New rules on operational resilience for firms in the financial sector came into force on 31 March 2022 in a bid to prevent harm to consumers, firms and financial markets.
The rules, which were first published by the FinanciaL Conduct Authority and Prudential Regulation Authority in March 2021, focus on three key considerations; important business services; impact tolerance and intolerable harm to customers.
What is operational resilience?
Operational resilience is the ability of firms and the financial sector as a whole to prevent, adapt, respond to, recover and learn from operational disruptions.
A new paper from Altus Consulting and AKG Financial Analytics said the Covid-19 pandemic had highlighted why it is critically important for firms to understand in detail the services they provide and invest in their resilience.
What do the new rules mean?
Under the new rules, firms must be able to identify their services that if disrupted could cause harm to consumers or market integrity and identify and document the people, processes, technology, facilities and information that support a firm’s important business services in a process known as mapping.
The FCA also requires firms to set impact tolerances for each important business service and test their ability to remain within their impact tolerances through a range of disruption scenarios.
Firms must also have made the necessary investments to enable them to operate consistently with their impact tolerances and identify any vulnerabilities in their operational resilience.
Firms will have a three year transitional period to show that they can remain within their impact tolerances at all times, although they are expected to achieve this as soon as possible.
Regulatory input
Ensuring the UK financial sector is operationally resilient is not only important for firms but consumers and the overall financial markets. Disruptions have the potential to cause wide-reaching harm to consumers and pose a rise to market integrity.
The FCA wants to increase firms’ operational resilience and drive change “where it is needed”. Where weaknesses in operational resilience are identified, firms will be expected to act.
Firms will be expected to review their services designated important and their mappings at least once a year, but the FCA has made clear that updates should be completed as required by business change rather than left to a single annual update. In short, operational resilience needs to be fully embedded in the business rather than viewed as a ‘compliance project.’
Operational resilience linked to financial strength
According to Altus and AKG, there is an “undeniable relationship” between operational resilience and financial strength when it comes to the ability of financial service providers to continue to deliver positive customer experiences and outcomes.
The paper says that identifying the aspects required for operational resilience is challenging as is delivering it. The latter not least in terms of up-front costs for investment in suitable infrastructure for regulatory adherence but also importantly, in the access to capital and the capabilities to cope with adverse and unexpected circumstances.
Financial strength is, according to the paper, critical to a firm’s ability to meet the needs of its customers and their advisers over the longer term.
It says: “Whilst financial education in the UK is far from where it needs to be, perhaps the most consistent thing people are encouraged to do and understand is the benefit of saving for a rainy day. And whilst not so much a purely saving issue in the corporate context, the same principle of a company having financial resources and accompanying capability available for when difficulties might occur essentially applies. In simple terms, this is the financial strength requirement.”
However, the paper says several common misconceptions around financial strength continue to persist, including the belief that it is just about the recovery of client assets.
“Recovery of assets is of course crucial but to restrict financial strength consideration to this could be misleading and falls below the requirement to deliver a broader set of customer outcomes.
“All platforms, regardless of type, need to maintain operational resilience and consequently all need to show operational financial strength to underpin this.”
The AKG/Altus paper is available to download from either the AKG website or the Altus website.
