Fachartikel

Operational resilience, regulatory resilience and digital competitiveness in the financial services sector

NEWS 01/2026How Chief Operating Officers can ensure future viability and strategically prioritise investments

Operational resilience describes an institution’s ability to maintain business continuity and service quality even under stressful conditions. Regulatory resilience, on the other hand, encompasses consistent compliance with existing and future regulatory requirements. These two dimensions are interlinked: an institution that is not regulatory compliant cannot be operationally resilient – and vice versa.
08.04.26
Artificial Intelligence, Bank Controlling
Operational resilience, regulatory resilience and digital competitiveness in the financial services sector

The pressure on financial institutions is mounting: volatile capital markets and geopolitical risks, rapidly changing customer demands, technological leaps and a steadily increasing regulatory burden. Many institutions are facing a situation where existing investment plans are no longer sufficient.

Chief Operating Officer (COO) faces new priorities

This is also the case for the Chief Operating Officer (COO) of a medium-sized bank, who, following an in-depth review of strategic objectives, concludes that planned investments must be realigned – not only to optimise costs, but above all to ensure operational resilience, regulatory compliance and digital competitiveness.

The benefit: Thanks to a clearer strategic overview, investments can be targeted precisely where resilience, efficiency and long-term returns interact optimally.

Why operational and regulatory resilience are essential in banking

Operational resilience describes an institution’s ability to maintain business continuity and service quality even under stressful conditions – such as cyber-attacks, staff absences, system failures or market disruptions.

Regulatory resilience, on the other hand, encompasses consistent compliance with existing and future regulatory requirements – that is, the early identification, prioritisation and implementation of new standards, and the identification of competitive opportunities (for example, FiDA, AMLR, AMLD1, the EU AI Act, the digital euro, new market standards).

Both dimensions are interlinked: those who are not regulatory stable cannot be operationally resilient – and vice versa.

Demographics and legacy systems are driving change

Two structural developments are currently shaping a COO’s agenda more than any short-term market fluctuation: demographic change and the backlog of technological investment.

This dual challenge makes it clear: resilience is not achieved through one-off measures, but through a new form of prioritised, multi-year COO roadmap that secures capacity, automates processes and renews the technological infrastructure. Demographics and legacy IT can thus be transformed from a problem into a driver of structural renewal.

Consolidated baseline analysis and needs assessment: the COO’s strategic perspective

To ensure forward-looking and cost-effective investment planning, the COO systematically analyses the current situation of their institution and identifies specific areas requiring action. The aim is to gain a clear overview of where strategic, operational and regulatory adjustments are needed to secure long-term competitiveness and resilience.

The analysis and needs assessment are carried out in an integrated manner across four key dimensions:

msg_Gradient_GELB

1. Business and Product Strategy

  1. Where are profitability and revenue potential growing – and where are structural declines occurring?
  2. Which customer segments, products and services should be expanded, prioritised or scaled back?
  3. Which partnerships open up new revenue, product or service opportunities?
  4. What investment budgets are available – and are strategic objectives realistically achievable with them?
msg_Gradient_GELB

2. Workforce, Organisation and Governance

  1. Are organisational and governance structures suitable for enabling agile, rapid and sustainable decision-making?
  2. How does the workforce change over time due to age demographics, staff turnover and automation?
  3. Where do overcapacities or undercapacities arise, particularly as a result of AI support or additional regulatory requirements?
  4. How can bottlenecks be offset through partnerships, out-sourcing, co-sourcing or nearshoring?
  5. What skills are currently available, and where are the gaps (e.g. cloud, AI, data, IT security)?
msg_Gradient_GELB

3. Processes, IT Systems and Resilience

  1. How efficient are core processes in terms of costs, quality, lead times and the level of automation?
  2. Where do inefficiencies arise due to process or organisational silos?
  3. Is the IT architecture flexible and adaptable enough to implement regulatory requirements in an agile and cost-effective manner?
  4. Are availability, resilience, and cyber and cloud security sufficiently guaranteed?
  5. Which legacy systems pose a structural risk and should be replaced or decommissioned in the future?
msg_Gradient_GELB

4. Regulatory requirements

  1. Status of operational compliance (e.g. DORA4)
  2. Implementation of new market standards (e.g. ISO 20022, ESG reporting)
  3. Preparation for future requirements (e.g. FIDA, MiCA5, digital euro)

Das Ergebnis ist eine konsolidierte, faktenbasierte Sicht auf Marktchancen, Risiken, Kostentreiber und konkrete Handlungsbedarfe – als Grundlage für Zielbild, Maßnahmenportfolio und priorisierte Investitions-Roadmap.

