In late October 2025, major U.S. banking regulators took a bold step: the public release of resolution-plan summaries for fifteen of the largest banking organisations. At the same time, the Federal Reserve moved to overhaul its annual stress-tests in favour of higher transparency. These twin developments highlight a new dimension of bank resolution planning risk — one that places governance, documentation, third-party oversight and cyber-resilience directly in the crosshairs of regulators and auditors.
For bank executives, risk/compliance officers and transformation leaders, this is not a peripheral issue. It is a strategic imperative. The winners will not just manage day-to-day compliance; they will embed resolution-readiness into their operational infrastructure. In this article, we unpack the evolving landscape, identify the pain points, and offer a practical roadmap for how your institution can keep pace.
The Shift in Regulatory Spotlight
Traditionally, banks prepared so-called “living wills” to demonstrate how they might be resolved in a crisis without taxpayer bail-outs. On October 23, 2025, the Fed and FDIC published the public sections of these plans. Federal Reserve At the same time, the Fed announced sweeping changes to stress-testing mechanisms, including model disclosures and reduced burdens. Financial Times
What this signals: a push toward transparency + accountability. Regulators expect banks to show not only how they would survive, but how they document, monitor and control failure scenarios, including those driven by cyber-attack, third-party vendor collapse, or operational disruption.
Why Resolution Planning Risk Matters for Banks
— Governance weak spots become visible
With public disclosures, regulators (and the market) will scrutinise board oversight, scenario modelling, crisis teams and vendor dependencies. Institutions lacking a documented resolution architecture face reputational and regulatory risk.
— Third-party / vendor exposures get spotlighted
Resolution plans must surface dependencies — data providers, fintech partners, cloud vendors, service organisations. A cyber-event at a major vendor can cascade into resolution tunnel vision.
— Cyber + operational risk now part of the scenario set
No longer only macroeconomic stress: resolution planning must integrate digital-attack scenarios, IT failure, supply-chain disruption. Your steering committee must ask: what happens when my core banking platform is offline, or a vendor API is compromised?
— Audit/tracing/documentation expectations increase
Public review of summaries means regulators and auditors will expect documented controls, logs, incident-response playbooks, vendor contract escalations. Gaps become audit flags.
— Integration with capital & liquidity frameworks intensifies
As stress tests evolve, resolution planning and capital planning intersect more deeply. Misalignment can expose hidden leverage or liquidity gaps.
Resolution planning must now integrate digital-attack scenarios, IT failure, and supply-chain disruption. Your steering committee must ask: what happens when my core banking platform is offline, or a vendor API is compromised?
For more on how AI-driven technology and automation are reshaping compliance expectations, see our article on Generative AI Banking Compliance: Balancing Innovation & Risk
A Roadmap to Address Bank Resolution Planning Risk
Here’s how your institution can act now.
Phase 1 – Diagnostic & Governance Setup
- Launch a resolution-readiness audit: map out vendors, dependencies, data flows, critical systems, scenario playbooks.
- Form a Resolution Steering Committee comprising risk, IT/security, legal/compliance, vendor-management leads.
- Align your resolution documentation with regulator expectations (public section templates, board sign-off, escalation paths).
Phase 2 – Scenario Modeling & Vendor Resilience
- Incorporate digital-attack and vendor-fail scenarios into your resolution plans (e.g., cloud-provider outage, API compromise, supply-chain malware).
- Build vendor risk profiles and dependency trees (single points of failure).
- Implement cascade modelling: from vendor failure → system outage → liquidity/asset risk → resolution trigger.
Phase 3 – Documentation, Audit Trail & Integration
- Centralise your documentation: contracts, SLAs, vendor escalation clauses, cyber-response playbooks.
- Ensure logs of vendor incidents, system downtime, remediation.
- Prepare the “public section” of your resolution plan: summarise critical dependencies, governance structure, crisis-team roster, vendor network.
- Link your resolution planning to capital/ liquidity management systems.
Phase 4 – Continuous Monitoring & Reporting
- Create a dashboard for “resolution readiness” metrics: vendor breach incidents, downtime minutes, contract escalations, scenario-exercise frequency, vendor audit result status.
- Conduct bi-annual red-team exercises that test resolution-plan integrity (simulate vendor collapse, cyber compromise, rapid liquidity drain).
- Update documentation annually and after major vendor/on-prem changes.
- Engage proactively with regulators: share summary updates, vendor dependency lists, test results.
How The Saturn Partners Helps
At The Saturn Partners, we specialize in helping banking institutions build robust governance, scenario-modelling and vendor risk frameworks that align with resolution-planning requirements.
Our services include:
- Full resolution-readiness audits and vendor-dependency mapping.
- Cyber-attack scenario modelling and play-book development.
- Integration of vendor risk, third-party audit frameworks and IT/OT security into resolution plans.
- Dashboards and monitoring frameworks for continuous readiness and reporting to boards and regulators.
If your bank is preparing for its next resolution-plan cycle or integrating digital/third-party risk into your governance framework, we can partner with you to transform readiness into resilience.
Conclusion
The release of public resolution-plan summaries and the stress-test overhaul mark a watershed moment for banks. The concept of “bank failure readiness” is no longer abstract, it’s now part of the regulatory, vendor-risk and cyber-risk infrastructure.
By treating resolution-planning risk as a core element of your governance and operational strategy, rather than a back-office compliance exercise, your institution can convert potential vulnerability into competitive assurance.
Schedule a session with our experts at The Saturn Partners to assess your bank’s resolution-planning readiness, build cyber-driven vendor dependency models and embed governance that satisfies regulators and protects your institution.