Business Advisory

UK financial services firms must strengthen operational resilience by 31/03/2022

By April 8, 2021 May 24th, 2021 No Comments

The Forty-somethings and older will remember the days of handing over a few gold coloured coins (the pound coin to be specific) to the barman at a favoured local pub in exchange for that first relaxing drink on a Friday evening.  These days, the tap of a plastic card or smartwatch on a PDQ machine, or the scan of a fingerprint/ face on a smartphone, performs the same transaction and it is certainly a lot more convenient than carrying around than a pocketful of coins. Similarly, buying a car, holiday, home insurance, grocery shopping, etc. can now all be performed easily online with a multitude of payment facilities and options. There is no doubt that the way we make financial transactions for the things that we need and want has evolved at an incredible rate over the past couple of decades.

The same cannot be said to the same degree for financial service companies themselves, this sector (which is responsible for 7% of GDP in the UK) has for decades been a heavily regulated industry with entrenched bureaucracy not only being considered the norm but more of a requirement. Very much the opposite of the ‘agile management’ philosophies that are utilised in the high-tech start-ups that have appeared all over the world since the advent of high-speed internet. And while management of money (both corporate and personal) is considered by most people to be far more important than the management of photograph’s online – and so due respect must be given to the former – this does not necessarily mean that the companies responsible cannot move with the times to improve their business processes and maximise their efficiencies.

London is the 2nd biggest financial centre in the world
london financial centre

In fact, poll’s of such firms are showing the result that many employees are desperate for change, keen to be able to respond more rapidly to unseen incidents such as the Covid-19 pandemic and also to be able to keep pace with new financial services technologies such as the app-based challenger banks that have emerged over the last few years and crypto-currencies and NFTs that are seeping into popular culture.

You need only need to look back on the previous decade to see enough major banking failures – largely caused by legacy IT systems being upgraded without the required foresight and planning – to realise that the financial services sector has not given the subject of operational resilience the attention that it deserves.  Just a few examples of such incidents are:

• 2013 – RBS suffered a technological banking glitch leaving millions of shoppers unable to pay online during the busiest shopping day of the year.
• 2016 – IT failure at HSBC led to 275,000 payments not being processed by the bank’s BACS system.
• 2018 – TSB’s new IT system caused 1.9 million people to lose access to online banking services.

It is perhaps timely then that the Financial Conduct Authority (FCA), in conjunction with the Bank of England and the Prudential Regulation Authority (PRA) have developed new rules and guidance to improve the operational resilience of the UK financial sector.

The FCA has stated that by 31 March 2022, firms must have:

  1. identified their important business services,
  2. set impact tolerances for the maximum tolerable disruption and,
  3. carried out mapping and testing to a level of sophistication necessary to do so.
  4. Firms must also have identified any vulnerabilities in their operational resilience.

Subsequently, as soon afterwards as practicable but no later than 31 March 2025, firms must have “performed mapping and testing so that they are able to remain within impact tolerances for each important business service”.

This is underpinned by a requirement to make appropriate and necessary investments to enable firms to consistently operate within their impact tolerances.

The FCA requirements highlighted above can be addressed through the implementation of a Business Continuity Management System such as ISO 22301. Furthermore, factoring in the inherent requirement for continuous improvement (Plan-Do-Check-Act methodology) ISO standards when implemented in the spirit intended can also accelerate change and progression.

Vassallo Associates offer a free, no-obligation consultation to discuss the implementation of such a system into your organisation and meet the FCA requirements. Contact us today to arrange a time that suits you.

× Chat with us