The latest resilience news from around the world

In a letter sent to Chief Executive Officers of PRA-regulated international banks active in the UK, the PRA set out key aspects of its regulatory expectations when it comes to operational risk and resilience. 

 Key points from the letter include: 

  • Enhancing the operational resilience of the financial sector remains a strategic priority for the PRA.  
  • The PRA will continue to assess firms’ progress in developing dynamic, effective operational risk and control frameworks to manage the threat of operational disruptions.  
  • The PRA expects firms to develop their security controls and capabilities to manage the increasing risk of cyber threats, as set out in Supervisory Statement (SS) 1/21.3 The PRA encourages all firms, regardless of size, to test their resilience against such threats. 
  • By Thursday 31 March 2022, firms must have identified and mapped their important business services; set impact tolerances for these; and initiated a programme of scenario testing.  
  • Impact tolerances provide a standard which boards and senior management should use for prioritising investment and making recovery and response arrangements. The PRA will continue to review firms’ programmes and their implementation.  
  • The PRA also expects third country branches in the UK to be able to demonstrate how they will deliver operationally-resilient outcomes.  
  • The PRA has observed a material increase in the services being outsourced, particularly to cloud providers, and it expects firms to manage the risk arising from this accordingly. Firms should maintain an updated register of their outsourcing arrangements and should also ensure their important business services can remain within impact tolerances even when they rely on outsourcing or on third party providers. 

Read the complete letter (PDF). 


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.