Since the FCA issued CP 19/32 in December 2019, the FCA has been working in conjunction with the PRA to develop the UK regulators’ thinking on how regulated firms should develop their operational resilience infrastructure to make the whole Financial Services sector more resilient.
The culmination of this work was the publication in March 2021 of the Policy Statement (PS) 21/3 in which the FCA set out their more formal policy framework, building on their previous consultation paper and the responses thereto.
The over-riding expectation of the FCA in implementing PS 21/3 is for firms and the financial sector, as a whole, to optimise the prevention, adaptation and response to, recovery and learning points from operational disruption. Through improvements to firms’ operational resilience, they expect harm to consumers and risk to market integrity caused through disruption to be minimised.
Please note that at this stage the FCA’s Operational Resilience obligations will not affect the whole Financial Services sector. It will, however, affect firms operating in the following categories:
- Banks
- Building Societies
- Dual regulated Investment Firms (ie both PRA and FCA – approx. 100 UK firms);
- Insurance Companies (NB not brokers);
- Recognised Investment Exchanges;
- Enhanced Scope SM & CR Investment Firms;
- Firms regulated under PSD2; and
- Firms regulated under the Electronic Money Regulations
By the 31st March 2022, ie 12 months from the publication of PS 21/3, all firms which fall into one of the categories listed in the bullet point list above are required to have undertaken the following steps:
a) identified their important business services;
b) set impact tolerances for the maximum tolerable disruption; and
c) carried out mapping and testing to a level of sophistication necessary to do so.
Furthermore, firms must also have identified any vulnerabilities in their operational resilience.
It is entirely feasible that some of the firms which are captured by these requirements will either be oblivious of the timescales to undertake steps a) to c) above or have not as yet started the process to ensure timely compliance with the short dated deadline or are part way through but have hit some roadblocks.
The Q & A session
Philip Buckingham, managing director at Laven Partners, had a Q&A session with Kelvin Ceberg from KA2 to talk about how firms need to think about Operational Resilience and some of the steps they may wish to take to comply with their obligations by the 31st March 2022.
Watch the Q&A session below:
How we can help your firm
MPAC Limited (part of the Laven Group), working in close collaboration with its technical partner, KA2 Limited, is well placed to assist and advise any firms which are captured by the obligations have not yet started the compliance process. Alternatively, we can assist and advise firms which are part way through the process and are struggling to understand whether they are on the right path or how they will be able to complete these first steps on time.
For firms which find themselves in any of these categories, we can assist you to understand what thought processes and actions steps are required to take between now and end of March. In the event that the firm’s senior executive management as a whole are behind the curve in understanding conceptually what operational resilience means for firms operating in the financial services sector and what steps firms’ governing bodies need to take both before and after the 31st March deadline, we would welcome the opportunity to deliver a two hour firm specific workshop to facilitate that understanding across the firm from a practitioners’ perspective. Alternatively, we can deliver bespoke assistance to enable firms to achieve compliance with their obligations before the March deadline and thereafter in a targeted project.