The Federal Reserve Bank of New York’s Staff Report No. 909 explores how a cyberattack on several small or midsize banks could create an interbank funding failure. Such a failure would lead to a broader systemic liquidity crisis. Putting cybersecurity tools and policies in place at individual banks would not address the interconnectedness of the entire banking ecosystem. However, employing a thorough modeling approach that takes into account the potential points of cascading failures would help decision makers understand the interconnectedness of their risks, as Milliman’s Chris Harner, Chris Beck, and Blake Fleisher discuss in their article “Cyberattacks could cripple U.S. financial system.”
Have you ever wondered what options would be available to your company should it get into financial difficulty? Does your company have a ‘plan B’ and how practical and realistic is it? These are questions (re)insurance companies may soon need to answer. Recovery and Resolution Plans (RRPs) have already been introduced in the banking industry. In this blog I outline a few insights the insurance industry can learn from the recovery and resolution planning process which the banking industry has already commenced. (Re)insurance companies may find this useful particularly in light of the European Insurance and Occupational Pensions Authority (EIOPA) opinion issued last month recommending a harmonised recovery and resolution framework for all insurers across the EU.
Based on the feedback from the banking industry, it would appear that there is more to recovery and resolution planning than meets the eye. In the banking industry, recovery plans, for example, are intended to be living documents which demonstrate that the recovery strategies presented can be implemented in reality—and that is not an easy task.
The following diagram illustrates the embeddedness of recovery plans within banks as well as some of the key considerations which I will expand upon in this blog.
Recovery plans can span hundreds of pages as the practicalities of recovery strategies are explored in great detail in order to have a plan of action in place that is realistic, achievable and capable of being put into action straight away. Regulators expect a short timeframe for implementation of a recovery plan, with the recovery strategies presented typically required to be fully executable within a 12-month period. In addition, it is expected that the recovery strategies take account of the particular scenarios the company may find itself in. For example, the recovery strategies may vary depending on whether an idiosyncratic or a systemic risk has materialised, given that the options a company could take when it alone is in financial difficulty compared to when many companies are in the same boat may well be different.