HOW CAN FCA-REGULATED FIRMS MASTER OPERATIONAL RESILIENCE IN A VUCA WORLD?

Next Article

PIMFA Winter Journal 2023

We’ve all learned the hard way – with March 2020 holding particular significance – that disruption comes in many forms. And we can’t always predict what’s around the corner.

Ongoing pandemic implications, market uncertainty, economic volatility, supply chain struggles, talent shortages, cybersecurity and climate risk are all concerning global trends for businesses to watch into 2023 and beyond.

It’s no longer good enough to have a disaster recovery plan, International Organization for Standardization (ISO) accreditation and yearly audits. Today, those checks are the absolute minimum baseline. Compliance standards do not consider the specifics, such as the organisation’s business model, strategy and value proposition. Being merely compliance-driven does not guarantee an increase in resilience, nor does it build governance processes that are fit-for-purpose.

Operational resilience is more than a regulatory requirement; it is an essential long-term strategy for progressing on wider company goals and increasing stakeholder interests such as sustainability.

Operational Resilience Is No Longer Optional

Earlier this year, the UK’s Financial Conduct Authority (FCA) set out new regulatory standards for operational resilience, creating a new mandatory framework for banks, building societies and other specific financial institutions. The European Commission is following suit with its Digital Operational Resilience Act (DORA), as is the Australian Prudential Regulation Authority (APRA)

The FCA’s new rules came into effect on 31 March 2022, giving financial services firms just three years to embed appropriate metrics and controls to measure ‘important business services’ and set ‘impact tolerances’. To maintain compliance with the new standards, financial services firms must be able to evidence they are operating within their impact tolerances no later than 31 March 2025.

Operating within this framework will help FCAregulated firms understand and evidence that - should a critical system fail - they can continue to operate without serious adverse effects on the business and their customers.

Staying Ahead Of Disruption And Regulatory Risk

The term ‘operational resilience’ has been around for years, but it has steadily been gaining more traction since the first waves of COVID-19 and the resulting risks, which encompassed everything from cyber crime to supply chain shortages.

On the surface, the definition of operational resilience sounds simple: ‘the ability of firms…to prevent, adapt and respond to, recover and learn from operational disruption’. In practice, however, this is incredibly complex. As an organisation, you need to create an operational resilience framework taking a holistic view of your business, operations, finances, governance, regulation and compliance, information security, Environmental, Social and Governance (ESG) impact and more. All core elements of the business need be ‘operationally resilient’ by design as organisations grapple with significant uncertainty and emerging risks.

You’ve got to be certain of the scope and the ways in which the business is looking at its risk and looking after those risks on a daily basis. Risk management is often undertaken by various teams in differing ways. To understand the organisation’s position, you need to be able to view all these risks together as a whole, understanding how they will impact the entire organisation.

Use The Opportunity To Get Your Firm In Order

The good news is that the scope of operational resilience provides a thorough lens across these issues and how organisations can, and will, perform when (not if) a critical event ariseswhether it’s a one-off event like a cyber breach or a sustained impact such as COVID-19.

The lifeblood of your business is in its critical processes – the way day to day operations are set up to run, how information is distributed and secured and, ultimately, how decisions are made. Getting your Governance, Risk and Compliance (GRC) processes right is not only key to your success but is increasingly becoming a ‘ticket to play’ to stay on top of and address the ever-changing risk landscape and arguably, to exercise duty of care and diligence as these risks are now a core governance concern.

Ansarada has over 17 years’ experience in information governance helping people get their businesses in order – from helping to transact over 1 trillion dollars in Merger and Acquisition (M&A) deals and procurement on our platform, to technology enabling board meetings and Governance, Risk and Compliance (GRC) processes to run like clockwork.

Meet Fca Requirements With The Leading Operational Resilience Solution

Identify important business services, set impact tolerances, and map all of them in a simplified dashboard view with Ansarada TriLine GRC.

By using TriLine GRC to manage your Operational Resilience, you can ensure that you can easily evidence your important business services and that you are reviewing them on a regular basis. Reporting outputs highlight any services that were deemed to be outside of your firm's impact tolerance and what remedial actions were taken. Scenario testing can be recorded on a regular basis and upon a material change to your firm.

Bringing order and governance into all aspects of how you run your business is the difference between average results and excellent ones, every time. The difference between failure and success, and the backbone of operational resilience.

RACHEL RILEY