In March 2021 the Bank of England (BoE), Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) published ‘Operational resilience: impact tolerances for important business services’. This joint policy statement mandates standards for operational resilience. The looming deadline of 31st March 2022 (and no later than March 2025) means that many UK firms including banks, building societies, investment, insurance and payment services firms, must have performed mapping and testing so that they remain within impact tolerances for each important business service. Dual regulated firms face the additional complexity of applying the rules of both the FCA and PRA, including potentially setting different impact tolerances to achieve compliance
In this article Dan Thompson, Consulting Director at Xpedition discusses whether it is possible to implement what’s needed to meet the operational resilience requirements – while at the same time sustaining and enhancing performance in a financial services marketplace which continues to evolve rapidly. Moreover, is it possible for the costs associated with creating resilience to also deliver a solid return on the not inconsiderable investments needed?
What is operational resilience and what are the deadlines?
Operational resilience is the ability of a firm to continue pursuing its objectives and to thrive in the face of disruption, based on its embedded capabilities, behaviours, culture, processes and systems. Organisations and the sector must be able to prepare, prevent, adapt, respond, recover, and learn from the whole range of potential disruptions.
The authorities require that by 31 March 2022, firms must:
- Identify their most important business services (IBS)
- Set impact tolerances for the maximum permissible disruption
- Carry out advance mapping and testing
Implementation is followed by a period of ‘reasonable time’ to 31 March 2025 for firms to demonstrate that they have:
- Completed mapping and testing to remain within the defined impact tolerances
- Made investments that enable them to operate within the defined impact tolerances
Focus and investment
Financial services businesses must align both the following priorities – tackle urgent, day-to-day challenges that have intensified after Brexit and COVID-19, and invest in digital transformation for future proofing, long term success in a fast-changing market. The resilience deadlines are looming, adding to the current challenges.
New entrants and challengers can struggle with having the organisation experience and operational heft to be resilient, while established players may be held back by aging systems and siloed teams, infrastructure and practices. In reality, the investments needed to drive improvements in operational resilience, correctly focused, will also deliver a digital platform that delivers continued performance, innovation and competitiveness. Success will depend on a strong digital strategy, which balances resilience and flexibility with innovation and ambition.
Resilience as a springboard to ROI
The need to deliver operational resilience can provide the catalyst to instigate or intensify a digital transformation programme which is essential for continued success. At Xpedition we’ve identified seven outcomes of a drive to resilience underpinned by a transformed digital infrastructure which can deliver tangible ROI:
1.Operational resilience demands strong and coherent infrastructure, systems processes and behaviours. Simplifying processes allows for more automation, freeing employees to work on value-generating activities. Cutting out duplication creates further efficiencies.
Deliverable: More efficient use of people and resources across the organisation reduces costs.
2.An operationally resilient financial services organisation can navigate financial and operational risks with confidence, even when the business model changes and expands to embrace new activities.
Deliverable: The agility to respond to market changes and new opportunities to remain competitive.
3.Customer experience, service, trust and loyalty are key to sustaining and growing the client base and revenues. Clients and businesses are increasingly aware of the need for secure systems and an authoritative approach to data protection. Strong and integrated digital infrastructure from trusted technology providers offers reassurance that firms can withstand disruption and threats such as cybercrime.
Deliverable: Brand reputation is protected and enhanced. Robust security and leading technology attracts, retains and reassures customers during periods of significant disruption.
4.Operational resilience delivers robust regulatory compliance. Structured data, systems and processes that meet standards provide full visibility to demonstrate this compliance. Efficient operations reduce the risk of non-compliance as regulatory requirements evolve.
Deliverable: Operationally resilient firms reduce both the chance of disruption and the impact if it happens. This can reduce regulatory capital requirements and the possibility of fines and sanctions, as well as client trust and damage to company reputation.
5.Clearly mapped and coherent operational processes and digital infrastructure means financial services organisations can plan and execute mergers and acquisitions more quickly and efficiently, with more flexibility.
Deliverable: Optimised processes and infrastructure for business augmentation including M&A, new product and service introductions, and new market entry and penetration, with the agility to act quickly with minimised costs.
6.In an operationally resilient environment, good quality and more complete data provides the clarity and insight to truly understand the customer to deliver an excellent customer experience. Data is an asset that underpins all critical processes and silos across the organisation and data governance is paramount. A robust governance framework is essential to ensure that reliable, centrally managed information supports fast and dynamic analysis and decision-making based on evidence.
Deliverable: Senior management has a complete and continuous overview of key performance metrics as well as the confidence to use the data to make critical and strategic decisions.
7.Many firms know that they must keep promises to customers to keep their trust. Such commitments are easy during stable times, but when market needs shift, the business needs to be able to pivot quickly into new areas or ways of working to provide enhanced customer and employee experiences.
Deliverable: The agility to be able to adopt new digital channels and customer engagement technology.
Delivering operational resilience with maximum ROI – a board level issue
The board must play a leading role in operational resilience, overseeing the reputation and viability of any operational or service initiatives. Implementing a sound approach to operational resilience, backed up by proven outcomes and capabilities, is key to supporting the board in this endeavour. Poor quality reporting, as well as being able to ask the right questions, have led to recent outcomes which have flagged whether boards are indeed receiving the right support and information to carry out due diligence to operational resilience.
Priority must be given to this area. This does not necessarily mean that boards need to be experts, but that they are able to challenge their executives, so they are confident that the right operating model and culture is in place to support resilience.
At Xpedition we have worked with key stakeholders at board level within organisations to help them focus on improved data reporting and scenario testing, to better understand and approve impact tolerance statements. In this way the board can recognise the importance, value, threats and opportunities associated with the ever increasing volumes of corporate data.
Data provides the knowledge to direct product and service innovation and is the backbone to all digital transformation projects – yet often data is the corporate resource without an owner or champion.
Appointing a Chief Data Officer (CDO) as a sponsor for digital transformation projects, means that they can be assigned the KPIs and metrics that will ensure data delivers the greatest ROI possible. The CDO will help maximise business opportunities, while ensuring that risks are mitigated in line with the corporate risk appetite. Working with the board, the CDO can highlight data security and compliance issues which can destroy brand value and an organisation’s trusted reputation overnight – and lead to huge fines.
The financial authorities’ requirements and deadlines around operational resilience are now crystal clear after a period of industry consultation. The March 31, 2022 deadline is fast approaching. The drive for operational resilience needs accurate data and is much more straightforward if allied to up-to-date systems and processes which can be delivered through digital transformation projects. This relationship brings with it a range of opportunities.
Operational resilience needs can act as the catalyst to drive infrastructure and system changes which can deliver tangible ROI. Comprehensive and accurate corporate data is needed to make the right, evidence-based strategic decisions. A Chief Data Officer, working closely with the board, can provide the champion for digital transformation and ensure the maximum value is extracted from key data assets, while meeting operational resilience targets.
This is a Sponsored Feature.