Resiliency has long been of interest to those in the disaster recovery and business continuity fields and is critical to considering strategy and risk management. The Organization for Economic Co-operation and Development (OECD) defines resiliency as “the ability of households, communities and nations to absorb and recover from shocks, whilst positively adapting and transforming their structures and means for living in the face of long-term stresses, change and uncertainty. Resilience is about addressing the root causes of crises while strengthening the capacities and resources of a system in order to cope with risks, stresses and shocks.”¹

Throughout this book, the concept of resiliency has been introduced in a few ways. Financial and operational leverage were noted as were the five forces in the Porter model. Every strategic model approach considers resiliency even if it is as simple as the SWOT (strengths, weaknesses, opportunities, and threats) model. A key element of the risk process is proactive response and planning to create and sustain resiliency. This points to a critical integration point between strategy and risk—both are focused on creating a sustainable business operation; an operation resilient to market dynamics, competitor and other stakeholder actions, and sociopolitical trends.

In the financial institution risk world, particularly in the regulatory approach, resiliency was originally focused on capital adequacy, and this is still a dominant ...