The operational resilience of financial institutions is fundamental to the objectives of both the FCA and the PRA and therefore this topic is high on the regulators’ agenda. In August 2017, the PRA’s letter to Version 4 Credit Unions discussed their focus on operational resilience. Since then a number of large version 5 and version 4 Credit Unions have had PRA operational resilience reviews. Regulation has been introduced for banks and payment providers. While new regulation has not been introduced for Credit Unions yet, it still remains best practice and Credit Unions should be looking to this approach.
Our training course on 20 April on this topic can be viewed by clients by entering the password (available from the firm) on this page,
What is Operational Resilience?
Operational resilience has been defined by the Bank of England as:
“The ability of firms and the financial system as a whole to absorb and adapt to shocks, rather than contribute to them”
Operational Resilience is a function of the organisaiton rather than an outcome. There are a number of areas to operational resilience including risk management, business continuity plans and cyber security.
Approach recommended by Regulators
The regulators’ issued a discussion paper on operational resilience in June 2018. It sets out how they expect firms to approach the topic. The regulators are promoting a focus on key services rather than the traditional business continuity event driven approach. They feel that an approach of identifying the key services and then focusing on the systems needed to maintain these systems will lead to more resilient operations. While a focus on key services is important, systems for meeting compliance and contractual requirements should also be prioritised.
Once key services are identified the Credit Union should map out the service and use this to identify what can go wrong.
The Credit Union should also set tolerance levels of the maximum time or number of transactions that a service can be down. This should also consider the impact from the point of view from the member as well as the Credit Union.
The next stage is to test with severe but realistic scenarios, The results can then be compared to the tolerance levels to identify where further investment or improvements require to be made.
The regulators have used the following diagram to set out their suggested approach:
Further Information
The discussion paper covers the regulators approach in more detail and their expectation. We would therefore recommend that Credit Unions review the paper.
The discussion paper is on our new Operational Resilience webpage. This page will summarise articles and links on the subject as well as setting out how we can help. This includes links to the discussion paper.