The Basel Committee has published a draft update to its existing guidance on operational risk and has developed operational resilience guidance in-line with this. The Committee is asking for feedback on the documents by Friday 6th November 2020.
The Basel Committee takes the view that operational resilience is an outcome of effective operational risk management. Activities such as risk identification and assessment, risk mitigation (including the implementation of controls), and ongoing monitoring work together to minimise operational disruptions and their effects when they materialise.
Given this relationship between operational resilience and operational risk, the Committee is proposing updates to its Principles for the Sound Management of Operational Risk (PSMOR). Specifically, the Committee is proposing a limited number of updates to: align the PSMOR with the recently finalised Basel III operational risk framework; update the guidance where needed in the areas of change management and ICT; and enhance the overall clarity of the principles document.
The new proposed Principles for Operational Resilience build upon the proposed updates to the PSMOR, but are largely derived and adapted from existing guidance on outsourcing, business continuity, and risk management-related guidance issued by the Committee or national supervisors over a number of years.
By building upon existing guidance and current practices, the Committee is seeking to develop a coherent framework and avoid duplication. The proposed operational resilience principles focus on governance; operational risk management; business continuity planning and testing; mapping interconnections and interdependencies; third-party dependency management; incident management; and resilient cyber security and ICT.
Read the documents: