A-Team Insight Blogs

Countdown to Operational Resilience Deadline Adds Pressure to UK Firms

UK financial services institutions and firms now have less than six months to identify their ‘important business services’, set impact tolerances and carry out mapping and testing ahead of the new UK Regulatory Operational Resilience Requirements coming into force on March 31, 2022.

The new requirements are being ushered in by the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) in a bid to protect the wider financial sector and UK economy from the impact of operational disruptions. According to the FCA, the disruption caused by Covid-19 has shown “why it is critically important for firms to understand the services they provide and invest in their resilience.”

Operational resilience software and service provider Fusion Risk Management is encouraging institutions to start preparing now for the new requirements or risk missing the March 2022 deadline. Fusion has introduced an operational resilience self-assessment to help firms implement a scalable framework and is working directly with clients to “ensure they are on track to meet the deadlines and exceed the new requirements.”

In addition, Fusion says it has continued to strengthen its offerings to help firms ensure compliance with the new rules and as such have accelerated firms’ progress by 80%. Rich Cooper, Principal of Financial Services at Fusion Risk Management, says that in comparison to existing requirements, firms will find the key difference is around alignment of the various disciplines. “One of the key challenges firms will face when tackling operational resilience is the collapse of silos,” he says. “To achieve resilience, the walls must be broken down between business continuity, incident and crisis management, disaster recovery, and various risk disciplines as they work together. True business continuity is a cultural shift across an organisation, where everyone is working together towards a common goal.”

However, Cooper says that going through this process will be good for firms, resulting in a true understanding of their operations and the impact of an incident to employees, suppliers, stakeholders and customers. He adds that a strong resilience programme also provides a strong culture of teamwork and cooperation vs. traditional siloed programmes and disciplines like risk and continuity. “The transition to resilience is a marathon and not a sprint. As firms understand their important business service and the associated data points, they will continue to refine the process. The regulators understand this and are working with firms over a three-year period to smooth out the process,” Cooper says.

Michael Campbell, CEO, Fusion Risk Management, adds that many institutions have done the work to identify and map their important business services and are on a journey to set impact tolerances for each important business services ahead of the March 2022 deadline. But he warns that as they look for ways to integrate resilience into the operating fabric of their organizations, they are being challenged by the regulators to look at impacts beyond their own commercial interests. “Fusion provides a framework that anticipates, prevents, prepares for, responds to, and learns from risks and disruption over time, ensuring customers can manage to the desired outcomes set forth by regulators,” Campbell says. “This is not just a checkbox exercise; this is an operating model for the modern institution.”

Guy Warren, CEO of operational resilience technology and services provider ITRS Group, notes that the rules come into force just under two years since a UK Parliamentary Committee called on regulators to intervene following TSB’s IT meltdown. He argues that far from moving towards greater operational resilience in that time, businesses’ IT estates have only grown larger and more unwieldy, adding that the resilience of IT systems should no longer fall to the back office.

“To meet requirements on time and avoid punitive consequences, including hefty fines on individual senior managers, the UK’s financial C-suite must put operational resilience at the top of the agenda by committing serious investment towards data analytics and estate monitoring technology and making sure there is personal, senior responsibility for the operational resilience of their firms,” says Warren. “There will be no excuses made for shortcuts or sub-par capabilities. While it might seem costly at a time when most businesses are operating on small margins, the bottom line is this: if you say you can’t afford to prioritise the operational resilience of your systems, then you can’t afford to be in business.”

By the time the new rules come into force in March 2022, firms must have identified their important business services, set impact tolerances, carried out mapping and testing and identified any vulnerabilities in their operational resilience. Firms must also have performed mapping and testing so that they are able to remain within impact tolerances for each important business service and made the necessary investments to enable them to operate consistently within their impact tolerances as soon as possible after the March 31 deadline and no later than March 31, 2025.

Related content

WEBINAR

Recorded Webinar: Managing LIBOR transition

The clock is ticking on the decommissioning of LIBOR towards the end of this year, leaving financial institutions with little time to identify where LIBOR is embedded in their processes, assess alternative benchmarks and reference rates, and ensure a smooth transition. Some will be ahead of others, but the challenges are significant for all as...

BLOG

AutoRek Urges Industry to Prepare for Jan 1 IFPR Start

Automated reconciliations provider AutoRek has warned firms to start preparing their systems for the complex calculations and processes they will need to undertake to be compliant with the UK’s incoming Investment Firms Prudential Regime (IFPR), which go live on January 1  – now less than 100 days away. IFPR is being introduced by the Financial...

EVENT

ESG Data & Tech Summit 2022

This summit will explore challenges around assembling and evaluating ESG data for reporting and the impact of regulatory measures and industry collaboration on transparency and standardisation efforts. Expert speakers will address how the evolving market infrastructure is developing and the role of new technologies and alternative data in improving insight and filling data gaps.

GUIDE

ESG Handbook 2021

A-Team Group’s ESG Handbook 2021 is a ‘must read’ for all capital markets participants, data vendors and solutions providers involved in Environmental, Social and Governance (ESG) investing and product development. It includes extensive coverage of all elements of ESG, from an initial definition and why ESG is important, to existing and emerging regulations, data challenges...