Thought leadership

Operational risk management and operational resilience


On 24 April 2024, the Basel Committee on Banking Supervision (BCBS) released updated core principles for effective banking supervision. These globally recognised standards emphasise operational resilience, business model sustainability, and climate-related financial risks. In alignment with these principles, the Reserve Bank of India issued a guidance note on 30 April 2024, focusing on operational risk management and resilience.

The financial sector faces increased risks due to globalisation, complex financial products, the growth of e-banking, and automation. The COVID-19 pandemic has further highlighted these risks and the reliance on technology and third-party services. Effective operational risk management and resilience are essential for financial institutions to identify, assess, and mitigate risks and ensure the continuity of critical functions during disruptions.

Enhanced coverage and focus on operational resilience in the financial sector

India's economy is set to grow by 6.5% in FY 2024, increasing credit demand. As of 31 March 2024, 9,327 NBFCs are registered with the RBI. The new guidance extends operational risk management to cooperative banks, all-India financial institutions, and NBFCs, strengthening financial system resilience.

Businesses face disruptions from cyberattacks, natural disasters, pandemics, and economic downturns. Regulations like the Digital Operational Resilience Act (DORA) emphasise preparing businesses to handle these disruptions effectively.

Disruptions also highlight the need to map critical operations and interdependencies. Guidelines now require financial institutions to identify vulnerabilities and ensure continuity. The RBI's focus on IT management, shown by its actions against many private sector banks, underscores this priority.

New products, markets, technologies, and regulations have increased the financial sector's complexity, making traditional risk management insufficient. The RBI's comprehensive guidance consolidates previous circulars, ensuring a holistic approach to operational resilience. This approach integrates feedback into operational risk management frameworks to align with heightened resilience priorities. While banks commonly adopt these principles, their impact on other entities covered in the guidance note is substantial. Our operational risk management and operational resilience assessment note delves into the implications of the 17 principles outlined in the guidance.