A new joint report from RMA’s Toronto Chapter and Canada’s Office of the Superintendent of Financial Institutions (OSFI) explores how banks can strengthen operational resilience in an era of constant disruption. Drawing on perspectives from regulators and financial institutions (last week, the chapter held an executive roundtable with the large Canadian banks), the report outlines lessons that apply far beyond Canada’s borders—especially for banks seeking to turn regulatory expectations into practical advantage.
Modern banking operations are increasingly intertwined across systems, vendors, and jurisdictions. The challenge is no longer if disruption will happen, but how well your institution can respond and recover when it does. As the report notes, “resilience is the outcome of effective operational risk management.”
Here are key takeaways for banks of all sizes:
- Strengthen the foundation first. A resilience plan is only as strong as the operational risk program beneath it. Institutions should close gaps in governance, data, and technology oversight before layering on new resilience requirements. Fragmented frameworks make it harder to respond cohesively when disruption hits.
- Map what truly matters. The report’s guidance centers on identifying critical operations—services that, if interrupted, would jeopardize customer trust, safety, or financial stability. From there, map the people, systems, and third parties that make those operations possible. Visibility is everything.
- Test your tolerances—then test again. Every critical operation should have a defined tolerance for disruption—how much downtime or customer impact you can withstand. But those numbers mean little without rigorous scenario testing. Go beyond tabletop exercises; simulate end-to-end outages to reveal real weaknesses.
- Prioritize cross-functional resilience. Operational resilience thrives on collaboration between business, risk, IT, and compliance teams. “Tone from the top” is essential, but ownership must extend across all lines of defense. Encourage staff to identify vulnerabilities and escalate issues early—without fear of reprisal.
- Think culture, not checklists. A “resilience-first” mindset means viewing disruption planning as part of strategic growth, not just regulatory compliance. As RMA Toronto President and Equitable Bank CRO Marlene Lenarduzzi put it, operational resilience empowers financial institutions “to anticipate, withstand, and adapt to challenges,” protecting their clients and reputation alike.
As the report concludes, operational resilience “is a sustained commitment that evolves with the risk environment.” The principle applies everywhere: whether your regulator is OSFI, the OCC, or the Fed, resilience isn’t a project—it’s a posture.
Want to learn more? Toronto chapter members Stella Cabrera, Sandeep Dani, Marlene Lenarduzzi, and Bryan Tamblyn, and OSFI’s Elspeth Bowler contributed to the report. Contact them at [email protected]. The Toronto chapter is part of the RMA by ProSight Chapter Network.
