Change is the only constant in today’s digital era. To be successful, organisations need to be able to change often and change fast. Recognising this, regulators have responded, ensuring the pace of change is not to the detriment of markets and customers.
The term ‘Operational Resilience’ is still new and often gets misinterpreted and misused. The Bank of England coined the term in 2015 to describe a firms’ ability to protect or sustain its critical functions and assets during unexpected disruption to their business.
Financial services organisations have reported a 138% increase in tech-outages and an 18% rise in cyber incidents since 2018, with recent high-profile incidents resulting in material financial and reputational damage and harm to customers.
Demonstrating resilience is not a tick-box exercise. The regulator wants to see that you have a considered approach for managing the resilience of your most important customer-facing services. This blog gives you the 6 key steps to do just that.
HOLD ON, THIS IS JUST FOR BANKS, ISN’T IT?
We speak to many firms who ask us whether they need to be thinking about Operational Resilience or if it is only an issue for the banking sector.
They are right to ask the question. Regulators are now focusing on insurers and asset managers and how they will demonstrate the resilience of their most critical customer-facing services.
The regulator hopes to improve the way these firms respond to events that disrupt their critical business services and reduce the impact on their customers. However, as with the banking industry, insurers and asset managers have been set the task to determine which of their own services are ‘critical’ to their customers.
This could mean an insurer’s ability to provide emergency road-side support or responsiveness to a devastating flood. For asset managers, this could mean providing seamless, real-time access to investments when unforeseen outages strike.
But the regulator expects that each organisation is different, with different services and so there’s no one-size-fits-all approach that you can follow.