Operational Resilience has received increased regulatory scrutiny with the release of the joint discussion paper by the Bank of England, Financial Conduct Authority and the Prudential Regulatory Authority in July 2018. A clear statement from the regulators that the continued failure of organisations through neglect or oversight to implement strong Operational Resilience controls was no longer acceptable in light of the evident harm caused to consumers and markets.
The regulators are now close to releasing a final Policy Statement which, once delivered, we expect to set the clock running for firms. Inaction will no longer be an option and we anticipate firms will need to be substantively ’complete’ by the end of this year.
Firms must look at their Operational Resilience and ensure that they take action to minimise the risk of harm to customers arising through interruptions to Important Business Services. The approach will need to consider:
- Governance framework and controls
- Identification of ‘Important Business Services’
- Mapping of business services and vulnerabilities
- Identification of scenarios and scenario testing
- Impact tolerance setting and statements
- Assessment of third-party service providers
It is important that firms recognise the distinction between the regulator’s approach to Operational Risks and other elements of business management. Specifically, the process of building Operational Resilience is not covered by existing plans for:
- Business continuity planning;
- Disaster recovery plans;
- Operational risk frameworks.
Now is the time to begin taking action on your own firm’s Operational Resilience planning, if you have not already started the process.
Kenneth Underhill’s webinar: “An Introduction to Operational Resilience” is available to watch on our YouTube channel. It is the first in a series of webinars on the subject, all available to watch on YouTube.
Operational Resilience – Regulatory Timeline
The joint discussion paper issued by the Bank of England, Financial Conduct Authority and the Prudential Regulatory Authority in July 2018 started the current work on Operational Resilience. Take a look at our expanded regulatory timeline for a full list of key dates, including links to all the main consultation papers, discussion papers and policy statements that have been issued.
Operational Resilience—The ICSR Approach
Operational Resilience will be a living and breathing process requiring continual oversight and change. It will require firms to undertake a considerable project to create and embed the necessary processes. We do not anticipate significant change to current policy guidance and our experience suggests that fully completing a programme of work and embedding Operational Resilience into your operating model will take 6-12 months depending on scope and resources.
There are two resourcing approaches to the work, which can be carried out in stages to assist with client planning:
- An advice only approach;
- An advice, support and validation model with design, test and implementation phases for the operational resilience framework, along with the training necessary for the client’s own staff to take responsibility for the ongoing management of the framework.
Our approach will be based on your business models and the outcome of proof of concept testing.
ICSR can provide the resources necessary to support either model, including SMEs, Business Analysts, Programme Managers and IT expertise.
Latest News: Operational Resilience
Our team have produced a number of articles on the subject of Operational Resilience. The most recent are shown below. To see all articles on the subject, please click here to go to our news page.
Join us for a webinar as Kenneth Underhill looks in more detail at the respective definitions of 'Impact Tolerances' and explores how firms should approach setting these across a multitude of scenarios aligned to their Important Business Services. Operational...
The industry has long sought consistency and in their approach to Operational Resilience the PRA and FCA have mostly delivered it, if not what had been hoped for in their co-ordinated Policy Statements released on 29th March. For those firms who are dual-regulated,...
A few weeks ago I provided ICSR’s fourth market briefing on Operational Resilience covering on this occasion, the background to and requirements for mapping. At the end of that briefing I was asked some questions about mapping claims and at what point does the...
ICSR has already helped a number of firms formulate their approach and undertake the necessary work. We have been able to build a team with unrivalled experience and expertise in Operational Resilience, the methodologies which can be adopted, and the documentation and governance structures required to complete an operating framework.
Case Studies: Operational Resilience
ICSR has carried out a number of assignments helping clients with their Operational Resilience planning.
Our Operational Resilience Team
Please contact any of the team if you want to discuss your own approach to Operational Resilience.
Many of our Talent Pool members have specific skills and experience relevant to operational resilience. Please use the search box to find people using specific keywords (eg. ‘Operational Resilience’) or by using the categories in the ‘slider’ settings.