Resourceful Resilience: How Operational Resilience Regulation is Leading GRC Transformation

Create a vendor selection project
Click to express your interest in this report
Indication of coverage against your requirements
A subscription is required to activate this feature. Contact us for more info.
Celent have reviewed this profile and believe it to be accurate.
We are waiting for the vendor to publish their solution profile. Contact us or request the RFX.
Projects allow you to export Registered Vendor details and survey responses for analysis outside of Marsh CND. Please refer to the Marsh CND User Guide for detailed instructions.
Download Registered Vendor Survey responses as PDF
Contact vendor directly with specific questions (ie. pricing, capacity, etc)
12 July 2023

Key research questions

  • Where does operational resilience fit into CRO priorities?
  • What percent of FIs are transforming GRC processes and systems to comply?
  • How should I approach my own GRC transformation?


Operational resilience regulation is spurring GRC transformation in financial institutions - more urgently in countries with high regulatory requirements and looming deadlines. Operational resilience is one of the top 3 priorities for Chief Risk Officers in 2023 and 74% of bank CROs are in the process of implementing changes necessary to comply with it.

There are 5 components common to all operational resilience regulation that force FIs to: a. look more holistically at enterprise risk; b. measure it across LoBs and Regional silos; and, c. build the ability to respond quickly and centrally to new threats. Operational resilience is pushing FIs, banks particularly, towards an Integrated approach to enterprise risk management (ERM) that, heretofore, has been a pipe dream. 85% of the FIs we surveyed were not able to centrally manage operational risk through their systems - a capability critical to building resilience. The regulations are pushing organisations to a higher level of ERM maturity.

This report's findings are based on over 20 one-on-one interviews with financial services executives and industry players as well as a global survey of 205 risk executives conducted in May 2023. This report covers:

  • Existing and pending Operational Reslience (OR) regulations
  • Five key components common to all OR regulation
  • Impact of OR on CRO priorities
  • Maturity model for Integrated Risk Management and FIs distribution across it
  • Key technologies enhancing GRC capabilities
  • Four approaches to GRC Transformation

5 Key Components of Operational Resilience

Related Research