Operational Resilience

Aviva reduces the complexity of operational resilience with Exonaut

  • Background: In 2018 the Bank of England released a discussion paper together with the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA)  on the need for a stronger regulatory framework to promote the operational resilience of firms and Financial Market Infrastructures (FMIs). In March 2021 the final policy was set, giving regulated firms in the UK finance sector one year to prepare before operational resilience rules would take effect. To manage this process effectively, the major UK insurer Aviva have established a dedicated operational resilience department.

  • Challenge: Help Aviva digitalise their operational resilience programme with a configurable, data-driven solution that provides consistent results and supports resilience capability building and reporting.

  • Solution: Exonaut® is a smart and secure data management solution for mapping Important Business Services and dependencies, assessing tolerances, and planning and measuring exercise and action plans.

  • Benefits: Data can be cut and sliced in any way, to provide granular and holistic resilience insights and identify efficiencies and opportunities across the organisation. Reporting is automated and easily shared with stakeholders.

  • Customer: Aviva is a major UK insurer with over 15.5 million people using their services to protect their belongings and help plan for the future. The company is committed to driving innovation and sustainability within the industry.

Looming regulatory deadlines

With the introduction of the new operational resilience regulation, many thousands of firms in the UK financial sector are faced with developing a structure to become compliant. By March 2022, firms must have identified their Important Business Services (IBS), set impact tolerances for them, mapped their dependencies, scenario tested the tolerances and carried out a self-assessment. This will be ramped up in 2025, by which time firms must be able to remain within their impact tolerances.

Managing operational resilience

For Aviva, this meant finding a way to implement operational resilience effectively across its UK organisation, which consists of insurance, pension and asset management companies. In 2020, shortly after he took up the newly created role of Aviva Group Head Operational Resilience, Lee Webb set up the necessary governance, framework and methodology at group and business unit level to support the execution of operational resilience. With this in place and litmus-tested, he then identified the need for an effective digital tool to manage the OPRES programme.

“With operational resilience, there is a need for consistency across the organisation based on good quality data, and the right digital tool can provide that. We wanted a flexible tool that could be configured to meet our requirements as opposed to something that needed development – which often ends up causing delays and is more costly. 4C’s Exonaut software could provide us with that.”
Lee Webb, Group Head Operational Resilience, Aviva

Configuring the solution

Once procured, the software was deployed and configured. 4C Principal Consultant Ben White worked closely with the team at Aviva to make sure the software was set up from day one to meet the specific needs of the organisation moving forward. “Any firm can use the out-of-the-box operational resilience software,” says Ben. “However, your needs differ if you are mapping the tolerances of Important Business Services / dependencies cross-company that can have an impact on a 15-million strong customer base, compared to say a much smaller organisation. It’s the same solution, it’s just the way in which it’s configured that matters.”

Removing unnecessary complexity

Important Business Services amount to any separate service that, if disrupted, is likely to cause intolerable levels of harm to consumers or market integrity. Identifying, defining, mapping and testing these and the many dependencies, processes and workflows connected with them is a complex and large-scale undertaking. Aviva is using Exonaut to manage this – and in doing so remove unnecessary complexity – in a multi-stage programme that will eventually see other business resilience programmes, such as business continuity management, integrated into the system. As well as meeting regulations it is being used to identify new efficiencies and over the long-term, new business opportunities.

“Exonaut is currently capturing all of our IBS data,” explains Lee. “By that I mean the initial mapping of our Important Business Services. This includes what they are, the definitions in static data associated with them – along with the mapping of the associated assets, the impacts of tolerances, the tolerance statements, as well as the scenario tests and the results of them.”

Automated reports

Based on this data, Exonaut can produce an automated self-assessment report (a requirement by 2022) of tolerance levels versus current capabilities, along with potential areas for improvement. The report can be filtered using smart dashboards to highlight key information which can be shared with senior management and the Board – who are ultimately responsible for ensuring Aviva meet the new regulation.

“Exonaut is a powerful tool that brings a lot of automation to the OPRES programme, but then we also appreciate some of the nuances,” he continues. “For instance, one thing that we like is the way in which it displays all of the dependencies. Just by looking at this, you can often pick out overlaps and duplication – and in that way identify efficiency improvements.”

Golden sources of data

Aviva have identified five supporting pillars within operational resilience – Technology, People, Locations, Data and Suppliers – that they refer to as the ‘golden sources’ of data. Moving forward, these will be uploaded into Exonaut to provide a more holistic picture of our resilience and recovery capabilities and to help us identify and reduce and gaps, risks and weaknesses.

A culture of operational resilience

“Once the golden sources have been implemented, we will be much closer to where we want to be in 2025 when the regulatory transitional period has ended. We’ll have enhanced dashboards and reporting features to better leverage the data for use with our crisis and incident management responses. And perhaps more importantly, operational resilience will be embedded into the business-as-usual at Aviva,” concludes Lee.

Message sent

Thank you
Your message has been received. We will get back to you as soon as possible.

Thank you!

You are now registered.

Download pack

Photo credits

License

Choose size
  • Original image
  • Large image (2900px)
  • Medium image (1920px)
  • Small image (1024px)
DOWNLOAD

Get in touch

Book a demo

    Solution Areas

    Get in touch

      Message sent

      Thank you
      Your message has been received. We will get back to you as soon as possible.

      Message sent

      Thank you
      Your message has been received. We will get back to you as soon as possible.

      Message sent

      Thank you
      Your message has been received. We will get back to you as soon as possible.