preloader
4C Insights

Why are metrics so important for operational resilience?

London city sky line
2022-04-01

As part of our Operational Resilience series, we talk more about operational resilience metrics with 4C Strategies Senior Consultant Ben White.

Hi Ben, why are metrics so important for operational resilience?

Metrics are essential, because without them you can’t assess the impact tolerances of your Important Business Services (IBS) and any subsequent capability improvements, and therefore won’t know if you’re compliant with the new operational resilience regulation.

You need to have identified and mapped your IBS and know the impact that disruptions to them will have on customers and the market. Basically, you need to know what “good” looks like for them individually and collectively to get an understanding of what gaps exist, what improvements have to be made, and the order in which they should be done. Ideally, you’ll have a powerful and user-friendly tool for visualising and comparing metrics so you can share them with senior management, auditors, risk and business continuity departments – you name it.

Ben White
"The right software can put you on the fast track to compliance. Exonaut gives you a powerful and user-friendly tool for visualising and comparing metrics, so you can share them with senior management, auditors, risk and business continuity departments."
Ben White, 4C Strategies Senior Consultant

What is the biggest obstacle currently facing financial institutions?

This is a completely new regulation that virtually every actor with operations in the UK financial sector must interpret and adhere to, with other jurisdictions likely to follow. However, the operational resilience requirements set out by the Prudential Regulation Authority currently have very limited information on how to measure compliance. It’s going to be your responsibility to have metrics data on hand, from which you can prove your tolerances and capabilities.

How are you helping organisations with this?

We are currently working with a number of leading banks and insurers who are running their operational resilience programmes with our Exonaut® software. They’ve chosen it because they want to map IBS and their dependencies and tolerances, manage workflows, tasks, and signoffs in an automated system that provides the key metrics at a holistic and fine-grained level.

Examples of operational resilience metrics

  • How many IBS are there in the organisation? Which have been mapped and which are still to be completed?

  • What are the impact tolerances of each IBS?

  • Which IBS have been signed off and by whom?

  • When was testing undertaken and when does it need doing in the future?

  • What is outstanding from the workflow against each IBS?

  • What are the most critical dependencies, processes and pillar resources?

  • How much risk is being carried?

  • What gaps have been identified through testing and what is the status on the remediation of those gaps (tasks) – mapped to pillar resources?

  • What is the materiality rating for ineffective controls / issues and how has this changed over time?

  • What are the improvements to resilience identified during mapping and testing?

By using software to manage operational resilience workflows, Exonaut acts as a giant database of all the information that is captured to answer the questions above. The true power with Exonaut then comes in the ability to cut and slice the data in any way you want – whether it’s to support briefings of the Resilience or Risk committee, or working out what the scenario should be for your next exercise. With a tool such as Exonaut, you can support and even automate your operational resilience metrics.

As we move forward and learn more about the new regulation and its impact on financial institutions, more capabilities will be added to the tool. What won’t change, however, is the usability. Features such as customisable dashboards, automated reporting, and real-time visualization support the needs of the different stakeholders involved in ensuring compliance.

For those organisations wanting to fully integrate their organisational resilience programme, Exonaut can be used to manage your risk, business continuity and incident management processes and operations. You can read more about the Exonaut platform here.

What should organisations in the UK financial sector be considering?

In a nutshell: Am I compliant? If you have a lot of IBS with many supporting dependencies, you need to look for ways to test your tolerances. At the end of the day, the regulation has been developed to protect the market that we all operate in. When you know the metrics and the potential impact that disruptions can have on your IBS, you can look to increase your resilience capabilities. Having a tool that can facilitate this, should become a core part of your operational resilience strategy.

Operation Resilience in brief

In 2018 a discussion paper ‘Building the UK Financial Sector’s Operational Resilience’ was published, laying the foundations for a new regulation for the financial services sector in the UK. It essentially detailed the need for financial actors to identify Important Business Services (IBS) and set the maximum tolerances they can withstand. The Discussion Paper, which was co-authored by the Bank of England the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA), gained traction quickly, moving to a Consultation Paper. In March 2022 it was implemented. Virtually every registered actor within the UK financial service sector is subject to the new operational resilience regulation.

You can find out more about it by reading our article What is operational resilience and why is it important?

More Insights

Message sent

Thank you
Your message has been received. We will get back to you as soon as possible.

Thank you!

You are now registered.

Download pack

Photo credits

License

Choose size
  • Original image
  • Large image (2900px)
  • Medium image (1920px)
  • Small image (1024px)
DOWNLOAD

Get in touch

Book a demo

I agree to be contacted for the purpose indicated above, and to receive information about 4C Strategies’ products, services and events. To learn more about how 4C Strategies process data, please read our privacy statement.

Get in touch

I agree to be contacted for the purpose indicated above, and to receive information about 4C Strategies’ products, services and events. To learn more about how 4C Strategies process data, please read our privacy statement.