As all in the industry are aware, the Bank of England, FCA and Federal Reserve Board have been discussing recommendations for operational resilience since 2019: it’s clear that the latest unexpected events further accelerated the urgency to operate resiliently. If it’s true that firms have coped well with disruptive changes so far, now it is time to implement and strengthen their operational resilience plans to future-proof businesses against whatever lies ahead.
Objectway surveyed professionals among banking and wealth management to discover if and to what extent the industry will be able to fight back.
Ready or not?
Operational Resilience has increasingly become a higher priority – 83% of firms realise that it will come into force on 1st April 2022. Facing this scenario, among the professionals surveyed only 21% have their Operational Resilience plan defined. Currently, 62% are still working on the plan, and a minority of firms (9%) stated they were unaware of the approaching deadline.
By the end of March all firms involved will therefore need to have carried out a series of activities to achieve their operational resilience requirements. Specifically, they will need to:
- Identify their Important Business Services: 45% have already detected one or more IBS.
- Carry out mapping, testing and setting impact tolerances: 22% are currently testing the thresholds sets and refining the plan; 20% are setting the thresholds for the detected IBS.
Given that 43% of firms agree that FCA’s ultimate goal is to prevent, adapt, recover and learn from operational disruptions, it is interesting to consider how the external situation looks like, providers’ side.
According to the survey, a vast majority of firms have either started to map all providers concerned in the regulation or are discussing and verifying if they are compliant or not. Overall, most firms are moving towards a resilient position.
It is interesting to observe that no firms have already completed this milestone, and 21% have not yet started – neither in drafting a plan or contacting their service providers to assess whether they are compliant according to operational resilience regulation.
Technology Transformation Is Pivotal
Keeping up to date with operational resilience is one thing, but execution is another. The majority of respondents (75%) agree that technology transformation is an essential element to address, in order to support business continuity, crisis management, disaster recovery and other risk areas; cyber-attacks and data leak being the most selected risk areas organisations are concerned about.
As emerged from our survey, while 15% of professionals have already integrated technology that centralises risk information to manage a complex data set, 10% state their crisis management capabilities really need improvement.
Indeed, resilience technology will provide banks with the toolset they need to identify their weaknesses, will assist them in recognising data dependencies and simulate the possible outcomes in case of disruption, while resilience experts can draft the plan and interact with the authorities. This approach including both technology and people expertise can effectively lead to building a strong, agile, response plan.
On this matter, half of firms surveyed have built an internal team dedicated to Operational Resilience, while the other half is still in the process of setting up or has involved an external party to support the business. The authorities have set 3 years testing span for firms to endure in the implementation phase, and while most firms agree that less time would have not been enough, 27% either do not know yet or believe more time is needed.
This transitional period will give firms the possibility to invest properly and improve their systems and strategies to respond to difficult times and challenges. The period should be used as a test bench, to ensure the resilience of internal services and the reliability of third-party providers.
We do not know what’s next, but what’s sure is that firms need to be ready to face it.