A “comprehensive approach” for large banks to use in strengthening and maintaining their operational resilience was issued by federal banking regulators Friday, and followed up with a Financial Institution Letter (FIL) by the Federal Deposit Insurance Corp. (FDIC) Monday.
The interagency paper – “Sound Practices to Strengthen Operational Resilience” – combines existing regulations and guidance as well as common industry standards to provide a comprehensive approach that large banks may use to strengthen and maintain their operational resilience, the agencies said. The paper does not revise existing rules or guidance.
In an explanatory note released Monday by the FDIC, the agency points out that, more specifically, the paper sets forth what the agencies call sound practices drawn from existing regulations and guidance for individual national banks, state member banks, state nonmember banks, savings associations, U.S. bank holding companies, and savings and loan holding companies. Those institutions affected must have average total consolidated assets greater than or equal to $250 billion, or $100 billion and have $75 billion or more in average cross-jurisdictional activity, average weighted short-term wholesale funding, average nonbank assets, or average off-balance-sheet exposure, the agencies said.
The paper was issued, the agencies said, because financial firms in recent years have seen “significant challenges” arise from a number of events, technology-based failures, cyber incidents, pandemics, and natural disasters. “Such events, combined with a growing reliance on third-party service providers, expose firms to a range of operational risks,” the agencies wrote. “These risks underscore the importance for firms to strengthen their operational resilience, which the sound practices describe as the ability to deliver operations, including critical operations and core business lines, through a disruption from any hazard.”
Disruptions could include, the agencies said, technology-based failures, cyber incidents, natural disasters, and third-party failures.
The paper notes that that the agencies acknowledge that “operational resilience” is important to banks and banking firms of all sizes and that “any firm may find elements of the sound practices useful as it considers operational risk and resilience challenges.”
However, the agencies noted, because the sound practices emphasize critical operations of a firm’s material entities, which generally are characteristic of large firms, “the sound practices paper is not written to a smaller firm audience. These smaller firms continue to be subject to existing regulations, guidance, interagency statements, and common industry standards related to operational risk and operational resilience.”