Regulatory Timeline: Operational Resilience

Status: Ongoing
Regulator: FCA, PRA and Bank of England

In July 2018, the Bank of England, PRA and FCA released a joint Discussion Paper titled “Building the UK financial sector’s operational resilience.” 

By 31st March 2022, firms were expected to have completed the first set of milestones towards implementing a functional Operational Resilience framework; identifying their Important Business Services (IBS), setting Impact Tolerances for the maximum tolerable disruption, and having carried out initial mapping. Testing to an appropriate level of sophistication, with an ongoing evolution and enhancement of processes, was expected as time progressed. From the latest update at the end of 2023, firms are now also expected to have made the necessary investments to enable full operationalisation within Impact Tolerances. Lessons learnt exercises to identify, prioritise, and invest in the ability to respond and recover from disruptions as effectively as possible should, by now, have been conducted. The development of internal and external communications plans for when Important Business Services are disrupted should now also be completed. The latest annual Self-Assessment reports are due to be completed for 31 March 2024 with clear progress on implementation expected by the regulators.

This timeline provides key dates in the regulatory calendar and links to ICSR articles and webinars on the subject. If you would like to discuss any aspects of Operational Resilience, please contact us.

Back to Regulatory Timeline: Overview

31st March 2025

Deadline for mapping and testing

By no later than 31 March 2025, firms will need to have:

  • performed mapping and testing so that you can remain within impact tolerances for each important business service;
  • made the necessary investments to enable you to operate consistently within your impact tolerance

Read FCA Guidance

19th March 2024

FCA Business Plan 2024/5

The FCA Business Plan for 2024/5 confirms their ongoing commitment to focus on “Minimising the impact of operational disruptions”. A consultation paper clarifying its expectations on how firms should report operational incidents is expected.

Read FCA Plan

18th January 2023

TSB Operational Resilience Fine – What Lessons Can Insurers Learn From This?





ICSR Risk & Compliance Director Claire King looks at the actions taken by the PRA following an IT systems and data migration project, moving its corporate and personal customer servicing onto a new platform. While this, in itself, was successful, technical failures were soon being flagged, causing significant disruption to TSB’s banking services; branch, telephone, online and mobile banking. 

Read Article

31st March 2022

Deadline for compliance with the Policy Statement requirements.

“By 31 March 2022, firms must have identified their important business services, set impact tolerances for the maximum tolerable disruption and carried out mapping and testing to a level of sophistication necessary to do so. Firms must also have identified any vulnerabilities in their operational resilience.”

Read Bank of England update

24th March 2022

FCA Report: Operational resilience insights for insurance firms

The FCA asked a sample of 47 firms about its rules for strengthening operational resilience and published its observations on what it learned. Read its observations to review your firm’s approach.

Read FCA report

10th February 2022

ICSR Article: Outsourcing and Third-Party Arrangements – Creating Resilience In Your Operational Processes




This article takes a look at SS2/21 including its scope, aims, the key requirements and what firms need to do to ensure they are compliant.

Read Article

26th May 2021

ICSR webinar - Impact Tolerances

Webinar: Operational Resilience: Impact Tolerances with Kenneth Underhill

15th April 2021

ICSR Article: Operational Resilience – A Regulatory Double-Header

Operational resilience - a regulatory double header





ICSR Director Kenneth Underhill looks at the approach to Operational Resilience adopted by the PRA and FCA in their co-ordinated Policy Statements.

Read Article

29th March 2021

PRA Policy Statement PS6/21

The PRA have published their Policy Statement

Read PRA Policy Statement

29th March 2021

FCA Policy Statement

The FCA have published their Policy Statement

Read FCA Policy Statement PS21/3

12th November 2020

ICSR Article: Mapping Important Business Services: When Does A Service Finish?

claims payments




ICSR Director Kenneth Underhill considers questions about mapping claims and at what point in the service delivery process does the requirement for mapping cease.

Read Article

8th October 2020

ICSR webinar - Service and Activity Mapping

Webinar: Operational Resilience: Service and Activity Mapping with Kenneth Underhill

1st October 2020

Consultation Period closes

Consultation period for CP19/32 closes. The original date of 3rd April 2020 has been extended to 1st October 2020 due to the coronavirus pandemic.

16th July 2020

ICSR webinar - Technology and Operational Resilience

A webinar on Technology and Operational Resilience.

4th June 2020

ICSR webinar - Introduction to Operational Resilience

ICSR Director Kenneth Underhill provides an overview of Operational Resilience.

29th April 2020

ICSR Article: Coronavirus – The Long And The Short Of It

Coronavirus pandemic




ICSR Director Kenneth Underhill considers the operational resilience implications of the coronavirus pandemic.

Read Article

5th December 2019

Consultation Papers Published

The Bank of England (the Bank), Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) have published a shared policy summary and co-ordinated consultation papers (CPs) on new requirements to strengthen operational resilience in the financial services sector.

Read FCA Consultation Paper

5th October 2018

Discussion period closes

The deadline for firms to submit their representations to the regulator.

5th July 2018

Discussion Paper released

Building the UK financial sector’s operational resilience

  • Bank of England DP01/18
  • Prudential Regulation Authority (PRA) DP01/18
  • Financial Conduct Authority (FCA) DP18/04

Read Discussion Paper

Advisory & Resourcing

Pin It on Pinterest