Recent events, namely the pandemic, the ongoing conflicts in Ukraine and the Middle East and global supply chain disruptions, have galvanised Financial Institutions into taking Operational Resilience much more seriously.
Helen Johnson, Head of Business Development, addresses questions about how the growing focus on Operational Resilience is impacting Network Managers, and what MGTL can do to help them.
- How have Network Managers’ approaches to Operational Resilience changed over the last few years?
Johnson: The pandemic – and more recently events in Ukraine and the Middle East – means Operational Resilience is one of the biggest areas which Network Managers are focusing on today when monitoring their Sub-Custodians.
At the start of the war in Ukraine, business continuity plans (BCPs) had to be executed at great speed, with local Sub-custodians and Financial Market Infrastructures (FMIs) having to initially relocate to the westernmost parts of the country or to move their operations entirely to neighbouring jurisdictions.
Meanwhile, sanctions against Russia resulted in a number of Western banks exiting the market altogether and foreign assets effectively being stranded inside the country.
As geopolitical tensions continue to escalate, these events will certainly shape how Network Managers prepare for the next crisis, wherever that may be.
- How is regulation shaping Network Managers’ approaches to Operational Resilience?
Johnson: EU regulators require Financial Institutions, including Custodians and Brokers, to reinforce their ICT resilience measures, which is why they are pushing ahead with the Digital Operational Resilience Act (DORA).
Along with introducing a pan-EU ICT incident reporting process and minimum-security testing obligations, the rules demand financial firms implement clearly defined monitoring processes to oversee third-party ICT risk.
- Please explain how MGTL can help Network Managers
Johnson: Our solutions are well positioned to support Network Managers’ efforts to ensure best-in-class Operational Resilience.
Through our MYRIAD platform, Network Managers can access a vast repository of provider and supplier data. This not only allows users to monitor providers closely, but it can yield cost efficiencies. The solution also provides users with invaluable insights as data held on the platform can be easily manipulated into actionable intelligence. It also means Network teams can see where their risks and exposures are in a single place, and they can even set up a shadow network to operate on the platform.
At MGTL, we need to adhere to the new DORA regulations as an ICT provider ourselves. We are well versed in helping Clients configure their MYRIAD solutions to monitor their ICT providers and satisfy the DORA regulations.
We have contributed extensively to the design of the new excel version of the Association for Financial Markets in Europe’s (AFME) Due Diligence Questionnaire (DDQ). The industry has now adopted the Excel template of the AFME DDQ developed by CODUDE, our shared platform providing an end-to-end due diligence solution, which enables users to securely exchange information bilaterally.
We are also actively involved in a number of working groups, including the International Securities Services Association’s (ISSA) Operational Resilience Working Group, where we are helping to drive industry best practices.
- How do you see your service evolving?
Johnson: Today, MYRIAD is known for being an end-to-end risk management tool for Custody/Correspondent Networks, but we are increasingly looking to target all sorts of Risk Managers and Vendor Managers, including those outside of financial services.
Our plan is to revolutionise Third Party Risk Management!
It is important to note that we support clients with managed implementations and we do a lot of the data inputting and other heavy lifting on their behalf, to make their experience of onboarding a new platform as painless as possible.
We are also continuing to focus on our DDQ platform CODUDE, and how it can support the wider industry, by incorporating more industry standard questionnaires into it, including Operational Resilience questionnaires, Central Securities Depository (CSD) DDQs, and bespoke Proprietary DDQs.
