Operational Resilience for FCA regulated firms

OPERATIONAL RESILIENCE

On 31 March 2022, new Financial Conduct Authority operational resilience rules and guidance were introduced for FCA authorized financial firms. Although the rules apply specifically to a subset of firms, all firms should consider the policy framework, as this would improve their operational resilience and strengthen their infrastructure. The interim period for these rules ends on 31 March 2025, and after this date, the firms in scope are expected to be continuously compliant with their operational resilience tolerance levels. In response to the introduction of these requirements, we have worked with our clients (who are both in and out of scope) to prepare them to meet and exceed the requirements by:
  • reviewing and mapping their businesses to identify critical processes,
  • defining and documenting operational tolerance levels,
  • designing and executing tolerance level tests
  • road-mapping and implementing remediation programs for any identified gaps.
Our clients can choose to work with us either on the end-to-end process or selected stages, depending on where they need us the most.

OUR PROCESS

1

Critical system identification

The first stage of our process involves mapping the firm’s environment (clients, systems, and suppliers) and major internal stakeholders.

We perform the mapping with our clients using our tried and tested Trilayer Business Process Analysis™. It analyses the process on three levels: process execution, supporting data, and risk management. This way, we capture the potential impacts of disruptions in a broad spectrum of scenarios.

Based on these maps, the first FCA requirement can be met, namely the identification of important business processes. FCA defines such processes as ones that, “if disrupted, could cause intolerable harm to consumers of your firm or risk to market integrity, threaten the viability of firms or cause instability in the financial system”.

2

Operational tolerance calibration

Once the critical processes are identified, the FCA requires the firms to set operational tolerances, i.e., maximum tolerable disruption for these services. Although FCA expects time/duration to be the primary metric used across the processes, they also allow some flexibility in using additional appropriate metrics, depending on the specifics of the firms’ processes.

We work with our clients to define appropriate metrics and calibrate tolerable disruption levels, considering clients’ requirements, the orderly operation of financial markets, and the firm’s overall tolerable risk levels and reputation.

3

Scenario definition and testing

FCA mandates testing based on severe but plausible scenarios to ensure that the calibrated operational tolerances are met. The level of testing will depend on the sophistication level of the firm and the risk level of the service.

We offer our clients several approaches to testing, depending on the identified requirements, including theoretical scenario analysis, interactive reviews and walkthroughs, and full-scale simulations. These are applied depending on the client"s requirements, such as risk levels, systems availability, and specific scenarios.

4

Remediation roadmap

All the steps up to this point should provide the client’s board with a clear understanding of the operational resilience readiness of their firm. We assist our clients with specialist knowledge to perform gap analysis and design a remediation plan for any issues identified during the testing. We also work closely with our clients to support their teams' plan implementation until full compliance is achieved.

5

Continuous compliance

Furthermore, we offer ongoing support to our clients whenever the operational tolerances need to be reviewed or re-tested, whether this is due to changes in the business model of the firm, changes in the external environment in which the firm operates, or due to internal process changes or restructuring.

Download Case Study to see how we work

Fill out the form to get our Case Study, describing how we could improve the Operational Resilience of one of our clients from the financial sector, what deliverables they got, and where their benefits were.

We can assist you in achieving full compliance

Given the events of the last few years, it is clear that operational resilience is key to looking after the firm’s clients, its reputation, and the orderly functioning of financial markets. The speed and interconnectedness of today’s markets require all participants to be in top readiness condition, and resilience is clearly at the top of the regulators’ agenda. Any issues or shortcomings in this area could translate into intolerable losses and regulatory censure. At the same time, well-prepared firms will dominate the market, turning negative scenarios into opportunities to help their clients, and therefore increase their market share.

FCA-regulated firm support scheme brochure

by Cognition Shared Solutions LLC

Contact us today to discuss your requirements with our team, and we can help you on the way to full compliance and readiness, whatever your firm’s current stage on the journey towards resilience.

Contact us