Operational Resilience

“Operational resilience’ – the ability of firms, FMIs and the sector as a whole to prevent, respond to, recover and learn from operational disruptions” – The UK’s Prudential Regulatory Authority.

Firms are subject to increasing risk management, outsourcing and governance requirements, and have been since Operational Risk first appeared on the regulators radar.

Operational Resilience differs from Operational Risk.

Operational Risk is defined as “The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk but excludes strategic and reputational risk. ” Operational Risk concerns the mitigation of risks and the losses that occur.

Operational Resilience focuses upon the accepted fact that there will be disruption.

How well a firm responds to disruption and the firms potential impact upon clients, customers and counterparties is the key issue with operational resilience. The regulator in the UK has suggested that firms should identify their important business services at least once a year and following any and every material change to their business.

The three UK regulators issued new operational resilience guidelines in 2022.

Firms have a transitional period until 31 March 2025 to implement measures to enable them to remain within their impact tolerances, and during this time should make reasonable efforts to stay within these tolerances.

In order to implement measures, firms must identify important business services and comprehensively map the people, processes, technology and information that support these important business services.

A firm is also required to set impact tolerances for each important business service; An impact tolenrance being a threshold for maximum desired disruption.

test the firm’s ability to stay inside the stated impact tolerances through a range of disruption scenarios (likely and impactful), including corruption, deletion or manipulation of critical data and the unavailability of facilities or key people;
conduct lessons learned exercises to identify, prioritise, and invest in the firm’s ability to respond and recover from disruptions as effectively as possible;
put in place a communications plan for when disruption occurs; and
develop self-assessment mapping to set out all steps taken to ensure operational resilience.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.