Fed’s Lindo: Basel op resilience rules imminent

Committee has also formed new group to oversee supervisory policy harmonisation, says senior regulator

The Bank for International Settlements, Basel
Photo: Ulrich Roth

Global regulators are poised to release long-awaited final rules on operational resilience and op risk management, a senior regulator confirmed today (March 22). Meanwhile, the Basel Committee on Banking Supervision has also revamped one of its core internal policy delivery groups, and tasked it with ensuring consistent implementation of supervisory policy initiatives.

The announcements were made by Arthur Lindo, deputy director for policy in the US Federal Reserve Board’s division of supervision and regulation, during a discussion at Risk.net’s OpRisk Global 2021 virtual conference. Lindo leads the Basel Committee’s operational resilience working group.

“The Basel Committee has been working on operational resilience principles and operational risk management principles; we are very close to issuing those… very, very close,” Lindo said.

Operational resilience – the ability to mitigate and bounce back from unexpected business disruptions – is still a relatively young policy area for regulators, and approaches to supervision continue to evolve, partly in response to the coronavirus pandemic. The committee issued its consultation on operational resilience last August, receiving responses from a large number of financial firms and industry bodies, including Citi, HSBC and ORX

The upcoming Basel principles look to build on existing policy approaches where these are shared, Lindo suggested. The committee would have had its work cut out in that regard, however, with previous differences emerging at a national level – something Lindo acknowledged multinational firms did not want to see.

“A lot of the feedback [from financial companies] is that we need to start with the same standards,” he said. “We’ve heard, from the official sector, the call for harmonisation; at the committee level, we’ve sought to harmonise as best we could across all jurisdictions. We think we’ve achieved that relatively well, and in the final document you should see some similarities to what’s already out there.”

The Bank of England, widely viewed as a trailblazer on the topic, first set out its own approach to resilience regulation some three years ago, when it touted the use of timed recovery targets in holding firms to account; it has previously stated, however, that regulated firms will not be expected to meet specific requirements before the end of 2021. The Fed, meanwhile, along with its sister US prudential agencies, issued a more low-key paper on op resilience in October, which did not seek to revise any existing rules or guidance.

A lot of the feedback [from financial companies] is that we need to start with the same standards
Arthur Lindo, Federal Reserve Board

The committee’s attitude, Lindo continued, is informed by the fact that many firms are well-positioned to hit the forthcoming supervisory operational resilience goals. Regulators would be pleased to see the various resilience-related areas of a given firm clustered and unified, he suggested.

“Firms have pieces of this already; our ambition is to see if they can co-ordinate and see if the various operations – business continuity, recovery and resolution, or a separate bucket – can be pulled together and integrated. I think I’ve seen several firms demonstrate that behaviour: a more centralised approach to this,” he added. “I wouldn’t say it’s a start from zero – many firms have already started to pull the pieces together.”

To help push the regulatory harmonisation agenda forward, Lindo said the Basel Committee would look to a newly revamped internal body: the Supervision Coordination Group. The unit was formed after an internal review of the committee’s operations last year, Lindo said, and supplants its existing Supervision and Implementation Group. The new SCG will “think about co-ordination just as much as implementation”, which he described as a welcome change.

“More focus on co-ordination across jurisdictions – for operational risk and operational resilience – that’s what you want. You want supervisors aligned in that thinking.”

The body Lindo chairs – the operational resilience working group – will collaborate with the new group, he added.

More focus on co-ordination across jurisdictions – for operational risk and operational resilience – that’s what you want
Arthur Lindo

“Under the SCG, there will be a stream dedicated to operational resilience; the supervisors will be taking information as firms are implementing [regulation], and comparing it across jurisdictions,” Lindo said. “That’s going to be populated by the supervisory side of the house, and the operational resilience working group that I’m a part of will provide support from a technical perspective to make sure it’s implemented appropriately.”

Lindo emphasised that supervisory stances on op resilience would continue to evolve; “course correction” will take place if regulators don’t get the outcomes they want, he said.

“The measures of success will be the resilience that we see when [firms] encounter an operational event – that’ll be borne out in practice. And we’re going to have to course-correct along the way, so we need to have a mechanism in place to do that. Most will be minor adjustments, in my view, but there may be one or two major ones,” said Lindo.

Asked for an example of the conditions that might spur a “major adjustment” to the resilience principles, Lindo discussed a hypothetical future scenario in which supervisory bodies coalesced around expectations for the resilience of payments systems: if some firms demonstrated a method of making their payments systems demonstrably more resilient, Lindo suggested, regulators would take note; if supervisors in other jurisdictions then reached consensus on the benefits of the method, the resilience principles might be updated with a practice guide for the financial industry at large.

“In cases like that, we’d go out and say, ‘Hey, this development has occurred’,” he said. “And that should be something we share in a practice guide for those that are implementing.”

Lindo also discussed the importance of third-party risk management to the broader goals of operational resilience, arguing that it is hard for firms to demonstrate thorough and proportionate risk management of third parties where a large number of operational tasks are outsourced.

“That comes up repeatedly in our supervisory co-ordination discussions,” he said. “How can we help the supervised entity to communicate that to its providers? It’s not like it’s one [third party] – in many cases the largest firms have thousands of providers.”

  • LinkedIn  
  • Save this article
  • Print this page  

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact [email protected] to find out more.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: