Recovery Planning
Saturday, Aug 15, 2020

Recovery Planning


Recovery planning is not an entirely new concept – financial institutions have always had contingency plans to enable them to respond to, and recover from, adverse events.

However, the global financial crisis (GFC) in 2007-2008 revealed that many financial institutions had inadequate recovery plans. Different types of recovery (raising additional capital, generating additional liquidity, and responding to operational failures) were often planned for separately; recovery plans were not discussed at board level, or sometimes even by a financial institution’s executive committee; recovery planning was based on insufficiently severe assumed stresses; many financial institutions planned only for a firm-specific shock while the rest of the market continued normally; and where market-wide shocks were considered, many financial institutions assumed that they would benefit from a “flight to quality.”

One element of the post-GFC regulatory reform agenda was therefore to introduce new and tougher standards for recovery planning by financial institutions across all financial sectors. The objective was to enhance the resilience of financial institutions through recovery planning for more severe and wide-ranging adverse scenarios.

This Toronto Centre Note describes these standards for recovery planning, discusses how supervisors can monitor whether financial institutions are meeting these standards, and outlines the supervisory actions that can be taken by supervisors to improve a financial institution’s recovery planning.

Recovery and resolution planning

The first response by international standard setters to inadequate recovery planning by financial institutions was the regulatory reforms directed at global systemically important financial institutions (G-SIFIs). Recovery and resolution planning were one of the three main elements of this response, together with capital surcharges and more intensive supervision. New requirements for recovery and resolution planning were set out by the Financial Stability Board (FSB 2011 and 2014). On recovery planning, this stated that:

“Supervisory and resolution authorities should ensure that the firms for which a recovery and resolution plan is required maintain a recovery plan that identifies options to restore financial strength and viability when the firm comes under severe stress. Recovery plans should include:

(i) credible options to cope with a range of scenarios including both idiosyncratic and market wide stress;

(ii) scenarios that address capital shortfalls and liquidity pressures; and

(iii) processes to ensure timely implementation of recovery options in a range of stress situations.”

The FSB drew an important link between recovery and resolution. Recovery planning is designed to enable a financial institution to continue operating as a going concern, recovering from adverse shocks to restore its capital, liquidity, or operational capacity to acceptable levels. However, if a recovery plan fails to restore the financial and operational health of an institution, then the institution may no longer be viable and may have no reasonable prospect of becoming viable. At that point, the criteria for putting the institution into resolution may be met, and the resolution powers recommended by the FSB may be used by a resolution authority.[2]

Supervisors may also be familiar with recovery planning in the context of the stages of supervisory intervention (see Figure 1), where a typical series of stages would include reviewing a financial institution’s recovery plan at Stage 1; imposing supervisory requirements on an institution to improve its recovery plan at Stage 2; activating a recovery plan at Stage 4; and – if the recovery plan is unsuccessful – putting the failing or failed institution into liquidation or resolution at Stage 5.

Figure 1: Stages of supervisory intervention[3]

Intervention stage

Overall risk rating

Intervention level

Typical supervisory actions




Regular review and risk assessment

(Including review of a firm’s recovery plan)



Early warning

Requirement on firm to address identified deficiencies

(Including deficiencies in the firm’s recovery plan)

Enhanced interaction with senior management

Increased use of reviews by specialist risk teams

Additional reporting requirements



Close oversight

Requirement on firm to revise business plans, enhance governance, hold more capital/liquidity, enhance governance and controls

More frequent on-site visits




Mandated actions

Implementation of recovery plan

Use of formal powers to issue directions

Activate remediation

Disciplinary actions



Liquidation or resolution

Firm put into liquidation, or

Resolution regime triggered


Standard setting

The FSB’s recommended standards on recovery planning were directed towards financial institutions in all sectors – banking, insurance, securities, and financial market infrastructures. And although FSB standards are directed to G-SIFIs, this is on the understanding that national authorities should apply similar standards to domestic SIFIs and, where appropriate, to non-SIFIs on a proportionate basis.

