Cyber & IT Supervisory Forum - November 2023

How Examiners Can Support Operational Resilience

Assessment and Evaluation

Guidance and Recommendations

Regulatory Alignment

Testing & Tabletop Exercises

Examiners can assess an institution’s resilience planning and execution, ensuring that the strategies are comprehensive and adhere to regulatory standards. They can evaluate the effectiveness of risk assessment processes and the accuracy of business impact analyses.

Provide feedback and recommendations on ways to strengthen resilience planning based on observed best practices and regulatory guidance. Offer insights into integrating cybersecurity measures effectively into operational practices.

Help ensure that resilience plans are not just in place but are also in line with current regulations and expectations from bodies like the FDIC, OCC, NY DFS, and Federal Reserve. Update institutions on emerging regulations that affect resilience planning.

Advocate for a transformative approach to tabletop exercises by championing new standards that blend qualitative insights with quantitative metrics. Encourage organizations to elevate these exercises beyond routine drills, making them a vital, regular part of their operational rhythm. Urge active participation over passive observation, allowing fresh perspectives to refine the efficiency of response strategies. This proactive engagement not only reveals hidden vulnerabilities but also fosters the development of a robust ‘muscle memory’ within institutions.

13

How Examiners Can Support Operational Resilience Page 2

Training and Awareness

Stakeholder Coordination

Continuous Improvement

Strategic Consultation

Facilitate training programs and workshops for staff at various levels on the importance of resilience and their role in it. Raise awareness about the latest threats and resilience strategies .

Assist in establishing and refining communication protocols with stakeholders to ensure coordinated resilience efforts. Foster an understanding of the importance of collaboration among all parties, from board members to operational staff.

Promote a culture of continuous improvement where feedback from testing, incidents, and exercises is used to regularly update resilience plans. Encourage institutions to stay proactive about their resilience by keeping abreast of technological advancements and changing threat landscapes.

Offer strategic advice on how resilience can be a competitive advantage and support business growth. Advise on aligning operational resilience with long-term business strategies and objectives.

14