Implementing & Embedding Operational Resilience Best Practice Exchange

Client Challenge

A well-known global exchange specialising in international trade, and freight market information provision for the trading and settlement of physical and derivative contracts needed to meet the expectations set by the Financial Conduct Authority (FCA). Benchmark Administrators are obliged to incorporate and implement Operational Resilience (Op Res) regulations following the guidance provided in PS21/3.​

Following on from Phase 1 where TORI assessed the clients current state Operational Resilience maturity level, the team was retained and reengaged on the second phase, focusing on increasing the level of readiness to implement and embed regulatory and industry Operational Resilience best practice.

What We Did

  • Conducted an “As-Is” assessment of the Client’s current state of Operational Resilience. This included a comprehensive review and analysis of their policies, procedures, and governance as this related to Operational Resilience, as well as 1-2-1 sessions with key stakeholders gathering insights on the Client’s priorities
  • Undertook a gap analysis between the Client’s current and desirable state (as defined by organisational priorities, regulatory requirements, and best industry standards)
  • §Produced an Operational Resilience Remediation Plan and conducted a review covering critical elements pertaining to the Governance Framework, the Client’s understanding of the Important Business Services, the risk metrics and tolerances, as well as the dependencies between both internal and external stakeholders (e.g., suppliers)
  • Led workshop sessions with key stakeholders to map the Important Business Services and resource dependencies.
  • Reviewed and revised the Client’s Operational Resilience Policies and Standards and developed a comprehensive Operational Resilience Framework
  • Reviewed the Master Service Agreements and Service Level Agreements for the Client’s critical Business Services
  • Reviewed the Client’s IT Architecture including: data management, access controls, cyber security etc
  • Created an Operational Resilience MI Dashboard linked to the Important Business Services

Outcome & Results

  • Produced a Baseline Readiness Assessment; an “As-Is” assessment of the Operational Resilience Framework
  • Identified the Client’s vulnerabilities and gaps against best industry standards
  • Developed a remediation roadmap to close the gaps identified based on business and regulatory priorities (“To-Be”)
  • Revised the Client’s Operational Resilience Policy and Standards, tailoring them to the organisation and aligning them to new industry standards
  • Developed a comprehensive Operational Resilience Framework in line with regulatory and industry standards and suggested a Governance and Reporting structure
  • Produced Important Business Services and Resource Dependency maps for all Important Business Services, including people, technology, data, suppliers, etc
  • Produced an analysis of the Master Services Agreements and Service Level Agreements for the Client’s critical suppliers as they relate to the Important Business Services
  • Worked with the Client to define their impact tolerances and risk metrics as they related to the Important Business Services, ensuring they aligned with the organisational risk appetite
  • Revised the Client’s IT Architecture and Data Flow mapping
  • Produced an Operational Resilience MI Dashboard

Share on LinkedIn