It has been just over four years since the last post on this blog, but the importance of operational resilience has been underscored several times in such a short period of time!

We had a global pandemic with unprecedented measures implemented by governments around the world introducing ‘lockdowns’ into pandemic planning assumptions. As noted back in a post from 2014, this threat was very much underrated and again, it has quickly disappeared from the list of top risks in many horizon scanning reports.

Geo-political and country risks have come to the fore in recent years presenting challenges for business continuity in its broadest sense; underscoring the importance of understanding country risk as posted earlier. A future post will look into how banks faced into the challenges of continuing to operate in the Ukraine in a war situation and the lessons identified for other countries when considering similar situations in their planning.

Third party resilience risk is one of the enduring topics and incidents such as the disruption caused by a Crowdstrike software bug have shown the potential contagion effects of closely coupled supply chains and common software platforms. Regulators in financial services have picked up on this concern with new regimes to address concentration risk, including a closer scrutiny of cloud service providers.

One interesting topic to explore will be how well operational resilience practices are set up to address this challenging environment, recognising that we are dealing with a ‘wicked problem’!