< Back to Building resilience

Operational Resilience

Operational resilience is a set of techniques that allow people, processes and information systems to adapt to changing patterns. It is the ability to alter operations in the face of changing business conditions. This is the next significant regulatory pillar. Ultimately, Operational Resilience is a Board responsibility which needs to be driven top-down. These regulatory commitments dove-tail with other commitments including SMCR, SMF24, PSD2 and EBA. ​​

You understand that Operational Resilience is the next significant regulatory pillar.  And you understand that there is a clear need for a considered, end-to-end and robust approach; because regulators have already called for a “step change” in how firms have previously approached Operational Resilience. 

You appreciate that winning firms will have conducted a root-and-branch overhaul of how their businesses can and will respond in times of stress.  And you have set-up a programme and made good progress: in fact our recent Smart Paper confirms that 84% of respondents have already identified critical business services.

Perhaps you are considering how to start?  Where to start?  Or you have a programme in flight, but want to understand if you’re doing enough or considered the right areas?  Wherever you are in the journey, have you identified the key challenges and barriers to success?  Will you achieve your intended outcomes?  Will you meet regulatory expectations? 

See our list of Q&As

What are the challenges you face?​​

Regulators are adopting a pragmatic approach and understand that ‘one-size-fits-all’ will not produce the right outcomes.  The approach is one of proportionality (size and complexity of the business plus potential systemic risk) and, by way of impact assessment and scenario planning: ‘severe but plausible’ i.e. there is a recognition that not all risk can or should be mitigated but it needs to be understood by reference to risk appetite and managed accordingly.  In some instances, it will be acceptable and in fact necessary to work outside of risk appetite (to avoid business, market and/or client detriment).  Clear line of sight and dynamic management of risks in a crisis is the key.​​

To achieve operational resilience UK regulators have stipulated that firms should:​​

  • Identify their important business services that if disrupted could cause harm to consumers or market integrity.​
  • Identify and document the people, processes, technology, facilities, third parties and information that support a firm’s important business services (mapping)
  • Set impact tolerances for each important business service (ie thresholds for maximum tolerable disruption)
  • Test their ability to remain within their impact tolerances through a range of severe but plausible disruption scenarios
  • Conduct lessons learned exercises to identify, prioritise and invest in their ability to respond and recover from disruptions
  • Develop internal and external communications plans for when important business services are disrupted
  • Create a self-assessment document
  • Download & review TORI's commissioned SMART paper
  • Check out our Q&A page

How TORI can help…​​

TORI Global, the transformation consultancy, knows it takes courage to embrace change and transform your business. We know, because we’ve been there. We have supported clients in-and-around Operational Resilience since the early work by the regulators.  In fact, we worked with the regulators to shape their thinking. So we know exactly what it takes to succeed.

Alongside our traditional consulting services, we offer clients two specific Operational Resilience products to inform and validate what they are already doing.  We offer:

  • Developing an Operational Resilience strategy​
  • Maturity Assessment

  • Operational Resilience Roundtable


Get in touch

Request for information