The term ‘operational resilience’ encompasses what used to be called ‘business continuity’ or ‘operational risk management’. This initiative comes from the UK regulators, keen to bring various strands of similar work together. An initiative that has the end consumer of business services in mind, and assumes that disruption will happen.
This was the first time all three regulators (Bank of England (BoE), Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA)) had published a joint discussion paper. The paper highlighted how important they felt the issue was, both to the financial system and the UK economy as a whole.
The paper set out the regulators’ view that continuity of business services is essential to operational resilience. The paper also introduced the concept of ‘impact tolerance statements’ and asked for views on how best they could build on existing requirements to ensure statements continue to be effective, as the market and technology develops.
Naturally, firms will need to make large cost and time investments to take this work forward, but ultimately, there will be significant benefits. If firms embrace the subject, rather than simply see it as a regulatory obligation, there should be many long-term advantages – for example, more stable and reliable operating platforms, clearly defined and tested workarounds when disruption occurs, and better consumer outcomes.
Firms operating in other jurisdictions as well as the UK, or globally, could replicate the principles outlined by the UK regulators, or apply them elsewhere. Therefore, there’s an opportunity for UK firms to take the lead in developing internal frameworks.
Cyber resilience is an important aspect of operational resilience as a whole, and you can find out more on the IA’s work on this subject in the member area.
LATEST DEVELOPMENTS (most recent first)
Currently, we expect the regulators to issue the consultation paper in Q4 of 2019. It’s likely we could expect a policy statement in mid-2020 and implementation during 2021.
The Investment Association response
We submitted a response to the discussion paper in October 2018 (see document library below). As well as responding to the specific questions raised in the paper, we emphasised five points:
The joint regulators issued a discussion paper in July 2018 (see document library below). In summary, the regulators believe firms can achieve better operational resilience by focusing more on setting, monitoring and testing specific impact tolerances for key business services. Ones that define how much disruption can be tolerated. Important concepts in the paper include:
We will be discussing recent developments and how the IA is supporting its members at an event on 11 November 2019.
MORE INFORMATION & CONTACT
See full details of how the IA is supporting its members on operational resilience in the member area.