< Back to Building resilience

Operational Resilience

Operational resilience is a set of techniques that allow people, processes and information systems to adapt to changing patterns. You understand that Operational Resilience is the next significant regulatory pillar. And you appreciate that there is a clear need for a considered, end-to-end and robust approach. You recognise that winning firms will have conducted a root-and-branch overhaul of how their businesses will respond in times of stress.

Perhaps you are considering how to start? Where to start? Or you have a programme in flight, but want to understand if you’re doing enough to meet compliance deadlines?

Our recent research confirms that 84% of respondents have already identified their critical business services. Download our Smart Paper to find out more.

Latest News: Policy statement, PS21/3 'Building operational resilience published by the FCA 29th March 2021

The SoP clarifies how the PRA’s Operational Resilience policy affects its approach to four key areas of the regulatory framework in particular;

Governance
Operational Risk Management
Business Continuity Planning
The Management of Outsourced Relationships

Your challenges?

To achieve Operational Resilience, UK regulators have outlined stipulations. TORI can assist you navigating these requirements. Specifically;

Identifying your important/critical business services that if disrupted could cause harm to consumers or market integrity
Identifying, documenting and mapping your people, processes, technology, facilities, third parties and information that support your firms important business services
Setting impact tolerances for each important business service i.e. thresholds for maximum tolerable disruption
Testing your ability to remain within impact tolerances through a range of severe but plausible disruption scenarios
Conducting exercises and lessons learned to identify, prioritise and invest in your ability to respond and recover from disruptions
Developing internal and external communication plans for when important business services are disrupted
Creating self-assessment documentation

Regulators are adopting a pragmatic approach and understand that ‘one-size-fits-all’ will not produce the right outcomes. The approach is one of proportionality (size and complexity of the business plus potential systemic risk) and, by way of impact assessment and scenario planning ‘severe but plausible’. In some instances, it will be acceptable and in fact necessary to work outside of risk appetite.

For more questions and answers, specific to your Operational Resilience challenges check out our Q&A page.

How TORI can help…

We have supported clients in-and-around Operational Resilience since the early work by the regulators. In fact, we worked with the regulators to shape their thinking. So, we know exactly what it takes to succeed.

Alongside our traditional consulting services, we offer clients three specific Operational Resilience capabilities to inform and validate.