InfoBytes Blog
Agencies outline standards for strengthening operational resilience
On October 30, the Federal Reserve Board, OCC, and FDIC (agencies) released an interagency paper describing standards and sound practices for increasing operational resilience. (See also the Fed’s release and FDIC FIL-103-2020). The paper, titled Sound Practices to Strengthen Operational Resilience, does not revise existing agency regulations or guidance, but rather provides a “comprehensive approach” for banks to strengthen and maintain operational resilience. According to the agencies, “[r]obust operational risk and business continuity management anchor the sound practices, which are informed by rigorous scenario analyses and consider third-party risks. Secure and resilient information systems underpin the approach to operational resilience, which is supported by thorough surveillance and reporting.” The paper also includes an appendix focused on sound practices for cyber risk management and cybersecurity preparedness. The appendix is aligned to the National Institute of Standards and Technology Cybersecurity Framework and is “augmented to emphasize governance and third-party risk management.” The standards set forth in the paper are intended for large, domestic banks with more than $250 billion in average total consolidated assets, or banks with more than $100 billion in total assets and other risk characteristics.