Dan Thieke, DTCC Managing Director, Business Risk and Resilience Management
The 2005 Hurricane Katrina storm was the deadliest hurricane since 1928. In addition to considerable loss of life, the category 5 storm’s destruction included fiber optic cables and cell phone towers, causing outages for millions, including 911 centers. In 2007, the federal government established the Government Emergency Telecommunications Service (GETS), an emergency telephone service allowing first responders to access communications without denying the public use of the telephone network. Through GETS, the government introduced a new way to deliver a vital service when it was most needed, and when the usual communications system was down.
This prioritisation of providing services over system restoration illustrates a best practice approach to ensuring business resilience in financial services, as outlined in DTCC’s new white paper, Resilience First. The paper calls for establishing business resilience as an industry-wide priority.
Although the market is not immune to instability resulting from natural disasters such as Hurricane Katrina, in financial services, disruption is more likely to stem from areas such as rising cybersecurity concerns, the rapid development and adoption of new technologies, the increased interconnectedness of the financial ecosystem and growing industry-wide concentration risks. As a result, there is an increased industry focus on business resilience, or an organisation’s ability to safeguard its critical services against the threat of potentially disruptive events, regardless of their nature or origin.
True resilience in a progressively complex environment requires a new approach to safeguard critical businesses services, rather than narrowly focusing on system restoration on its own. First, the DTCC white paper recommends that business resilience initiatives consider impacts on, and interdependencies with, the broader ecosystem, employing an end-to-end perspective that starts with the customer and includes service providers, regulators, third parties and industry associations, as well as any other partners and stakeholders. Second, it suggests that firms complement their defensive efforts by developing additional resiliency strategies that enable them to recover quickly, as well as minimise the impact of disruptions.
The paper also highlights that resilience must be prioritised as a business-owned strategic initiative that is supported at the highest levels of an organisation. Firms must let go of the outdated notion that resilience is a back-office IT concern that taxes business development and instead, establish resilience as a business imperative that enables the delivery of a firm’s most critical services.
Given that today’s highly interconnected and digital environment has created conditions where the financial services industry is arguably more vulnerable to disruption, absent the appropriate approach to resilience, cyber-attacks and other threats could have far-reaching implications that undermine the safety, stability and integrity of an individual firm and more broadly, the global financial system. To address these challenges, the industry should adopt a new approach to business resilience that is holistic, forward-looking and highly collaborative. Firms must establish business resilience as a core competency that is integrated into every stage of the development of new products and services. From an organisational point of view, this requires greater ownership and accountability, as well as the development of a corporate culture and mindset that prioritises business resilience. Once the collective mindset shifts from a single focus on systems resiliency to a prioritisation on service resiliency, we will become that much stronger - as an industry - in the face of disruption.
This article was originally published in Global Custodian/FOW