More detailed standards for recovery planning have been developed by the International Association of Insurance Supervisors (IAIS, 2019), the Committee on Payments and Market Infrastructures and the International Organization of Securities Commissions (2017), and by regional and national supervisory authorities.

It is important for national supervisory authorities to set standards on recovery planning, and to provide clarity to financial institutions and to supervisors on the supervisory expectations for recovery planning. This usually takes the form of rules or guidance on the content of recovery plans, on the need for a recovery plan to be credible in coping with a range of severe but plausible scenarios, and on keeping plans updated.

Supervisors should take account of the systemic importance, size, and complexity of financial institutions when setting requirements and expectations for recovery planning. Some smaller and lower-risk institutions might be excluded from the requirement to put a recovery in plan in place, while other non-SIFIs might be permitted to have less detailed recovery plans.

Supervisory authorities should also have powers to require financial institutions to improve their plans or take mitigating actions if they do not meet these standards.

The following sections outline each of the main areas that a recovery plan should cover, together with examples of where some financial institutions have struggled to meet required standards:

  • Governance and risk management
  • Documentation
  • Scope
  • Critical functions
  • Scenarios
  • Early warning indicators and triggers
  • Recovery options
  • Testing, feasibility, and updating
  • Communications

Governance and risk management

A financial institution’s recovery plan is owned by the institution itself (in contrast to a resolution plan, which is owned by the resolution authority). A financial institution should regard a credible and effective recovery plan as part of good business planning and risk management, not just as a means of satisfying a regulatory requirement. It should benefit the institution through an improved understanding of its risks from severe stress scenarios, and through the development of effective responses to these scenarios.

The governance of a recovery plan should cover its production and sign off, its implementation, and its testing and updating. Executive management should be responsible for preparing, testing, implementing, and updating the plan; and the plan (and regular updates of it) should be discussed and approved by the financial institution’s board (unitary or supervisory board).

Recovery planning should be integrated with a financial institution’s strategy, business decision making, risk management, stress testing, capital and funding assessments (ICAAP and ILAAP for banks and ORSA for insurers), and business continuity planning.

Clear decision-making processes and procedures should be in place for the activation of recovery options. Management information on early warning indicators and any breach of triggers should be reported promptly and effectively to senior management and the board, to enable early detection of severe stresses. Escalation and activation procedures are then necessary to enable a financial institution to evaluate the various recovery options set out in the recovery plan; to decide which, if any, of them to activate; and to specify how this activation will be implemented in practice. Some recovery options might be decided upon by senior management, while others will require board approval. Individual responsibilities need to be identified clearly within these governance processes.

A review of the governance of the recovery plans of 26 major banks undertaken by the European Banking Authority (2016) found that:

  • Some recovery plans did not include sufficiently clear and detailed descriptions of the recovery plan development process, and of the roles and functions of the individuals and committees responsible for developing the recovery plan.
  • Half the recovery plans relied only on general governance procedures for escalation and decision-making, not specific procedures for different scenarios and recovery options.
  • Most banks had procedures and responsibilities in place for updating their recovery plans, but the detail provided for updates varied significantly across banks.
  • In banking groups, most recovery plans were based on input from group level, but not from subsidiaries. As a result, most plans did not ensure appropriate coverage of material subsidiaries.


Documentation and data

Recovery plans should be supported by good documentation, data, and management information. The plan needs to be clear, well-understood, and capable of being activated by senior management collectively, not just by a small number of key individuals.

Data and management information should identify when triggers are breached or are likely to be breached, and should be integrated with other data and internal reporting aspects of risk management.


Where financial institutions are groups rather than single entities, their recovery plans should address the recoverability of the whole group, and of any material entity within the group.

In the case of a cross-border group,[4] a host country supervisor may require a separate recovery plan for the financial institution under its jurisdiction, in particular where no group recovery plan exists, or the entity in the host country is not adequately covered by a group recovery plan, or the entity in the host country is deemed to be systemically important in that country. The host supervisor should also cooperate and coordinate with the group-wide supervisor to avoid inconsistent recovery actions in times of crisis.

