Building operational resilience: what’s next?
January 01, 1970
The 31 March 2022, deadline has passed for financial firms to carry out the UK Financial Conduct Authority’s (FCA) requirement to complete a self-assessment document setting out their approach to operational resilience.
But while firms have now tested their ability to recover from potential disruptions and received the board’s sign off on the document, this is not the time to take the foot off the accelerator. In fact, the countdown has already begun to the next deadline of 31 March 2025, for firms to act on the findings of this first stage.
Companies cannot leave this to the last minute; the FCA expects organisations in scope to undergo a thorough process to address any issues identified during the initial stage, further test their operational resilience, and build it into the overall framework and governance of their business.
In this blog, we look at five actions you should take to meet the regulator’s expectations and, perhaps more importantly, to become truly operationally resilient.
Assessing operational resilience: the story so far
The FCA’s recent push on operational resilience in the financial sector is driven by the harm disruptions to business operations can cause to consumers and the wider financial system. The regulator says the impact of Covid-19 on firms further illustrates the importance of resilience.
Its new rules (see Policy Statement PS21/3) came into force on 31 March 2022. You can read more about the requirements of the initial stage in our previous blog but, in short, firms had to complete a self-assessment document which:
- Identified their important business services.
- Set impact tolerances for the maximum tolerable disruption to business operations.
- Carried out initial mapping and testing of operational resilience, including critical processes, technologies and third parties.
- Spotted any vulnerabilities in their resilience and considered the resources needed to mitigate them.
- Remediate vulnerabilities
- Ramp up resilience testing
- Invest in operational resilience
- Refine and embed operational resilience
- Operationalise governance