FIN.

BoE speech on building operational resilience

Duncan Mackinnon, BoE Executive Director for Supervisory Risk Specialists, has delivered a speech on operational resilience.

Mr Mackinnon considered the PRA’s expectations of firms in their implementation of the operational resilience framework ahead of the March 2025 deadline, by which time firms will have to provide assurance that they are resilient to disruption of their important business services, within agreed impact tolerances.

Among other things, he discussed:

  • Scenario testing. Mr Mackinnon explained that the PRA expects firms should, among other things, assume disruption has occurred, include data integrity scenarios and incorporate third party disruption. Scenarios should also consider factors beyond the firm’s control and ask what might happen if back-up arrangements do not function as anticipated.
  • Building resilience. The PRA’s focus is on whether firms can achieve the policy’s ultimate outcome and remain within impact tolerances, rather than the methods firms use to build this resilience.
  • Embedding resilience. The PRA expects resilience to be embedded in the way firms do business and for it to become a major consideration in their investment programmes. Mr Mackinnon notes that firms’ processes for existing requirements, such as their disaster recovery and business continuity testing, could be used as part of the implementation of operational resilience policy.
The BoE, the PRA, the FCA and HM Treasury are working together to develop measures to manage the systemic risks posed by critical third parties (CTPs) to UK financial institutions, including cloud service providers. They also intend to publish a joint discussion paper in 2022 to inform future regulatory proposals relating to CTPs, particularly on technically complex areas such as resilience testing.

 

 

 

FIN. Team