Skip to content
Abstract financial graph. Royalty-free stock vector ID: 19017732821896741403.
Abstract financial graph. Royalty-free stock vector ID: 19017732821896741403.

News -

Spotlight on Central Bank of Ireland Operational Resilience guidance

With organisations evermore reliant on outsourced service providers, as well as rising cases of cyber incidents and technology failures, operational resilience is an increasingly hot topic in financial services.

Regulators across the globe are now carefully considering the levers they can pull to tackle the sector’s challenges and the Central Bank of Ireland is the latest to issue guidance to firms on the steps they should be taking to address vulnerabilities and weaknesses and mitigate risks in the financial system.

The Central Bank’s guidance comes as the European Union prepares to strengthen its pan-European regulation of financial services through the Digital Operational Resilience Act (DORA) and the Directive on Security of Network and Information Systems (NIS2). According to the Central Bank, its guidance will complement these forthcoming regulations.

What are the key points of the guidance?

The new guidance sets out how regulated financial service providers should prepare and respond to operational disruptions, as well as how to recover and learn from them in the future.

It places responsibility firmly on boards and senior management to ensure that their operational resilience frameworks are well-designed and operating effectively. This includes developing ICT and cyber resilience strategies that include regular testing.

In addition, the guidance states that firms must understand their third-party dependencies and take steps to mitigate risk. For example, firms must ensure that binding written agreements are in place with third parties that detail how the critical or important services will be maintained during a disruption and establish an exit strategy for if or when a service cannot be maintained.

Commenting on the new guidance, Wayne Scott, Regulatory Compliance Solutions Lead, NCC Group Software Resilience, said:

“In light of the rising concentration risk within financial services, NCC Group welcomes this new guidance focused on building operational resilience.

It’s also great to see that there’s a real sense of urgency around the guidelines, with the Central Bank expecting regulated firms to be in a position to evidence their actions by 2023 at the latest.

With both DORA and NIS2 yet to be finalised, and unlikely to come into effect before 2023, organisations should not wait around to take action.

Prioritising resilience by design by ensuring it forms the basis of any relationship with third parties throughout the whole supply chain is key.

When it comes to managing third party risk, and putting in place the required legally binding agreements with suppliers, escrow agreements are the only proportional, tried and tested method on the market already in use throughout Ireland. Indeed, regulators globally – including in the UK and the US – recommend software escrow as a key practical solution.”



Press contacts

NCC Group Press Office

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7824 412 405

Related content

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom