4C Insights

Operation resilience is live! 5 questions you must be able to answer

2022-04-01

Finally, it is live! the UK FCA/PRA Operational Resilience regulation is now in full effect. Whilst many firms have been working towards this deadline for months, it is really only now that the questions will start to be asked and the effectiveness of what has been put in place with regards to the regulations will start to be measured.

The level of detail, scrutiny and expectation around all aspects of resilience is only likely to increase, and particularly the attention on scenario testing – the tangible outputs of operational resilience. Many may think that the hard work has been done, but a key driver behind operational resilience is robust scenario testing of the impact tolerances, and then importantly, the ‘so what’ of that scenario testing. What are the gaps, what are we, or have we done, about them and how does this affect our impact tolerance?

"The level of detail, scrutiny and expectation around all aspects of resilience is only likely to increase and particularly the attention on scenario testing – the tangible outputs of operational resilience."
Ben White, 4C Strategies Senior Consultant

The focus up until now has probably been around compliance. To what extent is my firm compliant with the regulations? I think the future driver will be more about capability. What level of operational resilience capability do I have, and am I delivering across my firm?

So, not just have I delivered a scenario test, but how well was that scenario test conducted and did it go far enough to really test the impact tolerances, and exercise the people, plans and processes involved in remaining within it?

Some questions for now and beyond

  • Do we understand what operational resilience capability is, and what good looks like for the firm?

  • How can we track and verify operational resilience capability vs compliance?

  • How can we build a scenario library connected to common objectives which can be reused across the firm?

  • Once gaps have been identified through scenario testing, how do we continually track the remediation tasks that need to take place and link this back to a review of the methodology?

  • Can we provide senior management with the answers to all their questions through data-driven real-time monitoring of compliance and capability?

In closing, there is much work to do, in refining processes and methodologies but more importantly to move from a position of compliance to capability. As this move starts to take place it will be far easier in the future to start to benchmark and compare between firms and ultimately build operational resilience capability across the sector as a whole.

We would welcome any thoughts on moving from compliance to capability that you may have, or if you would like support and advice on any of these questions or operational resilience as a whole, please get in touch directly with Ben White.

More Insights

Message sent

Thank you
Your message has been received. We will get back to you as soon as possible.

Thank you!

You are now registered.

Download pack

Photo credits

License

Choose size
  • Original image
  • Large image (2900px)
  • Medium image (1920px)
  • Small image (1024px)
DOWNLOAD

Get in touch

Book a demo

    Get in touch

      Message sent

      Thank you
      Your message has been received. We will get back to you as soon as possible.

      Message sent

      Thank you
      Your message has been received. We will get back to you as soon as possible.

      Message sent

      Thank you
      Your message has been received. We will get back to you as soon as possible.