Developing a target vision and deriving a portfolio of measures

Based on the analysis, a robust target vision and a strategic portfolio of measures are developed, including a rough estimate of the investment budget broken down by cost type (IT, personnel, external), even though dynamic markets and technological innovations require agile target visions that need to be adapted annually.

Agility is crucial. The measures are organised into the following categories:

1. Digitalisation & automation of core processes

How are processes optimised?

  • Which processes are actually needed, and which can be merged or redesigned? Where is end-to-end digitalisation possible to improve customer service and reduce costs? And where is it not?
  • Where can AI-supported process automation be implemented? And in which customer segments and internal departments is it specifically not suitable?
  • Where can workflow and document automation be implemented?
  • Where can self-service solutions be developed for customers and staff, or solutions procured externally?

2. In-house, co-sourcing and outsourcing of processes and systems

Can external partners or service providers offer more cost-effective and faster support?

  • Use of external platforms (e.g. payment processing, securities settlement)
  • Managed services for cyber security, cloud and IT operations
  • Co-sourcing or outsourcing options for business operations

3. Replacement of IT and service systems

Which systems and services are actually needed? Are there any complex and unprofitable products and services? Could new solutions be envisaged?

  • Cloud vs. non-cloud strategies
  • API-enabled platforms
  • Migration of critical legacy systems
  • Development of modular and agile, adaptable target architectures

4. Staffing, organisational and governance adjustments

What does this mean for the organisation and workforce planning?

  • Are the governance and organisational structures efficient and agile enough, with a clear allocation of responsibilities, or are adjustments needed?
  • Do current capacities match the expected business volume?
  • Do employees’ skills match future job profiles, and where does expertise need to be secured?
  • Is change management support advisable?

The result is an overview of possible courses of action, including a cost estimate broken down by type of expenditure (IT, personnel, external).

Prioritised Roadmap: The COO steers the transformation

Developing a multi-year roadmap enables proactive management that takes the broader context into account. In doing so, the COO can bring the perspective of the entire product portfolio to bear and facilitate fact-based resolution of conflicting objectives, such as those between different product lines or between IT and business departments.

The roadmap includes:

  • Quick wins vs. major strategic projects
  • Cost estimation by cost type, stress testing and cost variance estimation (IT, personnel, external)
  • System and personnel dependencies between projects
  • Risk assessment
  • Regulatory milestones
  • Planned operational cost implications

In addition, measures are prioritised according to:

  • Earnings potential,
  • Costs and cost variance, and
  • Resilience.

The result is a clear, fact-based prioritisation of investments that simultaneously allows for agility in response to future requirements and thus enables adjustments.

Conclusion: Forward-looking management makes financial service providers resilient

Crucial to resilience are a strategic overview, an agile vision and an investment roadmap for sustainable institutional management.

Consistently reassessing and prioritising investments enables:

  • compliance with cost targets despite limited budgets,
  • strengthening of operational resilience,
  • fulfilment of future regulatory requirements,
  • improvement in process quality and efficiency, and
  • the institution’s technological future-proofing.

In this way, resilience is not merely achieved – it becomes the foundation of a sustainable and competitive strategy.

Sources and further reading
  1. 1FiDA = Financial Data Access; AMLR = Anti-Money Laundering; AMLD = Anti-Money Laundering.
  2. 2See ‘Age Structure in the Private Banking Sector 2023’, AGV Banks (read in german).
  3. 3See ibi Banking Trends 2025: Rigid process silos remain a major obstacle to legacy modernisation – German banks have some catching up to do (read in in german).
  4. 4DORA = Digital Operational Resilience Act.
  5. 5MiCA = Markets in Crypto-Assets, an EU-wide regulation governing crypto-assets.