David LaFalce, DTCC Managing Director, Global Head of Business Continuity and Resilience
Operational resilience is an area of growing focus across Asia and global markets. Today, companies face more threats than ever before. Social and political unrest continues, climate change is causing unprecedented challenges, cybersecurity threats are growing, and Covid-19 continues to highlight the fragility of supply chains and organizational design. In this increasingly complex environment, financial services firms must be resilient and able to adapt their operations and processes to function under disruptive conditions while ensuring their ability to provide critical services.
But operational resiliency is not a new concept. In fact, the industry has been keenly focused on ways organizations can prepare for and respond to potentially disruptive events for decades. However, with the financial services ecosystem and external threats continuing to evolve, including unprecedented events like Covid-19, firms are taking a fresh look at how they can further improve their operational resiliency. In doing so, we see three areas that should be considered:
1. The fewer manual processes, the better
The industry has significantly increased investment in automation over the last decade or two due to the ongoing need to reduce costs and increase efficiency. This evolution has been accelerated by natural event-driven disruptions, such as typhoons in Hong Kong, earthquakes in Japan, Superstorm Sandy in the US, and man-made events like 9/11, all of which require regional preparedness. During the pandemic, technology and automation have been critical to firms’ ability to function, as companies were forced to adapt their work processes and operations to effectively support remote working.
In the months ahead, firms have an opportunity to further reduce or eliminate processes that require a physical presence in an office, thereby driving even greater levels of productivity and efficiency while enhancing operational resilience. Firms should take this time to assess what worked and what could be done better, an assessment that should continue in the years ahead as firms re-examine their business continuity strategies in light of the current pandemic. Higher levels of automation can help to ensure orderly markets by making virtual work environments possible across jurisdictions.
2. Interconnectivity, while good, can multiply potential points of weakness
Past incidents such as natural disasters and terrorist attacks have damaged physical sites, forcing the industry to consider its entire operational footprint. This has led to new resiliency measures, such as enhanced transfer of work abilities and improved operational and cybersecurity approaches.
At the same time, the industry has become more interconnected and dependent on peers and vendors, extending each firm’s operational footprint and the risk to and from third-party organizations. To address this growing area of risk, it is important that firms carefully review their entire ecosystem of interconnected entities, conduct an objective assessment of exposure, evaluate how severe the impact could be should an entity fail, and ultimately identify ways to mitigate or overcome the risk.
It is positive to see that third-party risk assessments have become more prevalent across the industry in recent years, providing firms with important insights into areas that could impact their operational resilience during a future crisis, and these efforts must continue.
3. Regulatory and sector partnership and collaboration is needed
Asia’s financial services sector has become a highly regulated landscape, with the protection of the underlying client as a top-end goal. An organization that is not operationally resilient may struggle to comply with the necessary standards and to ultimately achieve this objective.
Associations in Asia are making efforts to address these challenges. For instance, ASIFMA’s report, ‘Addressing Market Fragmentation Through the Policymaking Lifecycle’, calls for greater harmonization across jurisdictions as a means of achieving operational resilience.
Similarly, SIFMA launched the ‘Quantum Dawn V Cybersecurity Exercise’ last year. This enabled global public and private bodies – including in Hong Kong, Malaysia, Japan and Singapore – to practice coordination and exercise response protocols to ensure the smooth functioning of financial markets when faced with a series of cyberattacks. A clear takeaway from the exercise was the importance of a robust partnership between the industry and government – grounded in information sharing.
To achieve overall operational resilience, partnership between the private and public sectors is crucial. Public and private collaboration can ensure the speedy development of operational resiliency standards that will allow companies to survive and grow in today’s complex, ever-changing landscape. At the same time, as we continue to face an environment of uncertainty, operational resilience should be top-of-mind for firms and their senior leadership.
By introducing greater levels of automation, conducting third-party risk assessments, and collaborating across the industry and with regulatory bodies, firms are better positioned to withstand and recover from future events.
This article first appeared in Regulation Asia on December 15, 2020.