About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Countdown to Operational Resilience Deadline Adds Pressure to UK Firms

Subscribe to our newsletter

UK financial services institutions and firms now have less than six months to identify their ‘important business services’, set impact tolerances and carry out mapping and testing ahead of the new UK Regulatory Operational Resilience Requirements coming into force on March 31, 2022.

The new requirements are being ushered in by the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) in a bid to protect the wider financial sector and UK economy from the impact of operational disruptions. According to the FCA, the disruption caused by Covid-19 has shown “why it is critically important for firms to understand the services they provide and invest in their resilience.”

Operational resilience software and service provider Fusion Risk Management is encouraging institutions to start preparing now for the new requirements or risk missing the March 2022 deadline. Fusion has introduced an operational resilience self-assessment to help firms implement a scalable framework and is working directly with clients to “ensure they are on track to meet the deadlines and exceed the new requirements.”

In addition, Fusion says it has continued to strengthen its offerings to help firms ensure compliance with the new rules and as such have accelerated firms’ progress by 80%. Rich Cooper, Principal of Financial Services at Fusion Risk Management, says that in comparison to existing requirements, firms will find the key difference is around alignment of the various disciplines. “One of the key challenges firms will face when tackling operational resilience is the collapse of silos,” he says. “To achieve resilience, the walls must be broken down between business continuity, incident and crisis management, disaster recovery, and various risk disciplines as they work together. True business continuity is a cultural shift across an organisation, where everyone is working together towards a common goal.”

However, Cooper says that going through this process will be good for firms, resulting in a true understanding of their operations and the impact of an incident to employees, suppliers, stakeholders and customers. He adds that a strong resilience programme also provides a strong culture of teamwork and cooperation vs. traditional siloed programmes and disciplines like risk and continuity. “The transition to resilience is a marathon and not a sprint. As firms understand their important business service and the associated data points, they will continue to refine the process. The regulators understand this and are working with firms over a three-year period to smooth out the process,” Cooper says.

Michael Campbell, CEO, Fusion Risk Management, adds that many institutions have done the work to identify and map their important business services and are on a journey to set impact tolerances for each important business services ahead of the March 2022 deadline. But he warns that as they look for ways to integrate resilience into the operating fabric of their organizations, they are being challenged by the regulators to look at impacts beyond their own commercial interests. “Fusion provides a framework that anticipates, prevents, prepares for, responds to, and learns from risks and disruption over time, ensuring customers can manage to the desired outcomes set forth by regulators,” Campbell says. “This is not just a checkbox exercise; this is an operating model for the modern institution.”

Guy Warren, CEO of operational resilience technology and services provider ITRS Group, notes that the rules come into force just under two years since a UK Parliamentary Committee called on regulators to intervene following TSB’s IT meltdown. He argues that far from moving towards greater operational resilience in that time, businesses’ IT estates have only grown larger and more unwieldy, adding that the resilience of IT systems should no longer fall to the back office.

“To meet requirements on time and avoid punitive consequences, including hefty fines on individual senior managers, the UK’s financial C-suite must put operational resilience at the top of the agenda by committing serious investment towards data analytics and estate monitoring technology and making sure there is personal, senior responsibility for the operational resilience of their firms,” says Warren. “There will be no excuses made for shortcuts or sub-par capabilities. While it might seem costly at a time when most businesses are operating on small margins, the bottom line is this: if you say you can’t afford to prioritise the operational resilience of your systems, then you can’t afford to be in business.”

By the time the new rules come into force in March 2022, firms must have identified their important business services, set impact tolerances, carried out mapping and testing and identified any vulnerabilities in their operational resilience. Firms must also have performed mapping and testing so that they are able to remain within impact tolerances for each important business service and made the necessary investments to enable them to operate consistently within their impact tolerances as soon as possible after the March 31 deadline and no later than March 31, 2025.

Subscribe to our newsletter

Related content


Upcoming Webinar: ESG: A Growth Opportunity and a Regulatory Challenge

Date: 16 May 2023 Time: 10:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes ESG investing, regulation and compliance are central concerns for financial institutions, although not all jurisdictions are equal. In the US, ESG has become a partisan issue making SEC regulation uncertain; the EU is on good form and has already...


Progress in Taxonomy and Standards Alignment Hampered by Data Gaps

Financial institutions and corporations are pressing on with efforts to align with ESG taxonomies and there is confidence that reporting rules introduced in recent years are bringing more private companies into the fold. But more than two years after the European Union’s “green” Taxonomy was implemented experts say there are still yawning gaps in the...


RegTech Summit New York

Now in its 6th year, the RegTech Summit in New York will bring together the regtech ecosystem to explore how the North American capital markets financial industry can leverage technology to drive innovation, cut costs and support regulatory change.


Regulatory Data Handbook 2022/2023 – Tenth Edition

Welcome to the tenth edition of A-Team Group’s Regulatory Data Handbook, a publication that has tracked new regulations, amendments, implementation and data management requirements as regulatory change has impacted global capital markets participants over the past 10 years. This edition of the handbook includes new regulations and highlights some of the major regulatory interventions challenging...