Operation resilience is live! 5 questions you must be able to answer

Finally, it is live! the UK FCA/PRA Operational Resilience regulation is now in full effect. Whilst many firms have been working towards this deadline for months, it is really only now that the questions will start to be asked and the effectiveness of what has been put in place with regards to the regulations will start to be measured.

The level of detail, scrutiny and expectation around all aspects of resilience is only likely to increase, and particularly the attention on scenario testing – the tangible outputs of operational resilience. Many may think that the hard work has been done, but a key driver behind operational resilience is robust scenario testing of the impact tolerances, and then importantly, the ‘so what’ of that scenario testing. What are the gaps, what are we, or have we done, about them and how does this affect our impact tolerance?

The focus up until now has probably been around compliance. To what extent is my firm compliant with the regulations? I think the future driver will be more about capability. What level of operational resilience capability do I have, and am I delivering across my firm?

So, not just have I delivered a scenario test, but how well was that scenario test conducted and did it go far enough to really test the impact tolerances, and exercise the people, plans and processes involved in remaining within it?

In closing, there is much work to do, in refining processes and methodologies but more importantly to move from a position of compliance to capability. As this move starts to take place it will be far easier in the future to start to benchmark and compare between firms and ultimately build operational resilience capability across the sector as a whole.

We would welcome any thoughts on moving from compliance to capability that you may have, or if you would like support and advice on any of these questions or operational resilience as a whole, please get in touch directly with Ben White.