Banks within the European Union are currently falling short of meeting the operational resilience and risk guidelines set forth by the Basel Committee in 2021.
An assessment conducted in early 2023 regarding the adoption of these principles, aimed at bolstering banks' capacity to withstand operational risk-related events with the potential to trigger significant operational failures or widespread disruptions in financial markets, revealed a varied effectiveness and maturity of measures among banks and across different jurisdictions.
A prevalent challenge faced by banks in adopting these principles is the mapping of interconnections and interdependencies for critical operations, along with defining tolerances for disruptions to these operations. The progress report underscores the fact that, while operational risk management governance within banks is well-established, the roles, responsibilities, and capabilities of board members in terms of operational resilience are still in the developmental stage.
The report also points out gaps in the capabilities and effectiveness of self-assessment tools designed to identify threats and vulnerabilities. Additionally, there is a notable failure among banks to adequately map interconnections and interdependencies. In the realm of business continuity, the study identifies significant challenges for banks in considering the end-to-end delivery of critical operations, as well as evaluating the plausibility and severity of various scenarios. Some banks still have work to do in developing appropriate business continuity and contingency plans, especially concerning exit procedures when third parties are involved in critical operations.
The Committee emphasizes that further efforts are required by banks to enhance their practices, necessitating adequate resourcing and prioritization. The full adoption of these principles may take up to two more years to achieve, according to the Committee's assessment.