Operational resilience

Operational Resilience

Operational Resilience has received increased regulatory scrutiny with the release of the joint discussion paper by the Bank of England, Financial Conduct Authority and the Prudential Regulatory Authority in July 2018. A clear statement from the regulators that the continued failure of organisations through neglect or oversight to implement strong Operational Resilience controls was no longer acceptable in light of the evident harm caused to consumers and markets.

The regulators are now close to releasing a final Policy Statement which, once delivered, we expect to set the clock running for firms. Inaction will no longer be an option and we anticipate firms will need to be substantively ’complete’ by the end of this year.

Firms must look at their Operational Resilience and ensure that they take action to minimise the risk of harm to customers arising through interruptions to Important Business Services. The approach will need to consider:

  • Governance framework and controls
  • Identification of ‘Important Business Services’
  • Mapping of business services and vulnerabilities
  • Identification of scenarios and scenario testing
  • Impact tolerance setting and statements
  • Assessment of third-party service providers

It is important that firms recognise the distinction between the regulator’s approach to Operational Risks and other elements of business management. Specifically, the process of building Operational Resilience is not covered by existing plans for:

  • Business continuity planning;
  • Disaster recovery plans;
  • Operational risk frameworks.

Now is the time to begin taking action on your own firm’s Operational Resilience planning, if you have not already started the process.

Kenneth Underhill’s webinar: “An Introduction to Operational Resilience” is available to watch on our YouTube channel. It is the first in a series of webinars on the subject, all available to watch on YouTube.

Operational Resilience – Regulatory Timeline

The joint discussion paper issued by the Bank of England, Financial Conduct Authority and the Prudential Regulatory Authority in July 2018 started the current work on Operational Resilience. Take a look at our expanded regulatory timeline for a full list of key dates, including links to all the main consultation papers, discussion papers and policy statements that have been issued.

Operational Resilience—The ICSR Approach

Operational Resilience will be a living and breathing process requiring continual oversight and change. It will require firms to undertake a considerable project to create and embed the necessary processes. We do not anticipate significant change to current policy guidance and our experience suggests that fully completing a programme of work and embedding Operational Resilience into your operating model will take 6-12 months depending on scope and resources.

There are two resourcing approaches to the work, which can be carried out in stages to assist with client planning:

  • An advice only approach;
  • An advice, support and validation model with design, test and implementation phases for the operational resilience framework, along with the training necessary for the client’s own staff to take responsibility for the ongoing management of the framework.

Our approach will be based on your business models and the outcome of proof of concept testing.

ICSR can provide the resources necessary to support either model, including SMEs, Business Analysts, Programme Managers and IT expertise.

Latest News: Operational Resilience

Our team have produced a number of articles on the subject of Operational Resilience. The most recent are shown below. To see all articles on the subject, please click here to go to our news page.

Operational Resilience Webinar: Tolerances

Operational Resilience Webinar: Tolerances

Join us for the fourth of our webinars on Operational Resilience as Kenneth Underhill looks in detail at the respective definitions of 'Impact Tolerances' and explores how firms should approach setting these across a multitude of scenarios aligned to their Important...

read more
Operational Resilience – A Regulatory Double-Header

Operational Resilience – A Regulatory Double-Header

The industry has long sought consistency and in their approach to Operational Resilience the PRA and FCA have mostly delivered it, if not what had been hoped for in their co-ordinated Policy Statements released on 29th March. For those firms who are dual-regulated,...

read more

Our Experience

ICSR has already helped a number of firms formulate their approach and undertake the necessary work. We have been able to build a team with unrivalled experience and expertise in Operational Resilience, the methodologies which can be adopted, and the documentation and governance structures required to complete an operating framework.

Case Studies: Operational Resilience

ICSR has carried out a number of assignments helping clients with their Operational Resilience planning. 

Our Operational Resilience Team

Please contact any of the team if you want to discuss your own approach to Operational Resilience.

Kenneth Underhill
Director

Craig Umbleja
Senior Consultant

Nicky Hasler
Senior Consultant

Isaac Alfon
Consultant

Yvonne Lancaster
Consultant

James Doolan
Consultant

Daniel Mertz
Consultant

Ian Josephs
Consultant

Natasha Pye
Consultant

Many of our Talent Pool members have specific skills and experience relevant to operational resilience. Please use the search box to find people using specific keywords (eg. ‘Operational Resilience’) or by using the categories in the ‘slider’ settings.

Search
Generic filters
Filter by Custom Post Type
Filter by Tags
Check/uncheck all
Authorisations
Automated compliance monitoring
Board effectiveness
board/committee effectiveness reviews & evaluation
Breach Management
Brexit & International Licensing
Business Transformation
Change & business Transformation
Claims
climate change
Company secretarial
Complaints
Compliance framework
Compliance monitoring
Compliance Monitoring Frameworks
Conduct & product governance
Conduct risk models /frameworks
Corporate governance
Corporate governance reviews
Cyber security
Data protection
Delegated authorities & appointed representatives
Delegated authorities TPA’s and AR’s
Financial crime & sanctions
Financial Crime control frameworks
GDPR
Governance Risk & control frameworks
IDD
Information security frameworks
Insurance Distribution Directive
Internal audit
International licensing
IPIDs
IT
Licensing
MGA Authorisations
Operational Resilience
Operations
Part VII Arrangements & other corporate transactions
Product governance
Programme & Project Management
Project Management
Project management & change
Regulatory & government relationships
Regulatory & market change
Regulatory reviews & remediation
Regulatory reviews inc. remediation issues
Risk management
Risk Management frameworks
Sanctions & Licensing
Senior Managers & Certification Regime
Skilled persons reviews
SMCR
Solvency II
Solvency II pillar 2 (governance & risk management)
Thematic reviews
TPA’s and AR’s
Training

Advisory | Resourcing | Training

Pin It on Pinterest