Basel finalises resilience principles as FDIC chair points to legacy systems

FDIC chair Jelena McWilliams has highlighted banks’ outdated legacy systems as her “number one” concern about banking operations, shortly after the Basel Committee on Banking Supervision finalised its seven principles for operational resilience.

Speaking at the Consumer Bankers’ Association’s Washington forum on 14 April, the chair of the Federal Deposit Insurance Corporation said the outdated software and internal processes used at banks threatened the sector’s overall resilience.

McWilliams said legacy systems “concern me on a longstanding basis”, when asked by CBA president Richard Hunt what she would change about the banking system had she a “magic wand”, at a panel where she appeared alongside acting comptroller of the currency Blake Paulson.

Before taking over as FDIC chair in 2018, McWilliams spent 18 months as chief legal officer at Cincinnati-based Fifth Third Bank – experience she drew on in her remarks. “I’ve learned this first hand when I worked at a bank – a lot of these banks have legacy systems that frankly are impeding their ability to move forward.”

FDIC is considering rolling out a voluntary certification scheme for technology service providers that would brand them as reliable bank partners and smooth out banks’ due diligence processes, after consulting on the concept last summer.

“It becomes very complicated when you’re bogged down by legacy systems and an ongoing contract that you have – whether it’s with your core processor or other entities, or simply the legacy computer systems you have within your organisation,” she said. “It becomes really difficult to manage all that in a safe and sound manner and not have any issues.”

“If we could scratch everything and start anew, that would be wonderful,” she added. “We can’t, but anything we can do to improve resilience in our system would be good, and I think technology is something that we need to be open to there.”

The CBA event was held virtually and also featured contributions from KPMG principal Amy Matsuo on climate change under the Biden administration, and Visa’s head of US government engagement Bobby Thomson on the United States’ payments policy agenda.

Basel’s “seven principles” for operational resilience

The FDIC chair’s remarks came two weeks after the Basel Committee on Banking Supervision released its updated principles for operational resilience.

Released on 31 March, the principles relate to governance, operational risk management, business continuity planning, mapping interconnections, third-party dependency management, incident management, and technology.

The BCBS began consulting on the seven principles last year, after observing banks “rapidly adapting their operational posture” during the covid-19 pandemic.

The committee says adopting a “principles-based” approach to its recommendations is intended to help banks make proportional implementation regardless of size.

The guidance is “largely derived and adapted” from previous guidance in documents the BCBS has issued on operational resilience. But it said that “does not adequately capture all essential elements” of good operational resilience, particularly when taken as standalone documents.

Alongside the seven operational resilience principles, the BCBS also updated its Principles for the Sound Management of Operational Risk (PSMOR), which it first introduced in 2003, and last updated in 2011.

The revisions come after a review of the updated principles in 2014 found they “did not sufficiently capture certain important sources of operational risk”, including those arising from information and communication technology, and that the 2011 principles had not been adequately implemented.

Get unlimited access to all Global Banking Regulation Review content