The Future of Operational Resilience: A Critical Update for MiFID Investment Firms
The financial landscape is evolving, and so are the standards. On January 12, 2026, the Central Bank of Ireland (CBI) unveiled its assessment of operational resilience within the MiFID investment sector, setting the tone for the industry's future.
The CBI's assessment, available here, scrutinized how MiFID firms have implemented the CBI's cross-industry guidance on operational resilience. This guidance, aimed at regulated financial service providers, is a cornerstone of the CBI's supervisory work, as outlined in its Regulatory and Supervisory Outlook 2025. See our briefing for more details.
Operational resilience, as defined by the Central Bank, is the capacity of a firm and the financial sector to anticipate, respond, adapt, recover, and learn from operational disruptions that impact critical business services. The Guidance, first published in December 2021 and updated in July 2025 to align with the Digital Operational Resilience Act (DORA), aims to bolster operational resilience across the financial sector. Learn more about DORA's impact here.
The CBI's assessment had two primary objectives: (i) to determine if firms have operational resilience frameworks that meet the Guidance's standards, and (ii) to ensure that firm boards and senior management are accountable for the design and effectiveness of these frameworks.
CBI's Findings: A Mixed Bag
The assessment revealed both strengths and areas for improvement. Many MiFID firms had operational resilience frameworks aligned with the Guidance and the CBI's expectations. These firms typically had boards responsible for operational resilience, delegating tasks to committees and senior management. Regular management reporting and challenges at the board and senior management levels were also observed as good practices.
However, the CBI identified several areas requiring enhancements:
- Identification of Critical Business Services: Firms need to better identify their critical or important business services.
- Mapping of Service Delivery: The CBI found that some mapping exercises lacked detail, hindering firms' ability to identify vulnerabilities and prepare remediation plans.
- Scenario Testing: The level of detail and range of scenarios considered in testing need improvement.
- Alignment with Risk Management Frameworks: Operational resilience should evolve from operational risk and business continuity management, aligning with existing frameworks.
And this is where it gets interesting...
The CBI's expectations for the future are clear. All MiFID firms and their leadership are urged to re-evaluate their compliance with the Guidance, including the DORA-related updates from July 2025. The CBI emphasizes the following Guidelines as key areas of focus:
- Guideline 4: Firms must identify their critical or important business services.
- Guideline 7: Understanding and mapping the delivery of these services is crucial.
- Guideline 8: Third-party dependencies should be captured in the mapping process.
While the assessment didn't directly focus on DORA or cyber resilience, the CBI highlighted these as ongoing priorities. They plan to intensify supervisory work in these areas in 2026-2027, recognizing the increasing complexity and dynamism of the financial landscape, evolving technology, and sophisticated threats. The CBI expects firms to fortify their operational resilience frameworks, especially in cyber and digital resilience, to ensure effective recovery from disruptions while minimizing customer impact.
Controversy Corner: Are Firms Doing Enough?
The CBI's assessment raises an important question: Are MiFID firms adequately prepared for the evolving challenges of operational resilience? As the financial sector navigates an increasingly complex environment, is the industry keeping pace with the necessary resilience measures?
Our team at Arthur Cox is well-versed in guiding regulated firms through the intricacies of operational resilience, cybersecurity, and regulatory compliance. If your firm is re-evaluating its operational resilience strategies in light of the CBI's findings, we're here to help. Reach out to us, and let's ensure your firm is future-ready.
