The Federal Reserve, Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) issued an interagency paper, Sound Practices to Strengthen Operational Resilience, which describes sound practices drawn from existing regulations and guidance for individual national banks, state member banks, state nonmember banks, savings associations, U.S. bank holding companies, and savings and loan holding companies that have average total consolidated assets greater than or equal to: (a) $250 billion, or (b) $100 billion and have $75 billion or more in average cross-jurisdictional activity, average weighted short-term wholesale funding, average nonbank assets, or average off-balance-sheet exposure.

This paper does not set forth any new regulations or guidance for these firms, but brings together the existing regulations and guidance in one place to assist in the development of comprehensive approaches to operational resilience. It also highlights the importance of operational resilience with respect to firms’ critical operations and core business lines.

While the sound practices prioritize the operational resilience of critical operations and core business lines of a firm and its material entities, a firm also should identify and address the resilience of other operations, services, and functions for which a disruption could have a significant adverse impact on the firm or its customers as part of operational resilience planning.

Topics included in the paper are:

1. Governance
2. Operational Risk Management
3. Business Continuity Management
4. Third-Party Risk Management
5. Scenario Analysis
6. Secure and Resilient Information System Management
7. Surveillance and Reporting

The paper also includes an Appendix covering Sound Practices for Cyber Risk Management.

No matter your regulator or your asset size, the Sound Practices to Strengthen Operational Resilience is a good resource to use to keep your institution safe.

If you have any questions, or we can help at all, contact us.

Please be advised that CSG provides financial services compliance audit and consulting services to our clients.  The services that we provide include certain tasks that may be characterized as “law-related services” under Rule 5.7 of the Rules of Professional Conduct governing lawyers.  Since some of our employees are lawyers with an active bar license but are NOT engaged in the private practice of law, that Rule requires us to make disclosures clarifying that the services we perform may be law-related services, but they are not legal services.  Because they are not legal services, those services and our relationship will not be governed by the Rules of Professional Conduct that guide the client-lawyer relationship, such as rules applicable to privileged communications and prohibitions of conflicts of interest.  Notwithstanding this disclaimer, we will continue to govern our relationship with you using reasonable ethical and professional standards that are expected to meet your expectations.