The latest resilience news from around the world

PRA sets out future steps for operational resilience regulation

Details
Published: Friday, 05 May 2023 09:32

In its recently published ‘Prudential Regulation Authority Business Plan 2023/24’, the UK PRA has set out its plans for regulating operational resilience and related areas through the 2023-2024 period.

Key points from the business plan in this area include:

  • The FCA’s, the Bank of England’s and the PRA’s operational resilience policies came into force in March 2022. Firms should have now identified important business services and set impact tolerances, and commenced a programme of scenario testing. The PRA has conducted an initial assessment of firms’ implementation of the policy and provided feedback of the results. In 2023, the PRA will work closely with the FCA to assess firms’ progress, with a particular focus on their ability to deliver important business services within impact tolerances through severe but plausible scenarios within a reasonable time frame and by no later than March 2025. Ensuring a more consistent approach in policy implementation will also be a key focus during 2023.
  • The PRA will continue to monitor threats to firms’ resilience, including their growing dependency on third parties. The FSM Bill, currently going through Parliament, will give HMT the ability to designate certain third party service providers as ‘critical’ following consultation with the Bank, the PRA and the FCA (supervisory authorities). The Bill will also give the supervisory authorities new powers to oversee the services provided by critical third parties (CTPs) to regulated firms. In 2022 the PRA and the FCA published a joint discussion paper on how these proposed powers could be used to assess and strengthen the resilience of services provided by CTPs to firms and FMIs, thereby reducing the risk of systemic disruption. The PRA will continue to work with HMT to develop the policy and oversight approach in 2023.
  • The PRA will continue to monitor and assess firms’ ability to manage cyber threats. The PRA will collaborate with the FCA, including in response to known technology and cyber incidents, and will continue to monitor and engage with firms on their execution of large and complex IT change programmes. The FPC’s recent cyber stress test has broadened the PRA’s understanding of how operational disruptions such as cyber attacks may impact financial stability. Throughout 2023 the PRA will continue to deliver this work through a broad range of industry, sector focussed and international engagement including the Authorities Response Framework, the Cross Market Business Continuity Group, the Cross Market Operational Resilience Group and the G7 Cyber Expert Group. This will focus on strengthening the sector’s resilience capabilities and its ability to respond to an operational disruption.

Read the PRA’s business plan.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

The Hunt for Hidden Risks
The Impact Tolerance Guide

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.