Change is the only constant in today’s digital era. To be successful, organisations need to be able to change often and change fast. Recognising this, regulators have responded, ensuring the pace of change is not to the detriment of markets and customers.
The term ‘Operational Resilience’ is still new and often gets misinterpreted and misused. The Bank of England coined the term in 2015 to describe a firms’ ability to protect or sustain its critical functions and assets during unexpected disruption to their business.
Financial services organisations have reported a 138% increase in tech-outages and an 18% rise in cyber incidents since 2018, with recent high-profile incidents resulting in material financial and reputational damage and harm to customers.
Demonstrating resilience is not a tick-box exercise. The regulator wants to see that you have a considered approach for managing the resilience of your most important customer-facing services. This blog gives you the 6 key steps to do just that.
Hold on, this is just for banks, isn’t it?
We speak to many firms who ask us whether they need to be thinking about Operational Resilience or if it is only an issue for the banking sector.
They are right to ask the question. Regulators are now focusing on insurers and asset managers and how they will demonstrate the resilience of their most critical customer-facing services.
The regulator hopes to improve the way these firms respond to events that disrupt their critical business services and reduce the impact on their customers. However, as with the banking industry, insurers and asset managers have been set the task to determine which of their own services are ‘critical’ to their customers.
This could mean an insurer’s ability to provide emergency road-side support or responsiveness to a devastating flood. For asset managers, this could mean providing seamless, real-time access to investments when unforeseen outages strike.
But the regulator expects that each organisation is different, with different services and so there’s no one-size-fits-all approach that you can follow.
Things you can to do to become more operationally resilient
Here are 6 steps you can take to enhance your Operational Resilience:
1. Assess your resilience across all areas of your business.
A common mistake is to focus too narrowly on suppliers, technology and cyber-security while ignoring the importance of other critical areas such as change management, people & culture and strategy.
Many companies use a framework that allows them to assess all relevant areas of their business. The framework should enable you to identify your target resilience maturity and any problem areas that require focus.
To help you, here is our Operational Resilience assessment framework which sets out the key business areas that we recommend clients review to ensure they are as resilient as possible.