The recent publication by the Bank of England, the Prudential Regulatory Authority (PRA) and the Financial Conduct Authority (FCA), of a discussion paper – ‘Building the UK Financial Sector’s Operational Resilience’ – is an initial response to recent issues in the UK financial services sector and the wider economy, including the collapse of the Carillion and Conviviality businesses, the recent Visa credit card outages and the challenges faced by TSB when migrating its customers’ accounts to a new IT environment. From all reports, it appears likely that this paper, as well as the feedback received from industry players, will form the basis of a new regulatory framework in due course.

The most noteworthy feature of this paper is that it focuses on the resilience of ‘business services’ at financial institutions, as opposed to the systems and processes that underpin them. It proposes that institutions think about operational resilience in the widest possible terms, including people, processes and systems, so that they can ‘design-in’ resilience into their services. It suggests that institutions should develop impact tolerance measures for their businesses, encouraging organisations to manage their overall operational resilience in terms of identifying risks that could impact their viability, harm consumers and market participants or undermine the financial stability of the wider economy.

This represents a move away from a ‘siloed’ compliance mentality utilised by regulators and is a change for most organisations in the way they consider risk management. For example, rather than simply focusing on what their own business can tolerate, they must also think about the impact on other market actors. Essentially, the regulators are calling into question the attention to detail levelled into their business by financial institutions to ensure operational resilience.

Oct-Dec 2018 Issue