With the introduction of new regulations governing operational resilience within the UK financial services sector, we take a closer look at what operational resilience is, why the regulations have been implemented, and how digital tools can help. We also consider the impact they will have on organisations around the globe.
What is operational resilience?
The Bank of England describes operational resilience as ‘the ability to prevent, adapt, respond to, recover and learn from operational disruptions’ in a paper issued jointly with the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA).
The foundations for the regulation were laid in 2018, when the Discussion Paper ‘Building the UK Financial Sector’s Operational Resilience’ was published as a response to the understanding that ‘a lack of operational resilience represents a threat to each of the supervisory authorities’ objectives, as well as to their shared goal of maintaining financial stability.’
Why have operational resilience regulations been implemented?
With the implementation of the new regulation, the focus has shifted somewhat from business continuity management and incident management approaches, which deal with the resilience of an actor, to the important business services being offered. For organisations, this means identifying their important business services and mapping how disruption may have an impact, beyond their own commercial interests. The aim of this is to limit the effect on financial markets, the economy, and the consumers (retail and wholesale) of these services.
Who is impacted by the new regulations?
The three bodies – PRA, FCA, and The Bank of England– have combined responsibility for governing virtually all registered actors within the UK financial service sector. Accordingly, the following will be impacted by the new Operational Resilience regulations:
- Banks and building societies
- Credit unions
- PRA regulated investment firms
- FCA authorised and recognised entities
- Recognised payment systems
- Specified service providers
- Central securities depositories and central counterparties
- Overseas UK deposit takers with PRA regulated activity permissions
Want to learn more?
Discover how you can build, verify and track your organisational resilience with our training and exercise services and Exonaut® software solutions.
Beyond the financial industry
Although currently limited to the financial industry with operations in the UK, we believe that these regulations will have an impact on the industry globally and may trickle down into other highly regulated industries where the loss of services will have a significant impact on society. The need to be operationally resilient will be accelerated when we move beyond the pandemic, and organisations have fully assessed their response to COVID-19. As an organisation, it will become imperative to have a holistic overview of capabilities that goes beyond business continuity management and crisis management to include the full spectrum of operations moving forward.
What are the business areas of operational resilience?
There are a multitude of operational areas that contribute to an organisation’s ability to deliver important business services. Analysing resilience maturity within these will be key to an effective operational resilience programme. The operational areas include but are not limited to:
- Cyber security & IT continuity
- Technical innovation
- Business/risk strategy
- Asset management
- Supply chain reliability/dependency
- Change management
- Culture & communications
Operational resilience steps
As mentioned earlier, the first step in any operational resilience program is identifying important business services. With that completed, important business services tolerances – thresholds for maximum tolerable disruption to help achieve consumer protection and market integrity – are defined and set. This includes mapping support dependencies, i.e., identifying and documenting the people, processes, technology, facilities and information that support important business services. Severe but plausible disruption scenario testing of the dependencies is then carried out to check their ability to remain within the impact tolerances. Following this, lessons learned exercises are performed to identify, prioritise, and invest in the dependencies’ ability to respond and recover from disruptions as effectively as possible. Internal and external communications plans are developed throughout the process for when important business services are disrupted.
The best way to do this is with a digital tool that enables you to document and manage the entire process in a constant proactive cycle of improvement.
Which digital tool should be used for operational resilience?
As operational resilience lies within an ecosystem that includes risk, incident/crisis and business continuity management, as well as compliance, it’s important to have a tool that supports this. When defining, analysing and developing tolerances and dependencies within important business services and areas, being able to consolidate all the data will simplify the process, provide full transparency, facilitate better collaboration and deliver results faster.
The Exonaut Operational Resilience solution is produced in response to this market requirement. As part of an entire Exonaut readiness management software suite, it is used by a global client base within highly regulated industries and the public sector. Features include:
- Operational resilience dashboards
- Task management timelines
- Dependency mapping
- Resilience Toolkit
- Automated reporting
- iOS and Android apps
Read more about our Exonaut Operational Resilience solution.
No matter if you are faced with meeting regulations in the near future, wish to improve your organisational resilience to safeguard operations moving forward, and/or return to business as usual (BAU) state following the COVID-19 pandemic, we can support you.
4C Strategies is a leading provider of organisational readiness and military training management solutions through our Exonaut® software and advisory services. Founded in 2000, 4C Strategies today serves military, public and private clients in more than 70 countries around the globe. We combine the power of digital innovation with industry expertise to build a safer society.