The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

Countdown to Operational Resilience Deadline Adds Pressure to UK Firms

UK financial services institutions and firms now have less than six months to identify their ‘important business services’, set impact tolerances and carry out mapping and testing ahead of the new UK Regulatory Operational Resilience Requirements coming into force on March 31, 2022.

The new requirements are being ushered in by the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) in a bid to protect the wider financial sector and UK economy from the impact of operational disruptions. According to the FCA, the disruption caused by Covid-19 has shown “why it is critically important for firms to understand the services they provide and invest in their resilience.”

Operational resilience software and service provider Fusion Risk Management is encouraging institutions to start preparing now for the new requirements or risk missing the March 2022 deadline. Fusion has introduced an operational resilience self-assessment to help firms implement a scalable framework and is working directly with clients to “ensure they are on track to meet the deadlines and exceed the new requirements.”

In addition, Fusion says it has continued to strengthen its offerings to help firms ensure compliance with the new rules and as such have accelerated firms’ progress by 80%. Rich Cooper, Principal of Financial Services at Fusion Risk Management, says that in comparison to existing requirements, firms will find the key difference is around alignment of the various disciplines. “One of the key challenges firms will face when tackling operational resilience is the collapse of silos,” he says. “To achieve resilience, the walls must be broken down between business continuity, incident and crisis management, disaster recovery, and various risk disciplines as they work together. True business continuity is a cultural shift across an organisation, where everyone is working together towards a common goal.”

However, Cooper says that going through this process will be good for firms, resulting in a true understanding of their operations and the impact of an incident to employees, suppliers, stakeholders and customers. He adds that a strong resilience programme also provides a strong culture of teamwork and cooperation vs. traditional siloed programmes and disciplines like risk and continuity. “The transition to resilience is a marathon and not a sprint. As firms understand their important business service and the associated data points, they will continue to refine the process. The regulators understand this and are working with firms over a three-year period to smooth out the process,” Cooper says.

Michael Campbell, CEO, Fusion Risk Management, adds that many institutions have done the work to identify and map their important business services and are on a journey to set impact tolerances for each important business services ahead of the March 2022 deadline. But he warns that as they look for ways to integrate resilience into the operating fabric of their organizations, they are being challenged by the regulators to look at impacts beyond their own commercial interests. “Fusion provides a framework that anticipates, prevents, prepares for, responds to, and learns from risks and disruption over time, ensuring customers can manage to the desired outcomes set forth by regulators,” Campbell says. “This is not just a checkbox exercise; this is an operating model for the modern institution.”

Guy Warren, CEO of operational resilience technology and services provider ITRS Group, notes that the rules come into force just under two years since a UK Parliamentary Committee called on regulators to intervene following TSB’s IT meltdown. He argues that far from moving towards greater operational resilience in that time, businesses’ IT estates have only grown larger and more unwieldy, adding that the resilience of IT systems should no longer fall to the back office.

“To meet requirements on time and avoid punitive consequences, including hefty fines on individual senior managers, the UK’s financial C-suite must put operational resilience at the top of the agenda by committing serious investment towards data analytics and estate monitoring technology and making sure there is personal, senior responsibility for the operational resilience of their firms,” says Warren. “There will be no excuses made for shortcuts or sub-par capabilities. While it might seem costly at a time when most businesses are operating on small margins, the bottom line is this: if you say you can’t afford to prioritise the operational resilience of your systems, then you can’t afford to be in business.”

By the time the new rules come into force in March 2022, firms must have identified their important business services, set impact tolerances, carried out mapping and testing and identified any vulnerabilities in their operational resilience. Firms must also have performed mapping and testing so that they are able to remain within impact tolerances for each important business service and made the necessary investments to enable them to operate consistently within their impact tolerances as soon as possible after the March 31 deadline and no later than March 31, 2025.

Related content

WEBINAR

Recorded Webinar: Best practices for regulatory reporting

Regulatory reporting has been a cost and resource burden for financial institutions for many years, with the race to compliance in a highly regulated market often leading to multiple, singular regulatory reporting solutions. Legacy systems add to the challenges of making reporting changes in line with adapted and new regulations. This webinar will address these...

BLOG

FCA Completes Transition from Gabriel to RegData Data Collection Platform

The FCA has completed the replacement of its long-standing Gabriel data collection platform with RegData having recently transitioned a final batch of firms to the new platform. In total, 52,000 firms and 120,000 users have been moved from Gabriel to RegData since the transition began in October 2020. RegData is central to the FCA’s data...

EVENT

ESG Data & Tech Summit 2022

This summit will explore challenges around assembling and evaluating ESG data for reporting and the impact of regulatory measures and industry collaboration on transparency and standardisation efforts. Expert speakers will address how the evolving market infrastructure is developing and the role of new technologies and alternative data in improving insight and filling data gaps.

GUIDE

Entity Data Management Handbook – Seventh Edition

Sourcing entity data and ensuring efficient and effective entity data management is a challenge for many financial institutions as volumes of data rise, more regulations require entity data in reporting, and the fight again financial crime is escalated by bad actors using increasingly sophisticated techniques to attack processes and systems. That said, based on best...