To support the country’s sustainable and inclusive growth, the Bangko Sentral ng Pilipinas (BSP) will come up with new guidelines for the “operational resilience” of all BSP supervised financial institutions (BSFIs) as shield against any shocks or disruptions that could lead to financial collapse. Based on the Basel Committee on Banking Supervision Principles for operational resilience, the BSP defines this as the ability of a BSFI to “rise above and deliver critical operations through significant operational disruption that affects its viability and role in the financial system.” This will include its capability to identify, mitigate, plan, respond, restore and learn from disruptive events to minimize impact on delivery of critical operations through disruptions, said the BSP. The central bank has started to circulate the draft circular on Wednesday, July 12, and has given all banks until July 26 to submit recommendations or suggestions to the BSP. The proposed circular will apply to all BSFIs. Basically, the BSP wants banks to set up their operational resilience framework on both solo and group-wide basis, whichever is applicable. A group-wide operational resilience framework will encompass the parent bank and subsidiary banks. Meanwhile, foreign bank branches will adopt their parent bank’s operational resilience framework. The transition schedule will be different for each banks. The big banks and digital banks will be required to have an operational resilience framework after two years of the circular implementation, while the smaller banks will be allowed three years to have it on their systems. The proposed guidelines on operational resilience is consistent with BSP’s objective of encouraging inclusive and sustainable economic growth. To this purpose, it said the circular will “promote and strengthen” BSFIs’ operational resilience or their ability to manage and mitigate the impact of shocks or disruptions particularly on their critical operations.” By critical operations, the BSP said these are BSFIs’ critical functions, activities, processes, services and their relevant supporting assets. A BSFIs’ supporting assets are its people, technology, information, and facilities that are deemed necessary for the delivery of critical operations. This may also include internal process, IT systems, clearing and settlement facilities and outsourced services. BSP Governor Eli M. Remolona, in the unsigned draft circular, said “the critical role of BSFIs in the smooth functioning of the real economy, amidst the increasing digitalization and evolving operational disruptions or hazards that could disrupt the normal operations of the financial system underscore the growing importance of operational resilience.” “Cognizant that these disruptive events, such as pandemic, natural disasters and/or cyberattacks will happen, the BSFI’s ability to respond to and recover from these disruptions will lessen the impact on its viability and delivery of critical operations and related services,” said Remolona. He also noted that BSFIs “must set their tolerance for disruption and map out and test their plans to ensure that it can deliver critical operations through disruptions. In this regard, BSFIs are expected to be operationally resilient and develop an operational resilience framework that is commensurate to their size, nature and complexity of operations, overall risk profile, systemic importance and role in the financial system.” The proposed guidelines covered operational resilience and interaction with related processes such as risk management, business continuity management, cybersecurity, outsourcing rules, and recovery plan. As for the key elements of the required operational resilience, the BSP said this “set the tone from the top” or a BSFIs’ governance structure that starts from the board of directors to senior management. Other key elements are: to determine critical operations, tolerance for disruption, and severe but plausible scenarios; map interconnections and dependencies; plan and manage risks to critical operations; test ability to deliver critical operations amidst disruption; respond and recover from disruption; and to review, refine and update risk management and operational resilience framework. Based on the draft circular, BSFIs will report their operational resilience in their annual reports. In cases where the incident response plan for critical operations is activated, this will be reported to the BSP within 24 hours. “(The BSP will) review the operational resilience framework of the BSFI as part of the overall supervisory process, focusing on assessing the robustness, credibility, and feasibility of delivering critical operations through disruption and within the BSFI’s defined tolerance for disruption,” said the BSP. The circular, once approved, will be implemented in three phases. Phase 1 is one year from effectivity of the circular where all BSFIs will submit a transition plan with a gap analysis and action plans to achieve operational resilience. Phase 2 is two years later. The BSP said that by then, all the big banks which are the universal and commercial banks as well as digital banks will have already implemented its operational resilience plan and have integrated this with existing risk management systems. Phase 3 is three years from the effectivity of the circular. This is particular to thrift banks and rural banks which by this time, should have already developed and integrated an operational resilience framework with their risk management systems.