Editorial

The Operational Resilience Policy Shift from Prudential to Conduct Risk: Financial Institutions must respond

As the UK regulators impose deadlines around the Operational Resilience legislation, firms must act quickly to establish a compliance strategy. Our first article discussed the anticipated changes

Contributor

As the UK regulators impose deadlines around the Operational Resilience legislation, firms must act quickly to establish a compliance strategy.

Our first article discussed the anticipated changes presented by the FCA and PRA consultation papers on Operational Resilience. Now that both regulators have published their policy statements, a more definitive illustration of the impact on financial institutions can be drawn. This article dives into the specificities of the requirements and demands immediate attention, given that the deadline is as soon as March 2022.

Focusing on Consumer Harm

The Operational Resilience regulatory supervisory statement was published on 29th March 2021, expecting firms to urgently launch strategies to ensure regulatory readiness. In addition to ensuring resilience to internal operations, regulators now require firms to guarantee that a firm’s clients and operating market is also safeguarded against adverse impacts caused by disruptions to their business.

The new regulation extends Business Continuity Planning and Disaster and Recovery Resolution guidelines, to focus on end consumer harm. It heavily emphasises three core themes that make it vary significantly from the existing regulatory environment:

  • The new framework mandates focus on conduct risk and consumer harm, in addition to prudential risk management.
  • There is a stronger emphasis on 3rd party risk management, including cloud, core tech and services providers, and distributors.
  • Regulators see Operational Resilience differently from Operational Risk and Recovery and Resolution Planning. Resilience preparation needs to happen based on a risk event already having occurred rather than a risk that might occur in the future.

Requirements at a Glance

Firms must integrate the above themes into their approach as they address the four primary pillars of the Operational Resilience regulatory requirements:

Understanding the Timeline

The policy specifies two regulatory deadlines, 31st March 2022 and 31st March 2025. The primary difference between the requirements for these dates is that of planning and implementation.

The regulators expect firms to have completed scoping and planning by 2022. Firms must have defined their methodology for identifying important business services and their vulnerabilities, determined testing scenarios, and understood what gaps exist and what remediation plans will look like. In addition, testing must be run on a subset of the important business services to a level of sophistication that could be easily articulated to the regulators.

By 2025, the expectation is that firms have reached demonstrable readiness. This includes implementing the majority of a firm’s Operational Resilience roadmap and being able to demonstrate Operational Resilience has been considered in investment decisions.

Industry Talking Points

As UK financial institutions swiftly mobilise their operational resilience programmes in response to the policy statements, common questions are being raised by players across the industry. Delta Capita provide our insights on what we believe to be key challenges.

How Delta Capita can help

Delta Capita has a team of C-Level banking executives and former SMFs with unparalleled expertise, allowing us to help advise and shape our clients' strategy across all aspects of Operational Resilience compliance, supporting activities such as governance and framework development, important business services mapping, operating model design and testing strategy definition.

Our team comes equipped with project accelerators such as business service mapping best practices, success criteria checklists, draft communication plans, and delivery frameworks which can all be adapted to our clients' requirements to further accelerate delivery speed.

If you are interested in finding out more, contact us here to speak directly with our experts.

Contributors:

Karan Kapoor - Head of Regulatory Change and Regtech

Gideon Ezra - Graduate Consultant

Editorial

See more insights from the Delta Capita team

Unlocking Potential: The Impact of AI on Digital Marketing

Artificial Intelligence (AI) and, more recently, generative AI (GenAI) has revolutionised the digital marketing landscape, redefining the way businesses connect with their audiences and achieve their marketing goals. 

Moving towards Perpetual KYC (Know Your Client)

In the last of our navigating Client Lifecycle Management (CLM) series, Delta Capita considers the holistic and incremental benefits that have come from making improvements across the CLM customer journey. By making these enhancements we build a base for future ways of working, and the market goal of perpetual KYC.

Navigating the Top 7 CIO Challenges in Investment Banks

In the ever-evolving landscape of investment banking and continued regulatory and cost pressure, Chief Information Officers (CIOs) play a pivotal role. They are not only responsible for managing technology infrastructure but also for driving innovation, ensuring operational efficiency, and safeguarding sensitive data. However, this multifaceted role comes with its share of challenges. Let’s explore the top seven hurdles that CIOs encounter and how Delta Capita can be their strategic partner.

What can we help you achieve?

Start something great
arrow_forward

Looking for a career change?

View our opportunities
arrow_forward

What can we help you achieve?

Start something great
arrow_forward

Looking for a career change?

View our opportunities
arrow_forward
We use cookies to improve your experience and deliver personalized content. By using our website, you agree to our Cookie Policy.
Got it