While operational resilience of financial services firms has been a long-standing supervisory priority, legislative action has to date been lagging. Rulemaking instruments have been put forward by various regulators, including the European Central Bank (ECB), acting both in its central banking financial stability and markets oversight capacity as well as its Banking Union role at the helm of the Single Supervisory Mechanism (SSM). National level authorities, including Germany’s Federal Financial Services Supervisory Authority (the BaFin) have independently taken measures to update rules, guidance and supervisory expectations relating to digital operational resilience including elements beyond internet and communications technology (ICT).
In the face of continued client/counterparty-facing systems outages, cyber-risk and now COVID-19 have put operational resilience firmly on EU the priority list of financial services policymaking legislative proposals. An EU-harmonized approach to replace, what the EU sees as “uncoordinated national initiatives” could lower the amount of administrative burdens that firms face when dealing with rules with “…overlaps, inconsistencies,…