The FCA Throw Down the Operational Resilience Gauntlet

Operational resilience has never been more important than in today’s financial sector. It’s about to become crucial for organisations in the financial and insurance markets to have the ability to prevent, adapt and respond to operational disruption, and also to demonstrate how they would recover and learn from any issues. In this blog we look at the new FCA regulations which are driving these issues quickly up the agenda of the industry.

The FCA (Financial Conduct Authority) is endeavouring to ensure that the industry and all those operating within it, can cope with any shocks – those that are expected as well as coping with unexpected. Their goal is to ensure that consumers are protected from the impact. There have been many examples in recent years (the financial crash, Brexit, Covid-19) and the FCA want to greatly reduce the impact for future incidents.

This is not a recent effort. There has been a focus on operational resilience for some years. This is gaining importance right now due to the FCA mandating that, by 31 March 2022, relevant financial organisations must identify their important business services and set impact tolerances. They must then carry out necessary mapping and testing.

The FCA want the senior management within these firms to be acutely aware of the potential risks to the way they operate. Understanding the detail of the ways that their supply chains impact resilience is important, especially given that many services are outsourced these days. The FCA want confidence themselves that these issues are being suitably addressed and that they will be alerted as any issues arise.

The rules apply to banks, building societies, PRA-designated investment firms, insurers, Recognised Investment Exchanges and some other organisations. The regulations relate to all the resources a firm relies on to provide its financial service. That includes people, processes, systems, suppliers, offices, and so on.

Organisations must identify their important business services that, if disrupted, could cause:

To do this, they must:

After 31 March 2022, and by no later than 31 March 2025, they will also need to:

Many financial services organisations who still operate manual processes will need to automate these quickly and efficiently, and may now be worried about how they could demonstrate operational resilience. Running legacy systems that need augmenting or replacing makes it very difficult to make changes quickly and efficiently. Especially if a crisis hits.

Low-code and automation can help. New systems and processes can be built and implemented quickly – in time for the March deadline. These solutions help to mitigate risk by making processes run like clockwork and reducing the chance for human error. At the same time, this can reduce operational costs – a win-win. And improved customer experience is a fantastic by-product.

Automation is more easily accessible than you might expect and provides a clear route to enhancing and demonstrating operational resilience in your organisation.

As a supplier to financial services customers, Netcall will also be required to demonstrate our own operational resilience. We are prepared – able to show capabilities to cope with events that may impact organisations that we work with. We can demonstrate documented procedures confirming how we will continue to deliver software and services (including professional services and technical support) in the event of any operational resilience challenges. Our ISO27001 certification is also an important accreditation.

Our specialist team is ready to discuss the challenges facing you, to assist in planning a route to operational resilience for your organisation.