Similarly, in the case of financial conglomerates, the supervisors of financial subsidiaries may require separate plans for these subsidiaries.

Critical functions and services

A recovery plan should identify the financial institution’s core business lines, critical functions and critical services, and the key legal entities and jurisdictions from which these functions and services are provided.

A critical function is an activity of a financial institution whose discontinuation following the failure of the institution would cause significant damage to financial stability or the wider economy. Critical functions are therefore most likely to be identified in institutions that are systemically important. For systemically important banks, critical functions are likely to include payment, clearing, settlement, and custody services; retail deposit-taking and retail lending; specialist lending (for example to SMEs, industry sectors, or regions); and market-making in securities such as government bonds. For systemically important insurers and pension schemes, critical functions are likely to include property, motor, and health insurance; employer liability insurance; life insurance; and the operation of national pension schemes.

A critical service is one on which critical functions depend, for example IT systems, transaction processing, trading and asset management, treasury-related services, access to financial market infrastructures, valuation, accounting and cash handling, real estate, legal services, and risk management and compliance functions. These may be provided in-house, from elsewhere in a financial group, or outsourced from a third-party supplier.

It is important that financial institutions and their supervisors focus on recovery options that would help to preserve the continuity of critical functions, while recognizing and avoiding any recovery options that might threaten the continuity of critical functions (for example, the sale or closure of a group entity that provides all or part of a critical function, or provides critical services on which the continuity of a critical function depends).

Although this implies that the main focus of recovery planning should be on systemically important institutions, it does not mean that recovery planning has no value for other institutions – even for smaller institutions, recovery planning remains an important element of their risk management and a potential source of assurance for supervisors responsible for the safety and soundness of these institutions and for the protection of their depositors, policyholders, and other customers and clients.

A review by the European Banking Authority (2015a) of recovery plans from 27 banks found that:

  • Some banks had not identified the critical functions they provided, or did not identify them using a range of quantitative data.
  • The identification of critical functions was mostly limited to a bank’s home national market.
  • The analysis of critical functions was not effectively linked to other key elements of the recovery plan, such as recovery options.
  • Most banks did not analyse all aspects of the impact of recovery options on critical functions, including the possibility that some options could endanger the continuity of critical functions.
  • Some banks did not analyse the provision of critical shared services from a single provider within a group.



A recovery plan should be based on a range of clearly-articulated, severe but plausible, firm-specific, market-wide, and systemic stress scenarios, and combinations of these. The scenarios should cover both fast-moving and slow-moving events. These scenarios should include, but not be limited to, the scenarios used by a financial institution for its stress testing.

For example, an insurer should consider scenarios such as a high-impact catastrophic event, including pandemics or climate-related events; a significant increase in longevity following a medical breakthrough; a mass lapse of policies; the failure of significant counterparties; a major cyber-security breach; significant falls in financial markets; and significant changes in the interest rate environment.

A review of recovery plans from 19 banks by the European Banking Authority (2015b) found that:

  • Many banks considered only a limited range of scenarios.
  • Some of these scenarios were vague, with little or no detail on the underlying quantitative assumptions.
  • Scenarios were not well-linked to core business lines and critical functions, or to the scenarios used for stress testing.
  • The impact of scenarios was not always evident, making it difficult to link each scenario to a set of triggers and a set of corresponding recovery options.
  • Scenarios were not sufficiently “dynamic” – they did not include a timeline for the breach of triggers, the decisions that needed to be taken, and the implementation of recovery options.

Financial institutions should then analyse the potential impact of scenarios on their profitability, capital, and liquidity; credit rating and cost of raising funding; external counterparties; operational capacity; material legal entities; core business lines; critical functions and critical services; and group-wide position.

 Early warning indicators and triggers

Financial institutions should develop a set of early warning indicators and triggers to indicate when recovery options might need to be activated. The trigger framework should identify a set of pre-defined criteria that enable an institution to monitor, escalate, and activate the appropriate range of responses for an emerging stress event.

