Digital resiliency in finance: a regulatory review

Financial services companies have a long history of investing heavily in high availability. Now, however, with ever-increasing critical digital workloads being processed and stored by third parties, regulators are extending their oversight to reach deeper into the digital supply chain in the financial system. This report reviews regulatory initiatives in selected major territories, summarizing both their significant features and their reach across these digital supply chains.

KEY POINTS

• Regulators worldwide are becoming increasingly concerned about the stability of financial digital infrastructure. Why? Reasons include: facility and grid vulnerabilities; the use of unregulated third parties; a concentration of workloads in a few facilities; increasing cybercrime and geopolitical instability.
• New digital resiliency regulations are being rolled out in 2023 and 2024 as regulators strive to protect the operational resiliency of financial systems.
• These hardened and, often entirely revised, digital resiliency regulations aim to protect market participants and their customers, and to ensure the resiliency of the financial sector as a whole.
• Regulations will extend throughout digital supply chains, demanding detailed disclosures and resiliency plans to minimize the potential impact of outages, security breaches or impaired operations.
• Many regulators will have the power to impose heavy financial penalties and, in some cases, sanctions for compliance failures, with obligations imposed on both customers and suppliers.