New approaches to operational resiliency for our digital, cloud-based world
In response to increasing demand and changing market conditions, financial services organizations are rapidly expanding their digital services, moving an increasing number of applications to third-party platforms and services like public clouds. In fact, 45% of financial firms have a multicloud strategy in place and use an average of three public cloud vendors.1
As a result, firms’ reliance on third-party vendors and hyperscalers continues to grow. By 2025, it is expected that 54% of financial firms’ applications will run in a public cloud2, and many organizations already run critical applications in public cloud environments. Accordingly, digital operational resiliency has become a greater concern. Worldwide, regulatory agencies are issuing many requirements — like the European Union’s Digital Operational Risk Act (DORA) and the U.K.’s Prudential Regulation Authority Supervisory Statement 1/21 (PRA SS1/21) and Financial Conduct Authority Policy Statement 21/3 (FCA PS21/3) — to address these risks. North American regulators, including the U.S. Security Exchange Commission (SEC), the U.S. Office of Comptroller of the Currency (OCC), and the Canadian Office of the Superintendent of Financial Institutions (OSFI), have also openly discussed adding new guidance. And regulators continue to update guidance to keep up with technological change.
Even so, existing approaches to operational resiliency often fall short of what is needed to mitigate operational failures and disruption and comply with these growing regulations. Financial services organizations need new strategies for addressing operational resilience in a digital cloud-based world.