Operational Resilience for financial firms

OPERATIONAL RESILIENCE

On March 31, 2022, new Financial Conduct Authority operational resilience rules and guidance were introduced for FCA authorized financial firms. Similar guidance has been published for the US financial sector by the US Banking Regulators in October 2020. Work on the Digital Operational Resilience Act ("DORA") has been going on in the EU since 2020 and is likely to result in finalized legislation in late 2022. Clearly, operational resilience is at the forefront of the regulatory agenda and should be an important part of every financial firm"s framework

Although some of these rules apply specifically to subsets of firms, all firms should consider the frameworks as best practices, as this would improve their operational resilience and strengthen their infrastructure. Given the number of "once in a lifetime" events the world has seen in recent years, operational resilience will be the differentiating factor between the winners and losers of the markets of tomorrow.

In response to the need to firm up operational resilience frameworks across the markets, we have worked with our clients (who are both in and out of scope) to prepare them to meet and exceed the requirements by:

  • reviewing and mapping their businesses to identify critical processes,
  • creating or reviewing formal governance frameworks for operational risk,
  • defining and documenting operational tolerance levels,
  • designing and executing tolerance level tests
  • road-mapping and implementing remediation programs for any identified gaps.

Our clients can choose to work with us either on the end-to-end process or selected stages, depending on where they need us the most.

OUR PROCESS

1

Critical system identification

The first stage of our process involves mapping the firm’s environment (clients, systems, and suppliers) and major internal stakeholders.

We perform the mapping with our clients using our tried and tested Trilayer Business Process Analysis™. It analyses the process on three levels: process execution, supporting data, and risk management. This way, we capture the potential impacts of disruptions in a broad spectrum of scenarios.

Based on these maps, identification of business-critical processes can be undertaken. For example, FCA defines such processes as ones that, “if disrupted, could cause intolerable harm to consumers of your firm or risk to market integrity, threaten the viability of firms or cause instability in the financial system”.

2

Operational tolerance calibration

Once the critical processes are identified, firms should set operational tolerances, i.e., maximum tolerable disruption for these services. Time/duration of disruption is usually the primary metric used across the processes, however additional appropriate metrics are often useful, depending on the specifics of the firms’ processes.

We work with our clients to define appropriate metrics and calibrate tolerable disruption levels, considering clients’ requirements, the orderly operation of financial markets, and the firm’s overall tolerable risk levels and reputation.

3

Scenario definition and testing

To ensure ongoing maintenance of operational resilience and adherence to calibrated operational tolerances, testing based on severe but plausible scenarios is used. The level of testing will depend on the sophistication level of the firm and the risk level of the service.

We offer our clients several approaches to testing, depending on the identified requirements, including theoretical scenario analysis, interactive reviews and walkthroughs, and full-scale simulations. These are applied depending on the client"s requirements, such as risk levels, systems availability, and specific scenarios.

4

Remediation roadmap

All the steps up to this point should provide the client’s board with a clear understanding of the operational resilience readiness of their firm. We assist our clients with specialist knowledge to perform gap analysis and design a remediation plan for any issues identified during the testing. We also work closely with our clients to support their teams' plan implementation until full compliance is achieved.

5

Continuous compliance

Furthermore, we offer ongoing support to our clients whenever the operational tolerances need to be reviewed or re-tested, whether this is due to changes in the business model of the firm, changes in the external environment in which the firm operates, or due to internal process changes or restructuring.

Download Case Study to see how we work

Fill out the form to get our Case Study, describing how we could improve the Operational Resilience of one of our clients from the financial sector, what deliverables they got, and where their benefits were.

We can assist you in achieving optimal Operational Resilience

Given the events of the last few years, it is clear that operational resilience is key to looking after the firm’s clients, its reputation, and the orderly functioning of financial markets. The speed and interconnectedness of today’s markets require all participants to be in top readiness condition, and resilience is clearly at the top of the regulators’ agenda. Any issues or shortcomings in this area could translate into intolerable losses and regulatory censure. At the same time, well-prepared firms will dominate the market, turning negative scenarios into opportunities to help their clients, and therefore increase their market share.
Let us help you be on the right side of change.

FCA-regulated firm support scheme brochure

Support for FCA-regulated firms

Contact us today to discuss your requirements with our team, and we can help you on the way to full compliance and readiness, whatever your firm’s current stage on the journey towards resilience.

Contact us