< Back to Building resilience
Operational resilience is a set of techniques that allow people, processes and information systems to adapt to changing patterns. You understand that Operational Resilience is the next significant regulatory pillar. And you appreciate that there is a clear need for a considered, end-to-end and robust approach. You recognise that winning firms will have conducted a root-and-branch overhaul of how their businesses will respond in times of stress.
Perhaps you are considering how to start? Where to start? Or you have a programme in flight, but want to understand if you’re doing enough to meet compliance deadlines?
Our recent research confirms that 84% of respondents have already identified their critical business services. Download our Smart Paper to find out more.
The SoP clarifies how the PRA’s Operational Resilience policy affects its approach to four key areas of the regulatory framework in particular;
- Operational Risk Management
- Business Continuity Planning
- The Management of Outsourced Relationships
To achieve Operational Resilience, UK regulators have outlined stipulations. TORI can assist you navigating these requirements. Specifically;
- Identifying your important/critical business services that if disrupted could cause harm to consumers or market integrity
- Identifying, documenting and mapping your people, processes, technology, facilities, third parties and information that support your firms important business services
- Setting impact tolerances for each important business service i.e. thresholds for maximum tolerable disruption
- Testing your ability to remain within impact tolerances through a range of severe but plausible disruption scenarios
- Conducting exercises and lessons learned to identify, prioritise and invest in your ability to respond and recover from disruptions
- Developing internal and external communication plans for when important business services are disrupted
- Creating self-assessment documentation
Regulators are adopting a pragmatic approach and understand that ‘one-size-fits-all’ will not produce the right outcomes. The approach is one of proportionality (size and complexity of the business plus potential systemic risk) and, by way of impact assessment and scenario planning ‘severe but plausible’. In some instances, it will be acceptable and in fact necessary to work outside of risk appetite.
For more questions and answers, specific to your Operational Resilience challenges check out our Q&A page.
How TORI can help…
We have supported clients in-and-around Operational Resilience since the early work by the regulators. In fact, we worked with the regulators to shape their thinking. So, we know exactly what it takes to succeed.
Alongside our traditional consulting services, we offer clients three specific Operational Resilience capabilities to inform and validate.
- Developing an Operational Resilience strategy
Operational Resilience Diagnostic Tool