Operational resilience, a firm’s ability to ‘prevent, adapt, and respond to, recover and learn from operational disruption’, has seen increasing focus from the Regulators in recent years. Hastened by the COVID-19 pandemic and compounded by ongoing digitalisation efforts, the PRA, FCA, and BoE have made it clear that operational resilience is as important as financial resilience.
It is paramount for firms to ensure that they can provide continuous services to customers regardless of significant changes to their operational landscape.
Latest from the PRA
The PRA’s recent letter to CEOs highlights just how much of a focus the subject is. Significant emphasis has again been placed on the identification of important business services (IBS) and subsequent stress-testing of these services. This letter builds upon the UK’s operational resilience framework, first introduced in March 2022.
The PRA has reiterated its expectation of firms to adopt a proactive internal approach towards managing operational risk in order to protect the wider economy.
Prevention, and not merely response, is key.
Why is this important?
Operational resilience is a crucial consideration given the potential harms of significant disruptions to firms, their customers, and financial markets more generally.
As already highlighted, Regulators have the importance of operational resilience very clear. Senior managers are accountable for their firm’s approach and must demonstrate operational resilience in a concrete manner to ensure they are well-positioned to maintain their reputation and the trust of their customers.
Implications for clients
Operational resilience is a multifaceted issue. It covers areas such as cybersecurity, governance and risk management, and outsourcing. Given the variety of matters touched upon, firms must invest significant resources into ensuring that their business is sustainable in the face of external shocks.
Such investment, however, will allow firms to protect themselves against potential disruptions. Firms must ensure that impact thresholds and stress-tests are plausible as they will be reviewed by regulators. Failure to take sufficient action will lead to enhanced regulatory scrutiny and the possibility of further action should steps not be taken.
How we can help
Novatus offers a range of advisory services, from implementation and assurance to post-implementation health checks. If you would like to discuss our other offerings further, please contact Hugo Warner: hwarner@novatusadvisory.com.
You can find our Guide to Operational Resilience here.