DTCC’s David LaFalce highlights the need for firms to remove manual processes, re-evaluate their interconnectedness, and seek out opportunities for industry collaboration.
Operational resilience is an area of growing focus across Asia and global markets. Today, companies face more threats than ever before. Social and political unrest continues, climate change is causing unprecedented challenges, cybersecurity threats are growing, and Covid-19 continues to highlight the fragility of supply chains and organisational design. In this increasingly complex environment, financial services firms must be resilient and able to adapt their operations and processes to function under disruptive conditions while ensuring their ability to provide critical services.
But operational resiliency is not a new concept. In fact, the industry has been keenly focused on ways organisations can prepare for and respond to potentially disruptive events for decades. However, with the financial services ecosystem and external threats continuing to evolve, including unprecedented events like Covid-19, firms are taking a fresh look at how they can further improve their operational resiliency. In doing so, we see three areas that should be considered:
1. The fewer manual processes, the better
The industry has significantly increased investment in automation over the last decade or two due to the ongoing need to reduce costs and increase efficiency. This evolution has been accelerated by natural event-driven disruptions, such as typhoons in Hong Kong, earthquakes in Japan, Superstorm Sandy in the US, and man-made events like 9/11, all of which require regional preparedness. During the pandemic, technology and automation have been critical to firms’ ability to function, as companies were forced to adapt their work processes and operations to effectively support remote working.
In the months ahead, firms have an opportunity to further reduce or eliminate processes that require a physical presence in an office, thereby driving even greater levels of productivity and efficiency while enhancing operational resilience. Firms should take this time to assess what worked and what could be done better, an assessment that should continue in the years ahead as firms re-examine their business continuity strategies in light of the current pandemic. Higher levels of automation can help to ensure orderly markets by making virtual work environments possible across jurisdictions.
2. Interconnectivity, while good, can multiply potential points of weakness
Past incidents such as natural disasters and terrorist attacks have damaged physical sites, forcing the industry to consider its entire operational footprint. This has led to new resiliency measures, such as enhanced transfer of work abilities and improved operational and cybersecurity approaches.
At the same time, the industry has become more interconnected and dependent on peers and vendors, extending each firm’s operational footprint and the risk to and from third-party organisations. To address this growing area of risk, it is important that firms carefully review their entire ecosystem of interconnected entities, conduct an objective assessment of exposure, evaluate how severe the impact could be should an entity fail, and ultimately identify ways to mitigate or overcome the risk.
It is positive to see that third-party risk assessments have become more prevalent across the industry in recent years, providing firms with important insights into areas that could impact their operational resilience during a future crisis, and these efforts must continue.
3. Regulatory and sector partnership and collaboration is needed
Asia’s financial services sector has become a highly regulated landscape, with the protection of the underlying client as a top-end goal. An organisation that is not operationally resilient may struggle to comply with the necessary standards and to ultimately achieve this objective.
With over twenty jurisdictions at varying levels of economic development, Asia is one of the most diverse regions globally. Firms looking to comply with mandates across the region face, for example, the challenge of simultaneously having to meet the requirements of the Securities and Futures Commission (SFC) in Hong Kong and the Monetary Authority of Singapore (MAS).
Associations in Asia are making efforts to address these challenges. For instance, ASIFMA’s report, ‘Addressing Market Fragmentation Through the Policymaking Lifecycle’, calls for greater harmonisation across jurisdictions as a means of achieving operational resilience.
Similarly, SIFMA launched the ‘Quantum Dawn V Cybersecurity Exercise’ last year. This enabled global public and private bodies – including in Hong Kong, Malaysia, Japan and Singapore – to practice coordination and exercise response protocols to ensure the smooth functioning of financial markets when faced with a series of cyberattacks. A clear takeaway from the exercise was the importance of a robust partnership between the industry and government – grounded in information sharing.
To achieve overall operational resilience, partnership between the private and public sectors is crucial. Public and private collaboration can ensure the speedy development of operational resiliency standards that will allow companies to survive and grow in today’s complex, ever-changing landscape. At the same time, as we continue to face an environment of uncertainty, operational resilience should be top-of-mind for firms and their senior leadership.
By introducing greater levels of automation, conducting third-party risk assessments, and collaborating across the industry and with regulatory bodies, firms are better positioned to withstand and recover from future events.
David LaFalce is Managing Director and Global Head of Business Continuity and Resilience at The Depository Trust & Clearing Corporation (DTCC).