Earlier this year, on 29 March 2021, UK regulators FCA, PRA and BoE released a joint policy statement redefining Operational Resilience with the primary focus of improving Financial Market Infrastructures (FMI’s) in the UK. In this joint policy statement, the UK regulators proposed that firms and FMIs should be expected to adhere to the detailed recommendations in order to implement a comprehensive Operational Resilience approach by March 2022.
Keeping Up with Operational Resilience
Resilience is not a new topic. However, taking a business service-led approach to it would mean a change in business architectures and the outcome delivered to consumers. With this, new rules and guidance has been detailed in the policy statement to authorities’ expectations around 4 key areas of Operational Resilience:
- Operational Risk Policy
- Business Continuity Planning
While most firms are likely to have already implemented some elements of this Operational Resilience Framework, business leaders are expected to allocate more resources and time in order to fully align with the updated regulatory framework.
The Operational Resilience Principles Focus On:
- Effective Operational Risk Management to support and heighten greater Operational Resilience.
- Effective Risk Management system in place to manage operational risks.
- Incident Management procedures in place to limit the impact of incidents when they do occur.
- Business Continuity Planning (BCP), testing and more.
Alongside the updated Operational Resilience principles, companies are also expected to outline their short, medium and long-term assessments of uncertainties, prospects and resilience.
Redefining Your Operational Resilience Framework
In the updated policy statements, there is also an increased focus on digital resilience, heightened scrutiny on third party relationships, operational risks and more. To understand the possible threats to resilience, practitioners are required to assess and evaluate their existing frameworks and align this with the new requirements coming into force.
These Operational Resilience requirements are the culmination of continuous improvement efforts from firms, supervisors and regulators to enhance their Risk Management activities.
Practical Steps to Building an Operationally Resilient Firm
In order to build an operationally resilient firm, organisations are expected to take a proportionate resilience approach in line with the size and type of services they deliver. These resilience measures must be designed based on the input provided by risk teams to frame different scenarios of risk.
- Prioritise your core business product and services.
- Determine the value of your product and services such that you can strategically allocate resources for mitigation plans according to their importance.
- Sets clear standards for Operational Resilience.
- Define the maximum level of disruption that can occur to an important business service before intolerable impact and damage has been done.
- Invest to build resilience.
- Stress testing the ability of your organisation to remain within its impact tolerances while identifying investment that should be allocated to address vulnerabilities.
In most cases, organisations are now investing precious time and resources to consolidate their effort to help them build an operationally resilient organisation for the future. To help organisations simplify and consolidate their efforts, it would be critical for them to make intelligent investment decisions. This includes investing in a comprehensive, intuitive Risk Management System like Alyne, to help them prepare for the new requirements coming into force in March 2022, as they refine their Operational Resilience Framework for the future.
Alyne’s Extended Capabilities Streamline your Operational Resilience Processes
Alyne’s Software as a Service platform helps companies strive for a principle, risk and outcome-based approach where firms have the flexibility to determine the specifics of their own Operational Resilience programs in a way that’s proportionate to their risk profile and can leverage existing, broader, risk management frameworks.
As the different aspects of Operational Resilience, such as third party risk management, are being cast under the regulatory spotlight, there are now stricter requirements for the enterprise-wide supply chain management.
Across various use cases, Alyne's extended capabilities help your organisation streamline it's Operational Resilience process in 6 simple steps:
- Defining important business services.
- Performing business impact assessment funnels for each service.
- Defining Operational Resilience Control Sets to perform self-assessments across various business units.
- Guiding your organisation to simplify tedious risk management processes based on a different combination of risk dimensions.