Operation resilience is live! 5 questions you must be able to answer

Finally, it is live! the UK FCA/PRA Operational Resilience regulation is now in full effect. Whilst many firms have been working towards this deadline for months, it is really only now that the questions will start to be asked and the effectiveness of what has been put in place with regards to the regulations will start to be measured.

The level of detail, scrutiny and expectation around all aspects of resilience is only likely to increase, and particularly the attention on scenario testing – the tangible outputs of operational resilience. Many may think that the hard work has been done, but a key driver behind operational resilience is robust scenario testing of the impact tolerances, and then importantly, the ‘so what’ of that scenario testing. What are the gaps, what are we, or have we done, about them and how does this affect our impact tolerance?

“The level of detail, scrutiny and expectation around all aspects of resilience is only likely to increase and particularly the attention on scenario testing – the tangible outputs of operational resilience.”

Ben White, 4C Strategies Senior Consultant

The focus up until now has probably been around compliance. To what extent is my firm compliant with the regulations? I think the future driver will be more about capability. What level of operational resilience capability do I have, and am I delivering across my firm?

So, not just have I delivered a scenario test, but how well was that scenario test conducted and did it go far enough to really test the impact tolerances, and exercise the people, plans and processes involved in remaining within it?

Some questions for now and beyond

• Do we understand what operational resilience capability is, and what good looks like for the firm?

• How can we track and verify operational resilience capability vs compliance?

• How can we build a scenario library connected to common objectives which can be reused across the firm?

• Once gaps have been identified through scenario testing, how do we continually track the remediation tasks that need to take place and link this back to a review of the methodology?

• Can we provide senior management with the answers to all their questions through data-driven real-time monitoring of compliance and capability?

In closing, there is much work to do, in refining processes and methodologies but more importantly to move from a position of compliance to capability. As this move starts to take place it will be far easier in the future to start to benchmark and compare between firms and ultimately build operational resilience capability across the sector as a whole.

We would welcome any thoughts on moving from compliance to capability that you may have, or if you would like support and advice on any of these questions or operational resilience as a whole, please get in touch directly with Ben White.

Software

Want to learn more?

Discover how you can build, verify and track your operational resilience with our Exonaut® software solutions.

Discover more

Exonaut® Operational Resilience

Find out how Exonaut’s Operational Resilience software enables organisations to conduct their resilience, recovery and crisis approach.