I recently read a transcript of a speech by Nick Strange, Director, Supervisory Risk Specialists at the Bank of England. It was an interesting piece and raises a couple of key points.

UK regulators’ focus on Operational Resilience is perhaps the most demanding and all-encompassing of practically all regulations that we have seen yet. With a focus squarely on the resilience of financial institutions’ business services, it demands attention to all types of risk – operational, financial, cyber and IT – so that organizations’ ability to withstand disruption and recover quickly isn’t compromised. Astutely, it recognizes that disruption ‘will occur’ and organizations’ tolerance has to be cause-agnostic.

Clearly, financial institutions need to evaluate their capability in everything – business continuity, ability to react to changing market conditions, technology systems, critical business processes, risk management and compliance and more.

Most financial institutions are aware of risks to their financial resilience alongside risks to their enterprise systems, cybersecurity being the number one issue; but the risk posed by Shadow IT tends to slip through the net.

Recognizing the important role that Shadow IT plays in business, from our informal conversations with the regulators, it’s only a matter of time before a formal demand for Shadow IT risk management becomes part of the wider Operational Resilience programme. Developing a framework that systemizes and operationalizes the monitoring and control of Shadow IT applications and processes is well worth embarking on.

Prev Next

Related Content:

Get In Touch

Let's talk about how you can control your Shadow IT.