Financial Services Regulatory Insights - Operational Resilience

26 August 2020 Basel Committee serves up a healthy dose of operational risk management A Basel Committee consultation paper signals the need for a more direct approach to helping firms to manage their operational risks in a robust manner.

26 August 2020 Hollywood blockbuster or rotten tomato: does the Basel Committee paper on operational resilience deliver? The Basel Committee has published its long-awaited consultation paper on ‘Principles for Operational Resilience’. What does it say?

13 July 2020 How COVID-19 could change operational resilience policy The current coronavirus (COVID-19) pandemic has brought the topic of operational resilience to the fore yet again - providing valuable lessons for both firms and supervisory authorities.

05 May 2020 COVID-19: Act in haste, absolutely - but don’t repent at leisure! COVID-19 has driven a rapid industry response, but we must consider the consequences of rapid change.

02 March 2020 What do impact tolerances and narwhals have in common? Effective operational resilience is compared to a sea creature; this may seem an incredulous link...but hear me out.

28 January 2020 Modernising third party risk management with a PRAgmatic regulator Businesses must seize the opportunity to inform the Prudential Regulation Authority’s (PRA) upcoming policy on outsourcing and third party risk management.

28 November 2019 Operational Resilience - A view from beyond the wall By Stuart Birnie. Operational resilience continues to be a hot topic in the Financial Services industry where firms now run operations on a truly global basis. Therefore, collaboration between global teams and those operating in various UK locations is critical if progress is to be made with operational resilience.

30 October 2019 Parliament raises the bar on operational resilience By Sarah Isted and Simon Chard On 9 July we gave evidence to the Treasury Select Committee (TSC) on its review of IT failures and...

01 October 2019 A bridge over troubled water - how to navigate impact tolerances The UK supervisory authorities’ discussion paper on operational resilience in 2018 brought much-needed focus to what was previously a disparate discipline for firms. Of course, while managing disruption may not be new, the discussion paper did introduce some new concepts and terminology in the quest for consistency across the industry. After all, this is vitally important in helping the regulators themselves understand what is happening within many different firms, and where systemic risks may lie.

24 September 2019 Can you tolerate being punched in the face? Publication of the regulatory consultation paper on operational resilience is imminent. The concept of setting impact tolerances for firms’ most important business services, introduced in the discussion paper, will be integral to this. Firms should not shy away from what can seem like a difficult question. There is a logical sequence of activities that can be undertaken to set tolerances, stress test them and monitor against them. PwC has been tackling this topic with firms across the financial sector and we will publish our approach to this challenge soon. In the meantime, we strongly encourage firms to start the groundwork by being clear what important business services you operate.

02 September 2019 Coming a cropper - Data farms and insurance fraud Amidst other significant enforcement activity, the Information Commissioner’s Office (ICO) recently reported raids on two UK addresses as part of an ongoing investigation, conducted in partnership with the Insurance Fraud Bureau (IFB), into the suspected illegal acquisition and sale of personal data. The suspicion was that high volumes of data farming activity, or vishing, was taking place at these addresses to illegally obtain the personal data of motor accident victims to sell on to solicitors for personal injury insurance claims. In the context of the ongoing fight against insurance fraud, this is an important development. In this blog I highlight three of the most important themes I took away from it.

25 July 2019 The end of legacy systems is nigh The Treasury Select Committee (TSC) heard from representatives from the PRA, BoE and FCA on 24 July, in what we believe to be the last session in its inquiry into IT failures within financial services. This follows earlier sessions with industry representatives, as well as PwC and TheCityUK where we discussed our recent report on operational resilience.The questions in this latest session were predictably wide-ranging as the committee members looked for assurance from the regulators on how well prepared financial services firms are to withstand operational disruption, and to find out more about future plans to enhance the industry standards as well as develop the regulators’ own capabilities. Two key themes stood out for us.

15 July 2019 Parliament keeps the spotlight on operational resilience When you enter the Houses of Parliament it is impossible not to be impressed by the historical significance of the setting. But despite the Victorian grandeur of the location we were there this week to discuss a very modern phenomenon - IT and other operational failures in the financial services sector. Following a number of high profile operational incidents in the financial services sector in recent years, the Treasury Select Committee (TSC) has launched an inquiry into this topic. We were very privileged to be called to give evidence to the first public session of the inquiry to discuss a recent report we produced with TheCityUK on operational resilience.

