Operational resilience has become an area of increasing focus in the financial services sector in recent years. While the reforms post the 2008 financial crisis focused on strengthening financial resilience, those did not address operational resilience. The COVID-19 pandemic brought operational resilience into sharp focus and in 2021, the Basel Committee on Banking Supervision (BCBS) noted that it was necessary to strengthen banks’ ability to absorb operational risk-related events that could cause significant operational failures or wide-scale disruptions in the financial markets.
The BCBS published the Principles for Operational Resilience to strengthen operational resilience by increasing international engagement and promoting greater cross-sectoral collaboration.
Last year in March, a new operational resilience regime took effect in the United Kingdom introducing requirements for banks and insurance companies to ensure the UK financial sector is operationally resilient and to protect the consumers and the economy from any significant impact. Under this regime, the financial firms must identify their “important business services” that could impact clients or the financial system if disrupted, set an “impact tolerance” for disruption to each of those services, and ensure they can continue to deliver those services and remain within their impact tolerances.
In the European Union (EU) too, a new regulation on digital operational resilience for the financial sector – Digital Operational Resilience Act, or DORA – was proposed in 2020 and an agreement was reached in May 2022. The DORA proposals establish an EU framework for digital operational resilience in contrast to the UK regime, which broadly addresses operational resilience.
The Simplex proposition
The new UK requirements concerning operational resilience are likely to have considerable practical consequences for in-scope financial firms. By March 2025, they will need to have performed mapping and testing to ensure they remain within impact tolerances for each important business service, and made the investments needed to operate consistently within those impact tolerances.
We help businesses conduct operational risk management to identify and prioritise targets of resilience measures and map interdependencies between the firms and their partners, vendors, and business units. We enable the IT departments to perform resilience testing to measure readiness for various challenges and use the results to assess risk and develop mitigation strategies.
At Simplex, we believe that building resilience is not just an exercise in compliance but should be a cultural shift across the board. It needs to be developed as a guiding principle for all personnel, from C-suite to IT professionals. Download our Operational Resilience brochure here.
Photo by Jan Antonin Kolar