Operational Resilience Readiness (London Bank)

Client Challenge

The Client wanted to ensure that its Operational Resilience approach:

1. Met its 31st March 2022 regulatory obligations:​

  • Important Business Services (IBS) defined​
  • Impact Tolerances defined​
  • Vulnerabilities / gaps identified​
  • Plans in place to address gaps ​

2. Let the firm use the same approach and framework for other services that it considered important based on other criteria including:​

  • Client service levels​
  • Reputation​
  • Cost

What we did

  • Worked with the client to evaluate and refine the existing IBS and Impact Tolerances, including the methodology supporting them. This methodology could be extended to other services not covered by the regulation​
  • Led activities to ensure that the end-to-end processes supporting the IBS were understood and documented, including systems/vendors, people, processes (including incident management), and incident MI​
  • Led activities to ensure that gaps were identified, agreed, and documented;  made recommendations for steps to address them​
  • Worked with the client to ensure that the Operational Resilience Framework and Policy met its requirements, including governance, reporting, and the ability to apply a consistent approach to other important services​
  • Worked with Operational Risk to assess the completeness and effectiveness of current risks and controls for Operational Resilience

Outcomes & Results

The project gave the client:​

  • Confidence that it would be ready for 31 March 2022​
  • A better understanding across the firm of its Operational Resilience obligations and how these fitted alongside its other service obligations​
  • A searchable database showing the processes supporting each IBS, including:​
  • Systems/vendors, people, processes (including incident management), and existing incident MI​
  • Gaps​
  • Recommendations for addressing gaps​
  • A framework for managing Operational Resilience for both IBS and other services​
  • A framework for ensuring that existing Operational Risk Management met Operational Resilience requirements
Top