Financial firms should view operational resilience on a par with financial resilience—this was a clear expectation from UK regulators when they launched industry consultation,1 including the Financial Conduct Authority’s consultation paper 19/32 (FCA CP19/32), on this topic in late 2019.
The COVID-19 pandemic reinforces this prioritization. As financial firms experience spikes in phishing attacks2 and as remote working emerges as the new norm, the business imperative of operational resilience is rising—and so should the regulatory momentum.
The scope of operational resilience is broad. In the United Kingdom, mandatory rules expected following the consultation would apply to the entire financial sector: banks, insurers, financial market infrastructures (FMIs) and asset managers. The rules proposed range from enhancing board oversight and identifying important business services, to setting impact tolerances for disruption and testing them against disruptive scenarios.
Meeting regulatory expectations on operational resilience should require a concerted effort from across the organization—from the board and c-suite to technology, risk and operations teams. Firms should put themselves on the front foot and start planning based on the lessons from the pandemic, benchmarking across peers, as well as with clarity over the business implications of regulatory demands.
Our response to the industry consultation explores key areas of regulatory expectations, weighing their impact on a variety of business functions and organizational structures in financial services. Here are areas where firms can marry their compliance agenda with business outcomes:
Make operational resilience your business outcome
A well-designed approach to cultivating operational resilience should not only meet new requirements, but also enhance business outcomes. Doing so requires an end-to-end upgrade of resilience capabilities from framework, architecture and analytics, to communication plans, training and culture.
To help planning and prioritization, firms should review their response during the pandemic crisis and benchmark readiness across peers. We suggest the following steps to get started:
- Harness the real-life stress test: The pandemic has stress tested even the most prepared organizations. Response and recovery can be challenging, but that journey provides a chance to reinvent and reinforce operational resiliency capabilities.
- Embrace operational resiliency: A holistic approach that is cross-functional and scenario-driven helps organizations shift from a reactive to proactive resiliency posture, one that reduces disruption and leads to improved sustainability, increased customer loyalty and regulatory compliance.
- Define the path forward: Given the broad scope of operational resilience, it is important that firms start planning now to define their operational resiliency target state and build an implementable road map to the future.
Accenture’s Operational Resilience diagnostic tool considers regulatory criteria alongside industry lessons from the pandemic crisis to provide an up-to-date maturity assessment. Contact our team to learn more about how we can help your business enhance its operational resilience.
1“Building operational resilience: Impact tolerances for important business services”, Bank of England and the Financial Conduct Authority.
2“UK financial scams surge during coronavirus lockdown”, Financial Times, August 19, 2020.