The range of early warning indicators and triggers should include, depending on the business of the institution:

  • capital and solvency
  • liquidity and funding
  • profitability
  • asset quality
  • investment performance
  • insurance liabilities (technical provisions)
  • internal forecasts of future performance, projected outcomes, and trends
  • market indicators (for example credit rating, CDS spreads, share price)
  • macroeconomic indicators
  • operational events that could threaten financial viability
  • other triggers relevant to the institution’s business.

These indicators could be captured through a “traffic light” approach, with green indicating that an indicator is at its normal or target level, amber indicating that the indicator is showing signs of deterioration (early warning indicator), and red indicating that recovery options need to be activated.

Recovery options

A recovery plan should specify a range of recovery options that a financial institution could activate to restore its financial position (or market confidence in its viability) following an adverse shock. The activation of these options should enable the institution to survive a range of severe stressed scenarios. Recovery options need to be sufficiently comprehensive to enable an institution to respond effectively to a range of scenarios, well thought through, and capable of being implemented within the planned time period.

Specific recovery options should be in place to respond to each specific trigger point – although in some cases the same option may be used in response to more than one trigger. The recovery options should include, for example:

  • raising additional capital through rights issues, private placements, the conversion of contingent capital instruments and voluntary debt to equity conversions;
  • the sale of investments, subsidiaries, assets, or business lines;
  • accessing additional funding or using liquid assets to generate cash;
  • cost reductions from the suspension of dividends and variable remuneration, or of major projects and expenditures;
  • changes to the business model to de-risk the business; and
  • restructuring.

 Recovery options should not assume that any government support would be available, or that a central bank would provide liquidity beyond pre-announced arrangements (including acceptable collateral).

A review of recovery plans from 23 banks by the European Banking Authority (2017) found that:

  • These recovery plans provided a good overview of recovery options.
  • All the recovery plans included some analysis of the credibility and feasibility of recovery options, but this did not always extend to key factors that might influence the extent to which recovery measures could be implemented quickly and effectively in situations of financial stress.
  • Many recovery plans lacked a detailed assessment of the feasibility of the recovery options under each scenario.
  • Similarly, although all banks estimated timeframes for executing recovery options, many of them did not provide sufficient detail to assess whether such timelines were realistic.
  • Most recovery plans included some consideration of the impact of recovery options on critical functions and core business lines, and detailed information on operational impact and continuity, including on access to financial market infrastructures, management information systems, IT services, and risk management.
  • However, few plans specified whether operational continuity would be achieved when implementing a specific option.
  • Most banks identified potential risks and impediments to the execution of recovery options and, to a lesser extent, outlined potential mitigating actions to remedy them. But many plans contained only a limited and generic suite of preparatory measures to facilitate the implementation of options.
  • Half of the banks in the sample did not link their recovery options sufficiently closely to their governance and decision-making processes.
  • Almost all recovery plans provided some data on the financial impact on key capital and liquidity metrics. However, the level of detail on which the calculations were based was extremely limited in almost half of the plans.
  • Only half of the recovery plans identified recovery options available at subsidiary level, and these options almost always involved capital or liquidity support from the parent.

Activating specific recovery options should not be automatic – the recovery plan should identify one or more recovery options that could be activated in response to the breach of a trigger, but the choice of whether to activate a recovery option, or of which option to activate, will depend on the circumstances and should be discussed as part of the escalation processes for decision-making by a financial institution.

Feasibility, testing, and updating

It is not sufficient for a financial institution simply to state that a recovery option exists. It is also necessary for the institution to assess each option’s:

Feasibility – some recovery options may not be available or may be less effective in certain circumstances, for example when there are market-wide stresses or when the stress has a significant adverse impact on the value of assets that an institution might otherwise have sold. It may also not be feasible to undertake multiple recovery options at the same time.

Implementation – there may be constraints on the implementation of some recovery options, requiring preparations in advance to facilitate timely and effective implementation. Institutions also need to be clear in advance about the governance and decision-making arrangements for each specific recovery option.

Timing – some recovery options may work well, but require a long time to implement or for the benefits of the option to materialize. For example, the sale of a regulated subsidiary or raising new capital may involve lengthy negotiation and approval processes. And a restructuring or program of cost reductions may take time to deliver benefits. It is therefore important that recovery options match the time available to restore financial health or market confidence under each stress scenario.

