After a year of firms being put to the test from an operational resilience standpoint, the FCA, PRA, and the Bank of England have released their updated operational resilience guidelines for financial institutions in a post-pandemic world. The FCA, PRA, and the Bank of England continue to display the importance of operational and financial resilience in an evolving world that was accelerated by a global pandemic situation. As financial firms begin to scan and implement new rules to meet guidelines, executive boards and officers will be performing stress tests on current business continuity plans and identifying further vulnerabilities within their organization.
The FCA and Bank of England operational guidelines focus heavily on the new expectations for financial firms to achieve optimal operational resilience. The PRA operational resilience guidelines focused on how to properly outsource and vet third-party risk management firms that are going to have their phones ringing as the rollout of the guidelines begins.
Who Is Being Affected?
The new guidelines and regulations will affect the operational resilience and outsourcing practices of financial institutions in the UK. These financial firms include banks, wealth management firms, payment processing firms, insurance firms, and much more. Certain firms may be regulated by both FCA and PRA’s new guidelines depending on whether their risk management and business continuity plans are outsourced or not.
What Are The Major New Rules & Guidelines?
The operational resilience guidelines require all firms to stress test all their business services against disasters and crises. Each business service needs a tolerance identifier that states how much the business service can handle and how it will handle an emergency situation. The tolerance identifier is described as the maximum tolerable level to continue operations. This will be measured by time and efficiency.
The operational resilience guidelines describe how comprehensive strategies, processes, and systems need to be in place that helps them comply with the new guidelines. These comprehensive solutions are to show regulators that plans are in place in case emergencies happen as well as self-assessments are being conducted to check for vulnerabilities within the organization.
The operational resilience guidelines, more specifically the PRA operational resilience guidelines describe how to go about outsourcing risk management professionals to meet new regulations. These guidelines describe how to go about the outsourcing process and how much your organization should still have a hand in what goes on to a degree. On top of this, the guidelines describe how to vet potential third-party risk management vendors to be sure they can be there when you need them most.