It's more than a tick-the-box approach
What is Operational Resilience?
Operational resilience refers to firms, financial market infrastructures and the financial sector working on how they can prevent, respond to, and recover from operational disruption. US, EU and UK regulators believe an operationally resilient system can absorb and adapt to shocks rather than allow their services be disrupted by them.
In an unsteady economy, becoming operational resilient not only meets global regulations, but makes sense, to ensure your business remains financially stable and viable.
Operational resilience for supply chain is good business practice and managing operational resilience is a dynamic activity that sees continuous tightening of key risks and assessment against acceptable tolerances.
Let's find out how we can support the dynamic framework needed to achieve operational resilience and why you should get in contact with iQcodex today.
There is a global requirement that firms should become operationally resilient, and the US, EU and UK regulators all require firms to adhere to an Operational Resilience establishment timetable.
The Digital Operational Resilience Act (Regulation (EU) 2022/2554) looks at EU financial regulations and works on managing all components of operational resilience in the EU. The regulation will apply from 17th January 2025.
In the UK, according to the FCA, by the 31st March 2025, firms need to operate business within impact tolerances, meaning firms should have performed mapping and testing for important business services and made the investments needed to operate business within such impact tolerances.
In the US, work on operational resilience has increased in recent years, including as a response to COVID-19. The Federal Reserve acknowledges the interest between supervisors and industries in strengthening operational resilience, and emphasises the actions firms need to have already taken. More work is currently being carried out regarding operational resilience regulations, to minimise risks to the wider financial system.
Firms should have by now, identified important business services that could become harmful and cause risks if disrupted. As well as set impact tolerances for these services and carried out the relevant mapping and testing. Firms should have also identified, prioritised, and invested in the ability to respond and recover from potential disruptions, developed their own internal and external communications plans and prepared relevant self-assessment documentation.
The Five Steps
At iQcodex, we continue to pitch and work with our clients on the 5 important steps to building operational resilience.
1) IDENTIFY IMPORTANT BUSINESS SERVICES (IBS)
Organisations must work out how important their business services are in relation to the outcomes their disruption can have on clients and customers, as well as in terms of the viability of the organisation and the stability of the broader sector.
2) MAP IBS TO RESOURCES
Mapping IBS can identify any vulnerabilities and allows for meaningful testing to be undertaken.
3) SET IMPACT TOLERANCES FOR ACCEPTABLE LEVELS OF DISRUPTION
Impact Tolerance describes the maximum level of disruption for every IBS of an organisation.
4) CREATE SCENARIO STRESS TEST CONDITIONS
Organisations must be aware of and regularly perform scenario testing to work out if they can carry on delivering their IBS within their Impact Tolerance Limits through severe enough scenarios.
5) UNDERTAKE SELF-ASSESSMENT AND IMPROVEMENT
Finally, organisations will need to write their own self-assessment which
outlines and confirms their compliance with operational resilience
The Four Pillars of Operational Resilience
To achieve operational resilience, firms need to follow a dynamic framework
based on the five steps above. This consists of four main pillars. These pillars
refer to data reference management, IBS business to resource mapping,
scenario stress testing and reporting and actions tracking. Our software at
iQcodex helps firms stick to this framework and handle data accordingly.
Reference Data Management
The Risk team use the reference data management workflow to set and maintain the data for the whole suite.
IBS Business to Resource Mapping
The workflow triggers Information Requests from the Business to capture IBS mapping details.
Scenario Stress Testing and Reporting
The Risk team conduct specific and broad ranging scenario stress tests until risks are within tolerance.
The Risk team use the workflow to provide governance and oversight to the completion of the actions raised during the scenario stress testing.