The Bank of England, Prudential Regulation Authority and Financial Conduct Authority this morning published a shared policy summary and coordinated consultation papers on new requirements to strengthen operational resilience in financial services.

Building on the concepts set out in the operational resilience Discussion Paper and addressing many of the suggestions from the previous consultation, the proposals cement the expectation placed on firms to take ownership of their operational resilience, and to "prioritise plans and investment choices based on their impacts on the public interest".

If disruption does occur, firms are expected to communicate clearly, for example providing customers with advice about alternative means of accessing the service.

FCA chief executive, Andrew Bailey said: "It is in the public interest that a resilient financial system is able to supply the most important services with minimal interruption even during severe operational events. The proposed new requirements are aimed at achieving this outcome.

"Disruptive events can have a high impact on consumers and businesses so firms and FMIs need to know where the risks to their service delivery lie and to make sure that they are prepared for any service disruption by testing their planned response."

Deputy governor for financial stability, Jon Cunliffe added: ‘FMIs, both wholesale and retail, lay at the heart of the financial sector. They are the plumbing that allow the financial system to operate. The safe and resilient operation of FMIs is therefore crucial to the Bank’s financial stability objective. FMIs need to consider not only what steps they need to take to minimise operational disruption, but also how quickly they can recover from any operational disruption.’

Under the proposals, the three supervisory authorities expect firms to:

-identify their important business services that if disrupted could cause harm to consumers or market integrity, threaten the viability of firms or cause instability in the financial system

-set impact tolerances for each important business service, which would quantify the
maximum tolerable level of disruption they would tolerate

-identify and document the people, processes, technology, facilities and information that support their important business services

-take actions to be able to remain within their impact tolerances through a range of severe but plausible disruption scenarios

At the same time, the PRA has published a CP on outsourcing and third-party risk management, as part of a commitment to facilitate greater resilience and adoption of the cloud and other new technologies, as set out in the Bank’s response to the Future of Finance report. This serves to reinforces the watchdog's expectation that firms should ensure that their important business services are able remain within their impact tolerances even when they rely on outsourcing or third party providers.

The consultation period closes on 3rd April 2020.

Share Story: