The UK’s Financial Conduct Authority and Prudential Regulation Authority are currently developing regulations (first proposed in December 2019) aimed at improving firms’ abilities to withstand critical business disruption.
Operational resilience in a post-covid world
As we tentatively emerge from the greatest ever operational challenge for business, operational resilience has become a huge area of focus for regulators. The UK’s Financial Conduct Authority and Prudential Regulation Authority are currently developing regulations (first proposed in December 2019) aimed at improving firms’ abilities to withstand critical business disruption. The final regulations are yet to be confirmed, but a recent joint covering document published by the FCA and PRA, which summarises the key responses to the proposals, has highlighted the following likely regulatory expectations for firms:
- to identify their important business services by considering how disruption to the business services they provide can have impacts beyond their own commercial interests;
- to set a tolerance for disruption for each important business service (an impact tolerance); and
- ensure they can continue to deliver their important business services and are able to remain within their impact tolerances during severe (or in the case of FMIs, extreme) but plausible scenarios.
Using Graci to meet operational resilience obligations
Graci by RiskBusiness is a comprehensive and flexible modular solution to governance, risk, audit and compliance (GRAC) requirements.
In the context of these latest developments from the FCA and PRA, Graci’s Business Resiliency function, a sub-module within the Graci Risk module, allows for management of issues relating specifically to the firm’s ability to prepare for and withstand operational disruptions.
This includes the ability to define business continuity critical entities, processes and end-to-end processes and to carry out detailed assessments of their possible exposure to business continuity disruption. These assessments are done based on an assessment unit, which can represent a single entity, many processes within the entity, or many end-to-end processes within the entity. This allows those tasked with managing business continuity risk to demonstrate they have identified their important business services and to gather enough data to set clear tolerance levels for disruptions.
The Business Resiliency sub-module can be linked to RiskBusiness’ integrated Scenarios Library, or can be configured to make use of your own database of business resilience scenarios if preferred.
The Newsflash sub-module (located in the Graci Intelligence module) and Emerging Risk sub-module (located within the Graci Risk module) also allow your firm to remain aware of relevant industry news and to analyse any potential emerging threats. This can be used to gain a better understanding of how a disruption at your firm may have an impact beyond your own commercial interests.
All of this will help to provide your firm with a 360° view of its important business services and where they sit in relation to your impact tolerances, allowing you the ability to maintain continuity of service during disruptions.
For more information on how Graci can help you meet your regulatory obligations in relation to operational resilience, contact firstname.lastname@example.org today.
More from RiskBusiness on Operational Resilience