What is operational resilience?

Operational resilience is the ability of a firm to prevent, adapt and respond to, and recover and learn from operational disruption.

Why is it important?

Disruptions to operations can have detrimental effects on firms, consumers and the financial market as a whole. The pandemic has shown why it is critically important for firms to understand the services they provide and invest in resilience. 

The FCA guidance and who it applies to?

Operational resilience has never been more important for financial services firms. The FCA’s PS21/3 required UK firms to demonstrate that they had taken steps towards operational resilience by 31 March 2022 and further steps by March 2025.

 These rules apply to payment and e-money firms, banks, investment firms, insurers, and enhanced scope SM&CR firms.  

What are firms expected to do and by when?

By 31 March 2022, you should now have completed your Self Assessment document which outlines your approach to the FCA Rules on Operational Resilience as follows:

You have identified your Important Business Services, set Impact Tolerances, clearly mapped out the Critical Processes, Technologies, Resources, 3^rd Parties which deliver these to your clients.

In doing the above, you’ve tested your ability to recover from potential disruptions by devising “severe but plausible” scenarios, established your governance structures and detailed how you would approach communications, both internally and externally.

You’ve walked your Board through your approach and they’ve signed the document off. A good job done. Well, this is only the beginning. 

1 April 2022 – March 2025

Impacted firms will now need to draw upon the lessons learned through the construction of their Self Assessment Document, beginning on 1^st April 2022 and through the next 3 years to address the following:

1. Remediate any identified vulnerabilities within their Operational Resilience Framework.
2. Further develop their scenario testing to ensure they can remain within their Impact Tolerances.
3. Refine their approach to Operational Resilience and build it into their overall framework –  for example, Business Continuity, Cyber Resilience, Risk Management, Process Management.
4. Operationalise the governance of Operational Resilience within the organisation through regular review, adapting to changes in organisation and markets, learning from regular testing.

How can we help?

We are working with firms throughout this process, from reviewing work already completed to projects where we are starting from scratch. We have delivered a number of recent webinars on the subject which you can watch on demand below.

If you are looking for highly qualified experts to help your business to be fully operationally resilient, contact us today for a free confidential consultation.