Operational resilience

Operational Resilience

Operational Resilience has received increased regulatory scrutiny with the release of the joint discussion paper by the Bank of England, Financial Conduct Authority and the Prudential Regulatory Authority in July 2018. A clear statement from the regulators that the continued failure of organisations through neglect or oversight to implement strong Operational Resilience controls was no longer acceptable in light of the evident harm caused to consumers and markets.

The regulators are now close to releasing a final Policy Statement which, once delivered, we expect to set the clock running for firms. Inaction will no longer be an option and we anticipate firms will need to be substantively ’complete’ by the end of this year.

Firms must look at their Operational Resilience and ensure that they take action to minimise the risk of harm to customers arising through interruptions to Important Business Services. The approach will need to consider:

  • Governance framework and controls
  • Identification of ‘Important Business Services’
  • Mapping of business services and vulnerabilities
  • Identification of scenarios and scenario testing
  • Impact tolerance setting and statements
  • Assessment of third-party service providers

It is important that firms recognise the distinction between the regulator’s approach to Operational Risks and other elements of business management. Specifically, the process of building Operational Resilience is not covered by existing plans for:

  • Business continuity planning;
  • Disaster recovery plans;
  • Operational risk frameworks.

Now is the time to begin taking action on your own firm’s Operational Resilience planning, if you have not already started the process.

Kenneth Underhill’s webinar: “An Introduction to Operational Resilience” is available to watch on our YouTube channel. It is the first in a series of webinars on the subject, all available to watch on YouTube.

Operational Resilience – Regulatory Timeline

The joint discussion paper issued by the Bank of England, Financial Conduct Authority and the Prudential Regulatory Authority in July 2018 started the current work on Operational Resilience. Take a look at our expanded regulatory timeline for a full list of key dates, including links to all the main consultation papers, discussion papers and policy statements that have been issued.

View Operational Resilience Regulatory Timeline

Operational Resilience—The ICSR Approach

Operational Resilience will be a living and breathing process requiring continual oversight and change. It will require firms to undertake a considerable project to create and embed the necessary processes. We do not anticipate significant change to current policy guidance and our experience suggests that fully completing a programme of work and embedding Operational Resilience into your operating model will take 6-12 months depending on scope and resources.

There are two resourcing approaches to the work, which can be carried out in stages to assist with client planning:

  • An advice only approach;
  • An advice, support and validation model with design, test and implementation phases for the operational resilience framework, along with the training necessary for the client’s own staff to take responsibility for the ongoing management of the framework.

Our approach will be based on your business models and the outcome of proof of concept testing.

ICSR can provide the resources necessary to support either model, including SMEs, Business Analysts, Programme Managers and IT expertise.

Latest News: Operational Resilience

Our team have produced a number of articles on the subject of Operational Resilience. The most recent are shown below. To see all articles on the subject, please click here to go to our news page.

Market Modernisation – Balancing Risk & Readiness

Market Modernisation – Balancing Risk & Readiness

This article was first published by Insurance Day in their Viewpoint section and subsequently also included in their Market Modernisation feature in February 2024. Change is inevitable and our market is constantly managing a whole variety of change programmes, each...

read more
View all Operational Resilience articles

Our Experience

ICSR has already helped a number of firms formulate their approach and undertake the necessary work. We have been able to build a team with unrivalled experience and expertise in Operational Resilience, the methodologies which can be adopted, and the documentation and governance structures required to complete an operating framework.

Case Studies: Operational Resilience

ICSR has carried out a number of assignments helping clients with their Operational Resilience planning. 

Assisting International Insurer Manage Its Operational Resilience Obligations

Assisting International Insurer Manage Its Operational Resilience Obligations

Digital Operational Resilience Act (DORA) Support For Client In The Irish Regulated Market

Digital Operational Resilience Act (DORA) Support For Client In The Irish Regulated Market

Supporting The Client With The Delivery Of A New Governance, Service And Operating Model As A Part Of A Corporate Restructure

Supporting The Client With The Delivery Of A New Governance, Service And Operating Model As A Part Of A Corporate Restructure

Assisting London Market Insurance Broker With Operational Resilience

Assisting London Market Insurance Broker With Operational Resilience

Support Developing Operational Resilience Control Framework

Support Developing Operational Resilience Control Framework

Assisting Client With Project Delivering PRA and FCA Operational Resilience Requirements

Assisting Client With Project Delivering PRA and FCA Operational Resilience Requirements

Support Preparing For Introduction of Operational Resilience and Business Continuity Planning

Support Preparing For Introduction of Operational Resilience and Business Continuity Planning

Our Operational Resilience Team

Please contact any of the team if you want to discuss your own approach to Operational Resilience.

Kenneth Underhill
Director

Craig Umbleja
Senior Consultant

Yvonne Lancaster
Consultant

Daniel Mertz
Consultant

James Doolan
Consultant

Natasha Pye
Consultant

Ian Josephs
Consultant

Many of our Talent Pool members have specific skills and experience relevant to operational resilience. Please use the search box to find people using specific keywords (eg. ‘Operational Resilience’) or by using the categories in the ‘slider’ settings.

Search
Generic filters
Filter by Tags
Check/uncheck all
Actuarial
Appointed Representatives
Authorisations
Automated compliance monitoring
Blueprint Two
Board effectiveness
board/committee effectiveness reviews & evaluation
Breach Management
Brexit & International Licensing
Business Transformation
Capital
Change & business Transformation
Claims
climate change
Company secretarial
Complaints
compliance
Compliance framework
Compliance monitoring
Compliance Monitoring Frameworks
Conduct & product governance
Conduct risk models /frameworks
Corporate governance
Corporate governance reviews
Culture
Cyber security
Data protection
Delegated authorities & appointed representatives
diversity and inclusivity
fin
Finance
Financial crime & sanctions
Financial Crime control frameworks
GDPR
Governance Risk & control frameworks
HR
Human Resources
Information security frameworks
insurance-distribution-directive
Internal audit
International licensing
IT
leader
Licensing
MGA Authorisations
Operational Resilience
Operations
Outsourcing
Part VII Arrangements & other corporate transactions
Product governance
Programme & Project Management
Project Management
Project management & change
Regulatory & government relationships
Regulatory & market change
Regulatory reviews & remediation
Regulatory reviews inc. remediation issues
risk
Risk management
Risk Management frameworks
Sanctions & Licensing
Senior Managers & Certification Regime
Skilled persons reviews
SMCR
Solvency II
Solvency II pillar 2 (governance & risk management)
Thematic reviews
Training

Advisory & Resourcing

Pin It on Pinterest