< Back to Building resilience

Operational Resilience

Operational resilience is a set of techniques that allow people, processes and informational systems to adapt to changing patterns. It is the ability to alter operations in the face of changing business conditions. Operationally resilient enterprises have the organisational competencies to ramp up or slow down operations in a way that provides a competitive edge and enables quick and local process modification.

This is the next significant regulatory pillar. Ultimately, Operational Resilience is a Board responsibility which needs to be driven top-down.  These regulatory commitments dove-tail with other commitments including SMCR, SMF24, PSD2 and EBA. ​​

What are the challenges you face?​​

Regulators are adopting a pragmatic approach and understand that ‘one-size-fits-all’ will not produce the right outcomes.  The approach is one of proportionality (size and complexity of the business plus potential systemic risk) and, by way of impact assessment and scenario planning: ‘severe but plausible’ i.e. there is a recognition that not all risk can or should be mitigated but it needs to be understood by reference to risk appetite and managed accordingly.  In some instances, it will be acceptable and in fact necessary to work outside of risk appetite (to avoid business, market and/or client detriment).  Clear line of sight and dynamic management of risks in a crisis is the key.​​

To achieve operational resilience UK regulators have stipulated that firms:​​

  • Identify their important business services that if disrupted could cause harm to consumers or market integrity.​
  • Identify and document the people, processes, technology, facilities, third parties and information that support a firm’s important business services (mapping).​
  • Set impact tolerances for each important business service (ie thresholds for maximum tolerable disruption).​
  • Test their ability to remain within their impact tolerances through a range of severe but plausible disruption scenarios.​
  • Conduct lessons learned exercises to identify, prioritise and invest in their ability to respond and recover from disruptions.​
  • Develop internal and external communications plans for when important business services are disrupted.​
  • Create a self-assessment document.​


How TORI can help…​​

  • Developing an Operational Resilience strategy​
  • High level roadmap​
  • Developing a Target Operating Model​
  • Third-party risk management and outsourcing​

Get in touch

Request for information