This week the Prudential Regulation Authority (PRA) published its strategy, work plan, and budget for 2022/23.
Not surprising, Operational Resilience featured prominently within this business plan.
The PRA’s focus has shifted to maintaining an improved level of resilience, consistent with its objectives and those of the Financial Policy Committee (FPC). The PRA promotes a risk-aware culture in regulated firms, in which risk-taking should be conscious and controlled, and supported by adequate financial and non-financial resources.
The PRA continues to ensure that firms are resilient operationally as well as financially.
The PRA is preparing to take on new rule-making responsibilities following the expected introduction of the Future Regulatory Framework (FRF), which will help keep the framework fit for purpose and will allow for more effective tailoring of rules to UK markets and firms.
The first section of the Business Plan is assigned to Operational risk and resilience (including critical third-party policy and cyber stress testing).
The Bank, PRA and FCA’s operational resilience policy, issued in March 2021 requires firms to:
- identify important business services,
- set impact tolerances for those services,
- and take action to continue to deliver them during severe but plausible disruptions
There's also an updated policy on outsourcing and third-party risk management that complements the wider operational resilience policy, and takes into account firms’ growing dependency on third parties, including cloud service providers.
The PRA and FCA's focus in 2022 will be to assess whether firms had implemented the policy expectations by the time they came into force back in March. This will include an assessment of firms’ plans to ensure they will be able to deliver important business services within impact tolerance, no later than 31 March 2025.
The PRA will continue to deliver its priorities around operational resilience through a broad range of industry and sector-based engagements such as:
- the Authorities Response Framework,
- the Cross Market Operational Resilience Group,
- the Cyber Expert Group,
- and the Basel Committee for Banking Supervision Operational Resilience Group.
As indicated by the FPC in 2021, the Bank, PRA, and FCA will publish a joint discussion paper outlining potential additional measures to enhance the oversight of the systemic risks posed by critical third-party service providers.
Joint authorities will also coordinate work on the longer-term approach to supervising cyber risks and improving the collection of the operational incident and outsourcing data.
Read the PRA's full Business plan and objectives here>
How FourthLine can help:
FourthLine is working with a number of financial service firms to help them with Operational Resilience enablement, through a mixture of end-to-end consulting and resourcing options.
Download our Operational Resilience Service Deck here now>
Download our Outsourcing and Third-Party Service Deck here now>
To find out more about how we can help you with your Operational Resilience framework, click here>
