About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Countdown to Operational Resilience Deadline Adds Pressure to UK Firms

Subscribe to our newsletter

UK financial services institutions and firms now have less than six months to identify their ‘important business services’, set impact tolerances and carry out mapping and testing ahead of the new UK Regulatory Operational Resilience Requirements coming into force on March 31, 2022.

The new requirements are being ushered in by the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) in a bid to protect the wider financial sector and UK economy from the impact of operational disruptions. According to the FCA, the disruption caused by Covid-19 has shown “why it is critically important for firms to understand the services they provide and invest in their resilience.”

Operational resilience software and service provider Fusion Risk Management is encouraging institutions to start preparing now for the new requirements or risk missing the March 2022 deadline. Fusion has introduced an operational resilience self-assessment to help firms implement a scalable framework and is working directly with clients to “ensure they are on track to meet the deadlines and exceed the new requirements.”

In addition, Fusion says it has continued to strengthen its offerings to help firms ensure compliance with the new rules and as such have accelerated firms’ progress by 80%. Rich Cooper, Principal of Financial Services at Fusion Risk Management, says that in comparison to existing requirements, firms will find the key difference is around alignment of the various disciplines. “One of the key challenges firms will face when tackling operational resilience is the collapse of silos,” he says. “To achieve resilience, the walls must be broken down between business continuity, incident and crisis management, disaster recovery, and various risk disciplines as they work together. True business continuity is a cultural shift across an organisation, where everyone is working together towards a common goal.”

However, Cooper says that going through this process will be good for firms, resulting in a true understanding of their operations and the impact of an incident to employees, suppliers, stakeholders and customers. He adds that a strong resilience programme also provides a strong culture of teamwork and cooperation vs. traditional siloed programmes and disciplines like risk and continuity. “The transition to resilience is a marathon and not a sprint. As firms understand their important business service and the associated data points, they will continue to refine the process. The regulators understand this and are working with firms over a three-year period to smooth out the process,” Cooper says.

Michael Campbell, CEO, Fusion Risk Management, adds that many institutions have done the work to identify and map their important business services and are on a journey to set impact tolerances for each important business services ahead of the March 2022 deadline. But he warns that as they look for ways to integrate resilience into the operating fabric of their organizations, they are being challenged by the regulators to look at impacts beyond their own commercial interests. “Fusion provides a framework that anticipates, prevents, prepares for, responds to, and learns from risks and disruption over time, ensuring customers can manage to the desired outcomes set forth by regulators,” Campbell says. “This is not just a checkbox exercise; this is an operating model for the modern institution.”

Guy Warren, CEO of operational resilience technology and services provider ITRS Group, notes that the rules come into force just under two years since a UK Parliamentary Committee called on regulators to intervene following TSB’s IT meltdown. He argues that far from moving towards greater operational resilience in that time, businesses’ IT estates have only grown larger and more unwieldy, adding that the resilience of IT systems should no longer fall to the back office.

“To meet requirements on time and avoid punitive consequences, including hefty fines on individual senior managers, the UK’s financial C-suite must put operational resilience at the top of the agenda by committing serious investment towards data analytics and estate monitoring technology and making sure there is personal, senior responsibility for the operational resilience of their firms,” says Warren. “There will be no excuses made for shortcuts or sub-par capabilities. While it might seem costly at a time when most businesses are operating on small margins, the bottom line is this: if you say you can’t afford to prioritise the operational resilience of your systems, then you can’t afford to be in business.”

By the time the new rules come into force in March 2022, firms must have identified their important business services, set impact tolerances, carried out mapping and testing and identified any vulnerabilities in their operational resilience. Firms must also have performed mapping and testing so that they are able to remain within impact tolerances for each important business service and made the necessary investments to enable them to operate consistently within their impact tolerances as soon as possible after the March 31 deadline and no later than March 31, 2025.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: The roles of cloud and managed services in optimising enterprise data management

Cloud and managed services go hand-in-hand when it comes to modern enterprise data management (EDM), but how can the best solutions for the business be selected and implemented to ensure optimal data management based on accurate, consistent, and high-quality data, and delivering improved efficiency, better decisions and competitive advantage? This webinar will answer these questions,...

BLOG

STP Differentiates Investment Services with ComplianceAdvisor for Buy-Side Firms

STP Investment Services has introduced STP ComplianceAdvisor, a new practice aimed at providing comprehensive compliance solutions for investment firms. This expansion leverages STP’s existing expertise in technology-enabled investment servicing to address the growing demand for compliance assistance among its investment advisory clients. STP ComplianceAdvisor also expands the company’s technological capabilities. The new team will leverage...

EVENT

TradingTech Briefing New York

Our TradingTech Briefing in New York is aimed at senior-level decision makers in trading technology, electronic execution, trading architecture and offers a day packed with insight from practitioners and from innovative suppliers happy to share their experiences in dealing with the enterprise challenges facing our marketplace.

GUIDE

AI in Capital Markets: Practical Insight for a Transforming Industry – Free Handbook

AI is no longer on the horizon – it’s embedded in the infrastructure of modern capital markets. But separating real impact from inflated promises requires a grounded, practical understanding. The AI in Capital Markets Handbook 2025 provides exactly that. Designed for data-driven professionals across the trade life-cycle, compliance, infrastructure, and strategy, this handbook goes beyond...