cybersecurity risks continue to escalate. The new regulatory framework comes into full effect in January 2025.

While DORA is a European regulation, its impact will be felt worldwide because it covers any information and communications technology (ICT) service provider or large financial institution doing business in Europe. Further, other geographic regions are likely to follow Europe’s lead in enacting digital resiliency legislation.

New regulatory schemes like DORA make it clear that digital operational resiliency will only continue to grow in importance.

Partnering for success

Preparing for regulations like DORA and building strategic business continuity plans and processes requires specialized expertise and experience. Often, the type of specialization required cannot be found inside the bank; external partners are required.

Find a partner with not only extensive business continuity consulting expertise and proven solutions, but also one with significant banking experience. The partner should be able to advise on and implement strategies, plans, processes, and technologies that address the specific business continuity needs of banks, including related regulatory schemes and market pressures.

If you’re interested in learning more about digital operational resiliency and our work with banks in this area, feel free to contact either of us (see our contact information below).