The Cross Market Operational Resilience Group (CMORG) has published guidance to the financial sector on transitioning towards quantum-safe cryptographic practices, following recent guidance from the UK’s National Cyber Security Centre (NCSC).  The guidance is intended to provide clarity to banks and other financial institutions on how they will switch to post-quantum cryptography—a new kind of encryption that will remain secure even when quantum computers arrive.

The Cross Market Operational Resilience Group’s (CMORG) AI Taskforce was created in
2024 as a joint initiative of the CIO Forum and Cyber Coordination Group, in response to
concerns relating to sector-level risk introduced by the rapid adoption of Generative AI (Gen AI).
Alongside a quick reference list of key takeaway risk mitigation actions for firms, the
document provides a useful reference point for the most relevant reading materials available
to build deeper understanding of this complex and fast evolving risk area.

The DSL is designed to be a shared resource which contains a catalogue of categorised and individually described scenarios, constructed using a common design methodology.

This revised version of the Firm Guidance for Operational Resilience supports the essential uplifts and developments since its last publication.

The Cross Market Operational Resilience Group (CMORG) Chief Information Officers Forum-led (CIOF) has brought together subject matter experts and interested parties from across industry to share information on existing implementations and data vault designs with a specific focus on cloud-based solutions. We hope you find this best practice of use in shaping your organisation’s pathway to increased operational resilience through robust recovery architecture.

Effective exit planning helps to maintain operational resilience and supports successful transitions between suppliers, particularly during a stressed exit scenario.

This exit planning document provides a template and associated guidance for stressed exit strategies concerning material and high-impact suppliers as part of an organisation’s Third Party Risk Management (TPRM) framework and associated Business Continuity and Disaster Recovery measures.

This is the CMORG 2024 Reflections Post.

On the 10 September 2024, we held the second annual CMORG conference on ‘The Future of Resilience.’ It is clear that CMORG’s continued efforts to strengthen the financial service sector’s preparedness for operational disruptions are more necessary than ever. As key themes covered the Senior Managers view, preparedness for March 2025, and the wider ecosystem, a key theme was the need to focus on strategic outcomes that support the ecosystem as a whole.

This guidance provides a set of principles and broad expectations of the industry on how scenario testing with third parties should be conducted. This guidance is intended to be used by financial firms of all maturities as either a guidance for building a framework for scenario testing with third parties, or to act as a checkpoint for established programmes.