SR 20-24:

Interagency Paper on Sound Practices to Strengthen Operational Resilience

BOARD OF GOVERNORS
OF THE FEDERAL RESERVE SYSTEM
WASHINGTON, D.C. 20551

DIVISION OF
SUPERVISION AND REGULATION

SR 20-24
November 2, 2020

TO THE OFFICER IN CHARGE OF SUPERVISION AT EACH FEDERAL RESERVE BANK

SUBJECT:

Interagency Paper on Sound Practices to Strengthen Operational Resilience

Applicability:  The attached interagency guidance applies to federal savings associations, national banks, state member banks, state nonmember banks, savings associations, U.S. bank holding companies, and savings and loan holding companies that have average total consolidated assets greater than or equal to (a) $250 billion or (b) $100 billion and have $75 billion or more in average cross-jurisdictional activity, average weighted short-term wholesale funding, average nonbank assets, or average off-balance-sheet exposure.

The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency (the agencies) have issued the attached interagency paper, “Sound Practices to Strengthen Operational Resilience” (sound practices).1 To help large and complex domestic firms address unforeseen challenges to their operational resilience, the sound practices are drawn from existing regulations, guidance, and statements as well as common industry standards that address operational risk management, business continuity management, third-party risk management, cybersecurity risk management, and recovery and resolution planning. The guidance in the sound practices does not amend, expand, or alter the agencies’ existing regulations or guidance.

Although it is important for all firms to strengthen their operational resilience, the sound practices are directed to the largest and most complex domestic firms. As detailed in the attached Explanatory Note, firms in recent years have experienced significant challenges from a wide range of disruptive events, including technology-based failures, cyber incidents, pandemics, and natural disasters. Such events, combined with a growing reliance on third-party service providers, expose firms to a range of operational risks.

Reserve Banks are asked to distribute this letter to the supervised institutions in their districts and to appropriate supervisory staff. Questions regarding this letter may be sent via the Board’s public website.2

signed by
Michael S. Gibson
Director
Division of
Supervision and Regulation

Back to Top
Last Update: November 08, 2023