Kohort

Is Your Business Truly Resilient? The 5-Point Checklist for Operational Resilience

by Gareth Foulkes

Are you ready for the Financial Conduct Authority’s (FCA) 31st March 2025 deadline? It’s not long away and your business resilience is critical. Using the FCA’s operational resilience framework and the Bank of England’s (BoE) PRA Rulebook is key. It can safeguard your ability to provide important business services (IBS) under stress.

The BoE naturally has to take a holistic view to to operational resilience, as this quote details,

“It is our job to think about the operational resilience of the whole financial system, as well as that of individual financial firms (e.g. banks and insurers) and financial market infrastructures (FMIs) (e.g. payment systems and exchanges).”

Understanding resilience in all business areas can protect you further. It helps you to handle unexpected crises, recover from them, and protect market stability. UK financial institutions can do this by also adopting a holistic approach to resilience. This approach should consider operational and prudential (liquidity and capital risks).

The 5-Point Operational Resilience Checklist

Many businesses have already worked hard on their operational resilience, but there is always more that can be done to improve resilience. This article highlights five areas to help improve your resilience.

# 1 Define Your Important Business Services with Prudential Resilience in Mind

Financial institutions must identify essential business services (IBS) to operate under stress. Operational resilience, for example, focuses on systems and processes. Prudential resilience ensures capital and liquidity are there to deal with financial stress.

Looking at both areas ensures a holistic approach to resilience. Your process includes looking at third-party providers who are critical in delivering IBS. These could be cloud providers, outsourced IT platforms, and payment processors.

The external risks they pose for organisations cause serious problems. Risks from third-party providers can include cyber threats, financial instability, and operational failures. Indeed, the FCA and PRA Regulations need firms to a) assess, b) track, and c) mitigate third-party risks. These measures ensure your IBS remains operational even when things go wrong.

How can you check all these areas? You must assess your IBS for potential operational disruptions. Also, your dependency on liquidity flows in problem scenarios. You can also follow these action steps to help you.

Action Steps

  • Identify the IBS critical to clients, the market, and the stability of your business.
  • Assess your capital and liquidity dependencies. Use liquidity and prudential risk factors in all your IBS assessments.
  • Review your IBS to reflect evolving risks and regulatory expectations.
  • Check your third-party providers in the following areas:

a) identify critical vendors, b) assess their resilience, c) define contractual obligations (exit strategies, service levels agreements), d) conduct regular risk third-party risk assessments, and e) identify alternative providers for worst-case scenarios.

# 2 Set Impact Tolerances That Go Beyond Operational Metrics

The PRA Rulebook states impact tolerances for important business services must be realistic. In their words,

“Firms should identify the severe but plausible scenarios they use for testing. When setting scenarios, firms could consider previous incidents or near misses within the organisation, across the financial sector, and in other sectors and jurisdictions. A testing plan should include realistic assumptions and evolve as the firm learns from previous testing.”

Your impact tolerances must look at the highest level of disruption your firm can handle. Before it causes intolerable harm to:

  • Customers
  • Financial stability
  • The markets

Financial institutions can do this by going beyond operational disruptions. You must integrate prudential risks, e.g. capital depletion and liquidity shocks. Here are some action steps to take in this area:

Action Steps

  • Assess real-world scenarios, like cyber incidents or payment network failures. These could trigger sudden liquidity shortfalls in your business.
  • Align your IT with PRA liquidity and capital adequacy expectations. It will help to strengthen your financial resilience.
  • Define your financial ITs. These areas include capital sufficiency requirements, liquidity buffers, and stress funding scenarios.
  • Check how disruptions affect capital positions, funding gaps, and liquidity outflows. It will help you to avoid regulatory breaches.

#3 Conduct Scenario Testing for Operational and Financial Resilience

Regulators like to see firms test their resilience under extreme but realistic scenarios. You can justify this by conducting joint operational and financial stress testing. It will help you show that you have adequate funding and liquidity.

It also helps your firm identify vulnerabilities in your organisation. With this information, you can then go on to test your contingency plans. You can determine if you are compliant with FCA and PRA regulations. Also, work your way through these action steps.

Action Steps

  • Carry out cross-functional scenario tests to stimulate financial stress events and operational disruptions.
  • Conduct liquidity stress testing to assess the impact of operational failures. You must look at a) cash flows, b) funding availability, and c) market confidence.
  • Test your contingency plans for emergency liquidity access.
  • Remember that you don’t have to start from scratch. You can use historical crises as benchmarks to help you.

#4 Ensure Your Business Continuity Planning (BCP) Aligns with Your Financial Contingency Planning

Understanding the difference between business continuity and operational resilience is essential. It will help ensure alignment across your BCP and financial contingency planning. For example, your BCP should integrate liquidity risk management.

Financial institutions can then sustain their IBS even in financial distress. An effective BCP strategy should include:

  • Capital buffers
  • Contingency liquidity planning
  • Diversified funding sources

Here are some more action steps to help you.

Action Steps

  • Aligning BCP with PRA stress testing and capital planning requirements ensures regulatory compliance.
  • Develop a recovery and resolution plan that considers operational prudential risk considerations.
  • You must integrate liquidity risk management into your BCP to ensure financial stability.
  • Maintain access to diverse funding sources so you have no funding shortfalls.

#5 Strengthen Board-Level Oversight to Boost Culture and Governance

Operational resilience is more than meeting compliance obligations. Companies must embed it in their culture and governance.UK regulators want to see senior management and board members oversee resilience strategies.

Your governance should a) drive continuous improvement, b) improve risk vulnerability, and c) promote accountability in the business. Here are some further action steps you can take.

Action Steps

  • Conduct regular governance reviews. Adjust the policies based on new stress-rest results and real-world disruptions.
  • Ensure resilience planning is a continuous improvement process for your business.
  • Establish board-level accountability for resilience and integrate operational and financial risk management.
  • Insist on cross-functional collaboration between finance, risk, and IT teams. It helps to identify and mitigate vulnerabilities.

Take a Dual Approach to Strengthen Your Operational Resilience

The FCA’s operational resilience framework demands companies have IBS running. Additionally, the PRA mandates strong prudential risk management, capital buffers, and liquidity planning. UK financial institutions must completely integrate operational and financial resilience to stay compliant.

By working through this five-point checklist, you can align these regulatory expectations. Your organisation can handle shocks, recover from disruptions, and maintain financial stability. Your company will be doing its bit to safeguard the UK’s financial system. Also, you will help to promote positive consumer confidence.

Sources:

  1. PS21/3: Building Operational Resilience – Financial Conduct Authority
  2. PRA Rulebook – Bank of England
  3. Financial Stability in Focus – The Bank of England
  4. Operational Resilience vs. Business Continuity: What’s the Difference and Why Does It Matter – Kohort Recruitment
  5. Why Operational Resilience Should Be a Priority in Your 2025 Strategy: The Right Talent Makes All The Difference – Kohort Recruitment

Connect with us today and discover opportunities tailored to your expertise and career goals

Get in touch