Operational resilience is a high priority for the PRA and FCA and the regulations will have a significant impact on financial services firms’ future operating models.
Firms are required to achieve a robust and operationally resilient organisational model, which requires appropriate investment and a significant and coordinated range of activities linked to risk, regulatory and strategic drivers.
It also requires developing and embedding a set of capabilities that can keep the delivery of operational resilience alive on an ongoing basis. The operating model should enable a firm to prioritise the things that matter most. Like, prioritising those activities that, if disrupted, would be detrimental to customers, market integrity or otherwise pose a risk to the stability of the financial sector or the firm’s safety and soundness. Firms should embed ongoing resilience procedures to monitor the resilience profile. This includes incident management procedures, communication plans and training.
The macro actions that firms should apply can be grouped as follows:
But, what can firms do to ensure long-term operational resilience and harness the benefits?
Firstly, they shouldn`t focus solely on regulatory compliance. The main drivers for successfully embedding operational resilience are to establish a resilience-centric culture that provides both customer and business benefits.
At a minimum, firms should have a clear purpose, strong leadership, and logical policies & procedures, all underpinned by effective governance.
It should be acknowledged that a mentality of ‘just’ having to meet the requirements will not lead to long-lasting and sustainable operational resilience.
Simply implementing the letter of the law, rather than the spirit of the law, will likely result in duplicated effort in the short term and having to rework in the long term. Only firms that adopt a more strategic approach to operational resilience will realise multiple additional benefits in the long run.
To ensure effective long term operational resilience it is necessary to build an approach and methodology based on:
To achieve an ideal operational resilience scenario, financial services firms need to develop an enterprise-wide framework that allows them to respond flexibly to unexpected disruption.
It requires firms to analyse four important organisational components:
Based on the above, the main steps to consider when creating an adequate Target Operating Model(TOM) are:
To conclude, let`s remind ourselves that the core purpose of regulators is to make progress in the financial services sector, such that firms can provide financial goods and services to people and corporations using an approach that is effective, sound, and resilient.
If done badly, operational resilience is just another administrative layer adding complexity on top of existing operational risk, business continuity and crisis management practices.
While, if done well, operational resilience can drive efficiencies, deliver better performance, and improve customer outcomes.
Firms that approach operational resilience with the intention of satisfying regulatory requirements alone are missing a trick. Rather than trying to purely meet all regulatory requirements, firms should establish an effective Operational Resilience Target Operating Model and build for the long term.
Operational Resilience is not just another review, another dashboard, another governance forum, and should not be another layer of complexity.
Fourthline is supporting several Financial Services firms in creating their tailored Target Operating Models.
To download our Target Operating Model service deck and to find out more about how we can help your firm, click here>