As part of our Operational Resilience series, we talk more about operational resilience metrics with 4C Strategies Senior Consultant Ben White.
Hi Ben, why are metrics so important for operational resilience?
Metrics are essential, because without them you can’t assess the impact tolerances of your Important Business Services (IBS) and any subsequent capability improvements, and therefore won’t know if you’re compliant with the new operational resilience regulation.
You need to have identified and mapped your IBS and know the impact that disruptions to them will have on customers and the market. Basically, you need to know what “good” looks like for them individually and collectively to get an understanding of what gaps exist, what improvements have to be made, and the order in which they should be done. Ideally, you’ll have a powerful and user-friendly tool for visualising and comparing metrics so you can share them with senior management, auditors, risk and business continuity departments – you name it.
What is the biggest obstacle currently facing financial institutions?
This is a completely new regulation that virtually every actor with operations in the UK financial sector must interpret and adhere to, with other jurisdictions likely to follow. However, the operational resilience requirements set out by the Prudential Regulation Authority currently have very limited information on how to measure compliance. It’s going to be your responsibility to have metrics data on hand, from which you can prove your tolerances and capabilities.
How are you helping organisations with this?
We are currently working with a number of leading banks and insurers who are running their operational resilience programmes with our Exonaut® software. They’ve chosen it because they want to map IBS and their dependencies and tolerances, manage workflows, tasks, and signoffs in an automated system that provides the key metrics at a holistic and fine-grained level.
Examples of operational resilience metrics
By using software to manage operational resilience workflows, Exonaut acts as a giant database of all the information that is captured to answer the questions above. The true power with Exonaut then comes in the ability to cut and slice the data in any way you want – whether it’s to support briefings of the Resilience or Risk committee, or working out what the scenario should be for your next exercise. With a tool such as Exonaut, you can support and even automate your operational resilience metrics.
As we move forward and learn more about the new regulation and its impact on financial institutions, more capabilities will be added to the tool. What won’t change, however, is the usability. Features such as customisable dashboards, automated reporting, and real-time visualization support the needs of the different stakeholders involved in ensuring compliance.
For those organisations wanting to fully integrate their organisational resilience programme, Exonaut can be used to manage your risk, business continuity and incident management processes and operations. You can read more about the Exonaut platform here.
What should organisations in the UK financial sector be considering?
In a nutshell: Am I compliant? If you have a lot of IBS with many supporting dependencies, you need to look for ways to test your tolerances. At the end of the day, the regulation has been developed to protect the market that we all operate in. When you know the metrics and the potential impact that disruptions can have on your IBS, you can look to increase your resilience capabilities. Having a tool that can facilitate this, should become a core part of your operational resilience strategy.
Operation Resilience in brief
In 2018 a discussion paper ‘Building the UK Financial Sector’s Operational Resilience’ was published, laying the foundations for a new regulation for the financial services sector in the UK. It essentially detailed the need for financial actors to identify Important Business Services (IBS) and set the maximum tolerances they can withstand. The Discussion Paper, which was co-authored by the Bank of England the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA), gained traction quickly, moving to a Consultation Paper. In March 2022 it was implemented. Virtually every registered actor within the UK financial service sector is subject to the new operational resilience regulation.
You can find out more about it by reading our article What is operational resilience and why is it important?
Want to learn more?
Discover how you can build, verify and track your operational resilience with our Exonaut® software solutions.