In this episode of RegNut, Isaac and Waleed discuss their preliminary views on FCA’s and PRA’s Operational Resilience agenda, report back from an industry event on how the topic is being received and consider the road ahead.
Operational resilience is a journey that started with the joint discussion paper from the FCA and PRA. The journey continues with the consultation paper (CP), seeking a response from the industry by the 3rd of April 2020.
Four key messages for regulated firms to reflect on:
- Identify your key business services; a key difference in the approach presented in the CP is the shift of focus from business processes to business services which span across multiple processes and teams;
- Identify the desired availability for your key business services; consider a reasonable availability (Impact Tolerance) for your key business services against disruption, particularly for services that impact customer outcome;
- Identify the key owners for the delivery of these services; identify individuals responsible for effective delivery of your key business services (link to SM&CR) and ensure your Board is engaged and actively challenging the operational resilience of these business services.
- Bonus: consider the infrastructure supporting your key business services; identify the robustness of the systems, processes and IT systems supporting your key business activities and the extent to which these resources can help you meet your Impact Tolerance.
References & further reading:
- Regs: FCA’s operational resilience paper (CP19/32).
- Background: Commons Treasury Select Committee report on IT failures in financial services
For more News, Views and Knowledge on all things Risk and Regulation, visit RegNut’s Blog.