ARE YOU READY FOR THE NEW OPERATIONAL RESILIENCE REQUIREMENTS? YOU HAVE UNTIL THE 31ST MARCH 2022
New Operational Resilience requirements, coming into force 31 March 2022, will have a major impact on UK financial services firms.
The aim is clear: to enable firms to, anticipate, prevent, adapt, respond to, recover from and learn from operational disruptions. The self-assessment requirements however, are not so clear and regulatory guidance is sparse.
With a collapsing timeframe, complex concepts to navigate, and the likely volume of detail and approvals required, this is not a last minute task on the to-do list as deadline looms. The period before 31 March 2022 must be used by firms well, to ensure that their self-assessments are ready and fit for purpose.
Our team of specialists, led by Steven Francis (ex-FCA and regulatory lawyer) and Jonathan Steward (ex-KPMG & Deloitte and a risk and compliance professional), are here to help with the demands of this new regulation. With a deep understanding of the issues we have created a proprietary decision analysis tool (DAT) as well as self-assessment templates and trackers. These resources will enable firms to identify their important business services, the internal and external resources required to deliver them, and crucially set their impact tolerances (the time-based metric indicating the maximum tolerable level of disruption to unimportant business service). Many of these are new concepts, raising complex definitional points. The onus is on firms to produce reasoned self-assessments of appropriate quality. AG can help.
Want to know more about our helpful tools?
Aside from our advisory capabilities, we can also literally lend a hand. If resourcing this under such time pressure is a challenge, let us know. We have trained support teams in preparation to help those who need it alongside our multi-disciplinary team of Regulatory Lawyers, Risk and Compliance Advisers, Technology Support, and Commercial lawyers adept in dealing with outsourcing arrangements and third and fourth party risks.
With Steven and Jonathan's unique experience from the FCA and the Big 4, coupled with assisting UK Finance and the International Banking Federation in their responses to regulators' consultation exercise, we have a deep understanding of this topic. We have also partnered with benchmark providers, consultancy firms and trade bodies to provide the highest quality operational resilience service to our clients.
WHAT TO FOCUS ON NOW
- Start self-assessments now. You only have 6 months. Even those with only few service lines will find the requirements complex
- Make sure that the programme of work required to create the self-assessment has board level support
- Allow enough time for senior management engagement and challenge.
- Confirm ALL business services before classifying those deemed 'Important Business Services'
- Ensure that the rationale and justification for key judgments is documented
- Supplier mapping is lengthy and required input of external suppliers, and also 4th party suppliers
- Use the greatest care when identifying current vulnerabilities and short-comings. You will be at risk.
- When setting impact tolerances make as much use as possible of existing operational risk measures and controls that the firm has in place
If you're interested in any of our support, leave your details here and we'll be in touch.