Upon completion of this course, participants will be able to:

• Differentiate between traditional BCP/DR and the holistic concept of **Operational Resilience (OR)**.
• Apply the CPMI-IOSCO and other regulatory principles for FMI operational risk and resilience.
• Identify and map the **Critical Business Functions (CBFs)** and their end-to-end dependencies within the FMI ecosystem.
• Establish and communicate clear **Tolerance for Disruption** (TfD) limits for each CBF.
• Develop and execute system-wide **Scenario Testing** to validate resilience against severe, plausible threats (e.g., supply chain failure, widespread cyber-attack).
• Design a robust third-party and supply chain risk management framework for critical vendors.
• Understand the legal, governance, and organizational changes required to embed OR into the corporate culture.
• Develop a continuous monitoring and improvement framework for OR metrics and performance.

• Heads of Operations, BCP, and Operational Risk at Central Banks and FMIs.
• Senior IT and Information Security Managers.
• Regulatory Compliance and Internal Audit Specialists.
• Risk Management Officers responsible for Resilience Frameworks.
• FMI Oversight and Policy Personnel.
• Senior Management responsible for Operational Strategy.

• Scenario Testing Simulation Exercises focused on exceeding TfD (War Games)
• Group Activities on Mapping End-to-End Critical Business Functions for an RTGS System
• Case Studies on Major Operational Incidents and Resilience Failures
• Workshops on Developing Tolerance for Disruption (TfD) Limits
• Expert Presentations on TPRM and Supply Chain Resilience Best Practices
• Individual Assignments on Creating an OR Performance Monitoring Dashboard

Unit 1: The Shift to Operational Resilience (OR)

• Defining OR and its regulatory mandate (e.g., CPIM-IOSCO Principle 17).
• Contrasting OR with traditional Business Continuity Planning (BCP) and Disaster Recovery (DR).
• The core pillars of OR: prevention, response, recovery, and learning.
• The concept of the **Financial Ecosystem** and the interconnectedness of FMIs, participants, and vendors.
• The critical role of senior management and the Board in setting OR strategy and tolerance.

Unit 2: Mapping and Defining Criticality

• Methodologies for identifying and prioritizing **Critical Business Functions (CBFs)** in payment systems.
• Mapping the complete end-to-end chain of processes, technology, people, and third parties supporting each CBF.
• Establishing **Tolerance for Disruption (TfD)** limits (maximum allowable downtime, data loss) for each CBF.
• Analyzing single points of failure (SPOFs) and bottlenecks in the mapped ecosystem.
• Using process modeling tools to visualize dependencies and potential choke points.

Unit 3: Resilience Design and Third-Party Risk

• Architectural design principles for resilience (redundancy, immutability, geographic separation).
• Developing a robust **Third-Party Risk Management (TPRM)** framework for critical service providers.
• Contractual requirements and due diligence for ensuring vendor resilience.
• Strategies for addressing **supply chain risk** and concentration risk among key vendors.
• Implementation of robust cyber resilience strategies (e.g., immutable backups, network segmentation).

Unit 4: Scenario Testing and Crisis Management

• Designing and executing system-wide **Scenario Testing** exercises (war games) against TfD limits.
• Developing severe but plausible scenarios (e.g., zero-day cyber exploit, simultaneous site failure).
• Establishing and testing clear command, control, and communications during a severe disruption.
• Post-incident and post-test analysis: identifying root causes and embedding lessons learned.
• Coordinating multi-FMI and cross-sector resilience testing.

Unit 5: Governance and Continuous Improvement

• The role of the Board and senior management in overseeing the OR program.
• Integrating OR metrics and reporting into the existing risk management and audit frameworks.
• Regulatory reporting requirements for OR breaches and self-assessments.
• Developing a **Culture of Resilience** through continuous training and awareness.
• The future of OR: integrating AI for predictive resilience monitoring and dynamic resource allocation.