The European Banking Authority defines operational resilience as “ability of an institution to deliver critical operations through disruption. This builds on the prudential operational risk framework, encompassing internal governance, outsourcing, business continuity and relevant risk management-related aspects.”.” As we witness an increasingly volatile and unstable operating environment, amid growing threats and frequency of cyber security attacks, operational resilience is no longer just a technological concern but a boardroom priority.
Even the smallest of disruptions to a firm’s everyday functioning can erode trust, damage reputation, and potentially trigger regulatory scrutiny. The question, therefore, points to not ‘if’ a breach will occur, but how prepared firms are to ensure they can withstand it – and how quickly they could bounce back.
Crowdstrike crowdstruck by cyberattacks
Perhaps the most infamous recent operational resilience ‘test’ was the Crowdstrike outage, described as one of the biggest IT outages in history, impacting 8.5 million devices and leading to a complete shutdown of systems in airports, rail companies, hospitals, and businesses.
While the Crowdstrike outage was the result of an unforeseen technology issue, purposeful outages and attacks are increasingly common. Around 20% of all ransomware attacks in 2024 targeted banking institutions. It’s therefore no surprise that regulations such as the Digital Operation Resilience Act (DORA) have been developed.
Exploring DORA
Meeting DORA requirements mean firms must be aware of its “five pillars,” which include ICT risk management, incident reporting, resilience testing, third-party risk management, and transparent information sharing. Firms must assess the resiliency and security efforts of any vendors they employ to ensure a robust supply chain that reduces vulnerability. DORA expects firms to plan to be able to withstand, respond to, and recover from ICT disruptions.
At its core, operational resilience is about protecting customers to ensure they can access accounts, make payments, and move funds even under pressure.
What firms be aware of?
- Single points of failure (SPOFs): Reliance on a small number of providers or systems creates risk. True resilience means diversifying providers, building redundancy, and ensuring that critical services can fail over seamlessly.
- Third-party and supply chain risk: Financial institutions can depend on a web of vendors, partners, and platforms, so strong oversight and due diligence of third-party risk are essential – a supply chain is only as strong as its weakest link.
- Communications risks: Modern business happens across mobile devices, messaging apps, and informal channels which can become blind spots for both financial and non-financial misconduct risk if not effectively monitored.
- Cyber threats: Financial services remain a prime target, so proactive monitoring, threat detection, and rapid response and recovery capabilities are crucial.
- Data integrity and visibility: Consistently accessible, high-quality data is the backbone of operations. Leveraging solutions that give you access to secure storage of all data at all times, which can include features like constant integrity checking, is vital to ensure that data is consistently available, protected, and there to aid faster disaster recovery and business continuity.
This is where solutions such as Global Relay play a key role. By providing end-to-end capture, archiving, monitoring, and supervision of communications data, institutions are able to reduce reliance on a complex web of tools and minimize third-party risk. Utilizing a private cloud approach and 24/7 expert support are specifically designed to firms aiming to meet operational resilience standards, keep their data safe and their business secure.
As stated by Global Relay’s Chief Compliance Office, Alex Viall:
“We put data first. All our operations revolve around data, organizing it, adding value to it, storing it, or securing it.”
To strengthen your operational resilience, find out more about Global Relay’s secure, end-to-end platform built to keep your critical communications protected and compliant.