Impact – an institution should assess in advance the likely impact of each recovery option, not only on its immediate need for additional capital, funding, etc., but also on potential side effects such as the impact on critical functions and critical services, on the rest of the financial group (where applicable), and on the longer term viability of the institution.

Objective – an institution should consider in advance what would represent a successful restoration point for capital, funding, market confidence, etc., and whether the successful activation of one or more recovery options would deliver a successful outcome.

Financial institutions should also test their recovery options. Clearly not all recovery options can be fully tested, but an institution should check as far as possible that its recovery options could be activated. As with business continuity planning, institutions should have a concise implementation guide (“playbook”) covering the procedures for activating each recovery option, and should perform tests (“fire drills”) of their recovery plan.

Recovery plans should be regularly updated, for example annually or following significant change to an institution’s business activities or structure.

Recovery plans should not simply be a document produced as a compliance exercise, but a “living” plan developed from the engagement of the financial institution’s board and senior management in designing, challenging, and testing the plan.


A recovery plan should include plans for internal and external communication for each specific recovery option, to keep staff, investors, supervisors, and other stakeholders informed when one or more recovery options are activated. Where it is obvious that an institution is in trouble, announcing the activation of recovery options could bolster market confidence.

Supervisory assessment

Questions supervisors should be asking when assessing a recovery plan


  • Is the plan clear, comprehensive, and internally consistent?
  • Does the plan cover all material operating entities in the group?
  • Does the plan cover the group and relevant operating entities?

 Governance and process

  • Has the plan been carefully considered and approved by senior management and the board?
  • Is the plan integrated with the institution’s strategic planning, risk appetite, risk management, and stress testing?
  • Is the plan properly documented and up to date?
  • Are there clear and thoroughly-tested escalation and decision-making processes for activating the plan?
  • Has the plan been subject to internal audit or external third-party review?

 Critical functions

  • Has the institution identified critical functions and critical services, and mapped these to legal entities?
  • Would the implementation of each recovery option support or endanger these functions and services?
  • Does the plan cover intra-group and third-party dependencies?

 Scenario analysis

  • Does the plan include a sufficient range of sufficiently severe stress scenarios (firm-specific and market-wide)?
  • Is there a realistic assessment of actions required in response to these scenarios?
  • Are early warning indicators and triggers in place that cover the full range of stress scenarios?
  • What data are required and are these data readily available?
  • Do the indicators and triggers provide sufficient time for the institution to act?


Supervisors should assess whether a financial institution’s recovery plan meets the relevant standards and supervisory expectations, taking into account considerations of proportionality for different types of institution. In some respects, this is similar to the supervisory review and evaluation of a bank’s ICAAP and ILAAP and an insurer’s ORSA, with the quality of a recovery plan providing information to a supervisor about an institution’s risk management capabilities and providing information that can be fed into the supervisory risk assessment of the institution.

Recovery actions

  • Does the plan establish a clear set of triggers and corresponding recovery actions?
  • Do the identified recovery options cover all the triggers and stress scenarios, and respond to both firm-specific and market-wide events?
  • Are recovery actions well designed and well calibrated against the triggers?
  • Are the identified recovery actions sufficiently wide-ranging?
  • Has the impact of each recovery option been assessed?
  • Is there at least one recovery option identified against each trigger event?
  • Are the recovery actions sufficiently certain, robust, realistic, and timely? Do they provide sufficient recovery capacity?
  • Could the plan be implemented quickly and effectively? Are the timelines realistic?
  • Have impediments to recovery options been adequately considered and addressed?
  • Have the recovery options been regularly tested? What lessons have been learned from these tests?



Home and host cooperation and coordination

Home and host supervisory authorities will both have a role to play in recovery planning where a financial institution is part of cross-border financial group.

The home country supervisory authority should be responsible for requiring the parent financial institution to produce a group recovery plan, and discussing this with the college of supervisors for the financial group. The home authority should also consider inviting a host authority to join the supervisory college where a group entity is of systemic importance in the host country (even if that group entity is not material to the group as whole).