27 June 2019 Ensuring resilience - from Cloud to climate change Just as policemen seem to be getting younger, so the pace of change outlined by the Governor of the Bank of England in his annual Mansion House speech appears to accelerate every year, and this year has been no exception. Some of the statistics thrown out by Mark Carney at this year’s Mansion House event are extraordinary: last year, one fifth of sales were online, whereas this year it will be one quarter.

25 June 2019 With great computing power comes great accountability Scroll through a newsfeed nowadays and it’s difficult to avoid the latest take on innovative technologies such as Artificial Intelligence (AI), machine learning and advanced data analytics. These technological developments are beginning to disrupt the way in which financial services firms operate. A recent report by PwC shows that, while firms are at varying degrees of maturity in adoption, many are now embracing these technologies to transform activities such as risk management, fraud detection and post-trade processes. While these innovations are likely to be adopted by many within financial services, debate is growing around the disruptive power of new technologies and who is ultimately accountable for ensuring they are used responsibly.

17 June 2019 Why technology currency is a vital component of an operational resilience programme By Simon Chard, Partner and Stuart Birnie, Director Recent prominent and sustained operational incidents have placed operational resilience high on the boardroom agenda for Financial...

06 June 2019 Cryptoasset regulation: clarity or conundrum? The growing popularity of cryptoassets poses a conundrum for regulators. Some have acted quickly with bans or bespoke regimes, while others are taking a more evidence-based approach and plan to reach a more considered view on the appropriate regulatory stance. But with cryptoasset products and associated activities increasingly crossing the boundaries into mainstream financial services, regulators around the world are under pressure to provide clarity over the application of existing regulation to this market. In the UK, authorities have attempted to do this but, how helpful have their efforts been?

04 June 2019 Becoming operationally resilient - the imperatives: Part 2 - the commercial imperative In part 1 of this blog we unpicked the business plans for 2019/20 for the FCA and PRA insofar as they relate to operational resilience. The main message we would take from the FCA plans, which reveal the most detail, is that the regulator has a wide programme of supervisory activities based on existing regulation, before it factors in the work on any new policy statement.

31 May 2019 Becoming operationally resilient - the imperatives: Part 1 - The regulatory imperative How can you say you’re good at change management when it’s the most common cause of IT failure? How are you able to manage the relationships with your growing network of third parties?Forget questionnaires, how will you perform when we put your cyber framework to the test?These are the frank questions the FCA is likely to ask financial services firms this year based on a reading of its 2019/20 business plan, published in April. This is the latest publication showing that regulators have their sights squarely set on ensuring that firms are operationally resilient, and comes after the PRA published its own business plan. In the first of a two-part blog looking at the drivers for firms’ action on operational resilience we consider the regulatory imperative; part two will cover the commercial imperative.

20 February 2019 Taking accountability for operational resilience The operational resilience of the financial services sector, and particularly the banking sector, has rarely been out of the news in recent years. How are senior industry leader feeling as yet another operational failure hits the front pages? What is clear is that the impact of outages on consumers means industry, regulators and other policy makers are increasingly prioritising the topic. At the heart of the regulators’ philosophy on operational resilience is a view that boards are responsible for ensuring the resiliency of their institutions but that senior individuals, in the form of senior manager function 24 (SMF24) should also be held to account for operational failings

28 November 2018 Disruption - the new reality In a speech introducing the results of the FCA’s cross-sector survey of technology and cyber resilience, Megan Butler, Executive Director of Supervision, delivered a stark message: firms must be braced for more IT and cyber incidents and do more to address the threats adequately.

30 October 2018 Putting the ‘stress’ in to resilience testing Do you test end-to-end operational resilience? You might think so, but approaches to IT Disaster Recovery (ITDR) and Business Continuity Management (BCM) testing hasn’t evolved much over the past 10 years and has arguably not kept pace with our fast-paced Financial Services industry. With new stress testing challenges from regulators, it’s time to re-evaluate resilience testing.

19 July 2018 Transforming the resilience of the financial sector By Simon Chard & Conor MacManus Operational challenges are nothing new for financial institutions, but with a number of recent high profile examples of operational...

22 January 2018 Facing the future with resilience By Hannah Swain As we summon our energy and resolve for the year ahead, one thing is for sure in an otherwise uncertain landscape: operational...

19 April 2017 What can we learn from the FCA’s business plan? Sarah Isted The Financial Conduct Authority (FCA) has set out its priorities and agenda for 2017/18 in its annual business plan. The regulator continues a...

31 posts categorised "Operational Resilience"

Popular categories

Follow PwC