The Bank of England, Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) have published a joint discussion paper on an approach to improve the operational resilience of firms and financial market infrastructures (FMIs). It envisages that boards and senior management can achieve better standards of operational resilience through increased focus on setting, monitoring and testing specific impact tolerances for key business services, which define the amount of disruption that could be tolerated.
The regulators say that the challenges for operational resilience have become more demanding given a hostile cyber environment and large scale technological changes.
The discussion paper reinforces the need for firms and FMIs to develop and improve response capabilities so that any wider impact of disruptive events is contained. The speed and effectiveness of communication with the people and institutions most affected, in particular customers, should be at the forefront of every firm’s response.
A number of important concepts are highlighted in the report, including:
- Focussing on the continuity of the most important business services as an essential component of managing operational resilience;
- Setting board-approved impact tolerances which quantify the level of disruption that could be tolerated;
- Planning on the assumption that disruption will occur as well as seeking to prevent it.
Responses to questions posed in the discussion paper are encouraged from all types of firms and FMIs, trade associations, consumer bodies, individuals and businesses as users of financial services, and especially those who have suffered harm from disruptive events.
The discussion period ends on 5th October 2018.
Read the paper (PDF).