Operational Resilience​

Building Operational Resilience

Helping financial services firms build lasting operational resilience.

We help firms to ensure their organisation is operationally resilient and put steps in place to meet the FCA’s requirements and deadlines.

Related Blog

Building operational resilience: what’s next?

The 31st March 2022 deadline has passed for financial firms to carry out the UK Financial Conduct Authority’s (FCA) requirement to complete a self-assessment document setting out their approach to operational resilience.

What is operational resilience?

Operational resilience is the ability of a firm to prevent, adapt and respond to, and recover and learn from operational disruption.

Why is it important?

Disruptions to operations can have detrimental effects on firms, consumers and the financial market as a whole. The pandemic has shown why it is critically important for firms to understand the services they provide and invest in resilience. 

The FCA guidance and who it applies to?

Operational resilience has never been more important for financial services firms. The FCA’s PS21/3 required UK firms to demonstrate that they had taken steps towards operational resilience by 31 March 2022 and further steps by March 2025.

These rules apply to payment and e-money firms, banks, investment firms, insurers, and enhanced scope SM&CR firms.  

What are firms expected to do and by when?

By 31 March 2022, you should now have completed your Self Assessment document which outlines your approach to the FCA Rules on Operational Resilience as follows:

Operational Resilience Self Assessment Checklist

You have identified your Important Business Services, set Impact Tolerances, clearly mapped out the Critical Processes, Technologies, Resources, 3rd Parties which deliver these to your clients.

In doing the above, you’ve tested your ability to recover from potential disruptions by devising “severe but plausible” scenarios, established your governance structures and detailed how you would approach communications, both internally and externally.

You’ve walked your Board through your approach and they’ve signed the document off. A good job done. Well, this is only the beginning. 

1 April 2022 – March 2025

Impacted firms will now need to draw upon the lessons learned through the construction of their Self Assessment Document, beginning on 1st April 2022 and through the next 3 years to address the following:

  1. Remediate any identified vulnerabilities within their Operational Resilience Framework.
  2. Further develop their scenario testing to ensure they can remain within their Impact Tolerances.
  3. Refine their approach to Operational Resilience and build it into their overall framework –  for example, Business Continuity, Cyber Resilience, Risk Management, Process Management.
  4. Operationalise the governance of Operational Resilience within the organisation through regular review, adapting to changes in organisation and markets, learning from regular testing.
How can we help?

We are working with firms throughout this process, from reviewing work already completed to projects where we are starting from scratch. We have delivered a number of recent webinars on the subject which you can watch on demand below.

Book your free consultation

    fscom needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.

    Why choose fscom?

    Practice Lead

    Greg Maine

    Greg James

    Senior Manager

    Lorem ipsum dolor sit amet, consectetur adipiscing vel metus faucibus elit.

    Curabitur sollicitudin lacus in odio maximus volutpat. Aenean id ante nunc.

    Get started today

    If you are looking for highly qualified experts to help your business to be fully operationally resilient, contact us today for a free confidential consultation.

      fscom needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.