Key issues in integrating Operational Resilience and TPRM
There are, however, a couple key issues that will need to be addressed to make such an integration succeed:
Concentration Risk
This is significant in a complex supply chain landscape. The chances of multiple suppliers in the same chain making use of the same utility provider, cloud service provider, transportation system, or even network of Directors is surprisingly high. A single incident could impact multiple parts of a business in numerous ways. Visibility will matter.
Proportionality
Large global corporate institutions will have very different needs of, and relationships with, service providers, compared to a single-site Credit Union, for example. This will drive very different solutions for both, but ideally, there will be standard definitions and measures to help the industry maintain its robustness.
To help address these, in the UK there is a market-lead initiative emerging that will help institutions both large and small. In due course, it should provide a common set of definitions, measures, and language that will help institutions and their service providers to align services, requirements, and contracts.
This will help enhance the collective Operational Resilience, without necessarily increasing costs. It should provide a best practice framework for many institutions, as well as regulators. This framework will likely be made available in H1 2021.
Institutions recognize the need to scale up their TPRM capabilities to manage a more complex, more resilient environment. Many are also taking the opportunity to review their policies and procedures environment to ensure it is equally scalable and robust. Accuracy, consistency, and efficiency are guiding principles for many businesses as they find the best way to tackle a significant issue for 2021.
Institutions recognize the need to scale up their TPRM capabilities to manage a more complex, more resilient environment.