A host country supervisory authority will need to consider how well the position of the group entities in the host country is covered in the group recovery plan (assuming that the home supervisory authority is prepared to share the group recovery plan with host supervisory authorities, which is not always the case). If this is not sufficient, then the host supervisory authority should consider requiring a separate recovery plan for each local group entity, particularly if a local entity is of systemic importance in the host country. In any case, a host supervisory authority should consider the potential impacts of the activation of a group recovery plan on the position of a local group entity, including for example the possibility that the sale of host country operations is one of the recovery options in the group-level recovery plan.

Where a local group entity produces its own recovery plan, the host supervisor should consider – in addition to the general issues discussed earlier in this Note – the different levels within a group at which stress scenarios might have an impact (an adverse event could hit only the parent in the home country, or only a local group entity in the host country, or some combination of these); the likely willingness and ability of the parent or other parts of the wider group to support a local group entity in the event of a stress scenario specific to the local group entity (the main recovery option in such an event is likely to be for the local group entity to look to its parent for support); intra-group transactions and exposures; and the provision of critical services from elsewhere in the group.

Where a host supervisory authority finds the recovery plan of a local group entity to be deficient, it could consider applying the supervisory responses discussed in the next section to the local group entity. In addition, it might seek to “ring fence” the local group entity by requiring subsidiarization and/or by limiting intra-group transactions, exposures, and the provision of critical services. The host supervisor could also seek to remedy deficiencies through cooperation and collaboration with the home country supervisor.

Supervisory responses

Supervisors should intervene to correct material deficiencies in an institution’s recovery plan. This could take various forms, depending on the nature of the deficiency and the risks posed by the institution to the objectives of the supervisory authority.

Feedback – as a first step, a supervisor should give feedback to an institution on the quality and credibility of its recovery plan. Feedback can be provided on an institution-specific basis, or as a supervisory communication to all supervised institutions drawing on the assessment of a sample of recovery plans.

Require improvements to an institution’s recovery plan – improvements might be required to any aspect of a recovery plan, including governance, scenarios, triggers, and recovery options.

Restructuring – it may be necessary for a supervisor to require an institution to change its strategy or business model to reduce its risk profile, or to change its operational or legal structure, so that the institution is then capable of constructing a credible recovery plan.

Resilience – weaknesses in a recovery plan could be addressed by requiring an institution to hold more capital, liquidity, or other resources up-front, so the institution is better positioned to absorb the impact of stress scenarios without having to activate its recovery plan. This could be achieved by the supervisor setting additional Pillar 2 capital and liquidity requirements.[5]


Committee on Payments and Market Infrastructures and International Organization of Securities Commissions. Recovery of financial market infrastructures. July 2017.

European Banking Authority. Comparative report on the approach to determining critical

functions and core business lines in recovery plans. March 2015.

European Banking Authority. Comparative report on the approach taken on recovery plan

scenarios. December 2015.

European Banking Authority. Comparative report on governance arrangements and indicators in recovery plans. July 2016.

European Banking Authority. Comparative report on recovery options. March 2017.

Financial Stability Board. Key Attributes of Effective Resolution Regimes for Financial Institutions. November 2011.

Financial Stability Board. Key Attributes of Effective Resolution Regimes for Financial Institutions. October 2014.

International Association of Insurance Supervisors. Application Paper on Recovery Planning November 2019.

Toronto Centre. Turning Risk Assessments into Supervisory Actions. August 2019.

Toronto Centre. Pillar 2 and Beyond: Issues for Supervisors in Implementing Basel II and Basel III. June 2020.

Toronto Centre. Resolution: Implications for Supervisors. August 2020.




[1] This Toronto Centre Note was prepared by Clive Briault.

[2] See Toronto Centre (2020b) for a more detailed description of resolution.

[3] This is a simplified version of the five stages presented in Toronto Centre (2019, page 17)

[4] See also the section on page 12 below on home and host cooperation and coordination.

[5] See Toronto Centre (2020a).