Operational resilience for financial institutions

Since the financial crisis of 2008, supervisory authorities have focused on addressing the root causes of the crisis and ensuring the resilience of financial institutions as well as the financial system through a number of efforts, such as strengthening capital regulations for and building frameworks for the resolution of financial institutions.

In the midst of these efforts, the environment surrounding the financial sector is constantly changing. New risks are emerging and the financial sector is becoming more complex. Ensuring ‘operational resilience’ in addition to ‘financial resilience’ has therefore become a top priority for the supervisory authorities to maintain financial stability.

Regulatory and supervisory frameworks for operational resilience are being established in various jurisdictions. In Europe, the ‘Digital Operational Resilience Act (DORA)’, which requires financial institutions to enhance ICT risk management, etc., has been finalised (Table 1) and will come into effect in January 2025.

This article provides an overview of the trends in financial regulation and supervision related to operational resilience (Section 1), summarises the DORA (Section 2) and discusses their implications for Japan's financial sector (Section 3).

Financial institutions are expected to promote efforts to ensure their operational resilience, utilising external experts as necessary.

【Contents】

1. Recent trends in regulation and supervision on operational resilience
   1.1  Increasing importance of operational resilience
   1.2  Regulatory developments in major jurisdictions
   
2. Overview of the European Union’s Digital Operational Resilience Act (DORA)
   2.1   Overview of the DORA
   2.2  Key requirements under the DORA
   2.3  Development of technical standards, etc.
3. Discussion

Table 1. Structure of the DORA