Resourceful Resilience: How Operational Resilience Regulation is Leading GRC Transformation
Key research questions
- Where does operational resilience fit into CRO priorities?
- What percent of FIs are transforming GRC processes and systems to comply?
- How should I approach my own GRC transformation?
Operational resilience regulation is spurring GRC transformation in financial institutions - more urgently in countries with high regulatory requirements and looming deadlines. Operational resilience is one of the top 3 priorities for Chief Risk Officers in 2023 and 74% of bank CROs are in the process of implementing changes necessary to comply with it.
There are 5 components common to all operational resilience regulation that force FIs to: a. look more holistically at enterprise risk; b. measure it across LoBs and Regional silos; and, c. build the ability to respond quickly and centrally to new threats. Operational resilience is pushing FIs, banks particularly, towards an Integrated approach to enterprise risk management (ERM) that, heretofore, has been a pipe dream. 85% of the FIs we surveyed were not able to centrally manage operational risk through their systems - a capability critical to building resilience. The regulations are pushing organisations to a higher level of ERM maturity.
This report's findings are based on over 20 one-on-one interviews with financial services executives and industry players as well as a global survey of 205 risk executives conducted in May 2023. This report covers:
- Existing and pending Operational Reslience (OR) regulations
- Five key components common to all OR regulation
- Impact of OR on CRO priorities
- Maturity model for Integrated Risk Management and FIs distribution across it
- Key technologies enhancing GRC capabilities
- Four approaches to GRC Transformation
5 Key Components of Operational Resilience