UK financial authorities have proposed a strategy for improving the operational resilience of firms and financial market infrastructures (FMIs), with a focus on carrying out risk-monitoring and impact-assessments for key business services.
The paper, which can be downloaded here, was published yesterday by the Bank of England, Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA). It sets out how boards and senior management can achieve better standards of operational resilience through increased focus on setting, monitoring and testing specific impact tolerances for key business services, which define the amount of disruption that could be tolerated.
Plan for disruption
The increasingly hostile cyber environment, complex outsourcing chains and large-scale technical changes are some of the factors driving the need for building extra resilience into the financial sector. The FCA's statement says these factors “could impact financial stability by posing a risk to the supply of vital services on which the real economy depends, threaten the viability of individual firms and FMIs, and cause harm to consumers and other market participants in the financial system”.
The paper discusses how financial services for businesses and consumers can be maintained, within reasonable parameters, in the face of a cyber attack, a serious technical outage or an outsourcing failure. To withstand such disruptive events, organisations should plan to develop and improve their response capabilities to contain the disruption. Quick and effective communication – especially with customers – should be one of the leading response strategies.
Response sought from businesses
The FCA encourages responses from all types of FCA-authorised and recognised entities, trade associations, and consumer bodies, as well as individuals and businesses that use authorised and recognised entities’ business services, and who may have suffered harm from disruptive events that have affected these services. Responses should be submitted by 5 October 2018.
Boards must shoulder responsibility
Commenting on what firms need to do in light of the discussion paper, Deloitte's David Strachan said: “Some firms will already be doing elements of this work across their business, but not necessarily by design. Governance is key, and the discussion paper underscores how boards will need to take greater responsibility for operational resilience in their firms. Firms will need to skew their priorities for investment towards mitigating the overall impact of a disruption on their key business services. The more customers, the more primary current accounts, and the closer the disruption to end-of-day, the more important to regulators.”
Like this item? Get our Weekly Update newsletter. Subscribe today