Strengthening operational resilience in the financial sector

In today's rapidly evolving business landscape, the need for operational resilience has never been more critical. Disruptions, whether they are caused by cyber threats, regulatory changes or natural disasters, can have far-reaching consequences for organisations. The key is for businesses to be aware of these risks and map out their current resilience against these risks including the ability to withstand & recover from these disruptions. This needs to be followed up by actions to uplift operational resilience where gaps are identified. A comprehensive program for Operational Resilience will help your business assess the risk, plan uplifts and execute a program to improve resilience across your application and infrastructure landscape.

Key Drivers to Embark on an Operational Resilience Program

Operational resilience is driven by multiple factors that an organisation must consider to anticipate, adapt and recover from disruptions.
The key among them are:

Regulatory Requirement
  • Regulators are demanding improved resilience for essential services.
  • Key regulations to hold organisation accountable for service disruptions.
  • DORA (European Union) & PS21/3 (FCA) regulatory frameworks to uplift Operational Resilience.

Volume & Impact of Incidents
  • Proactively monitor and reduce failures that result in significant degradation of a service.
  • Reduce the impact to customers due to non-availability of services.

Business Continuity Planning
  • Improve ability to operate all critical processes in spite of service disruptions.
  • Business processes and services should be resilient enough to minimise potential impact to operations.

The current focus by the regulators to improve the resilience of the financial sector is primarily driven by the increased reliance on technology, the cybersecurity threats and reliance on third party technology suppliers to deliver these services. This can be seen by the Digital Operational Resilience Act (DORA - Regulation (EU) 2022/2554) by the European Union and Policy Statement (PS 21/3) by the FCA introduced to reduce disruptions in the financial sector, and in turn mitigate the impact on other sectors of the economy.

There are other drivers such as technology modernisation, stakeholder management and risk & maturity assessment that can have a positive impact as a result of these assessments to improve operational resilience.

Outcomes and Impact Areas

Increasing the Operational resilience can have impacts that reach across other functions of an organisation. These highlight the significance of building and maintaining resilience capabilities to ensure business continuity and mitigate the effects of disruptions. The key impact areas are:

  • Improve reputational outlook of an Organisation
  • Regulatory Compliance
  • Strengthen Stakeholder Management
  • Creation and Validation of EA Artefacts
  • Minimise impact to customers
  • Improve Service Availability

As seen from the impact areas listed above, a well-run operational resilience program brings huge positive impact to various aspects of an organisation's operations from service delivery and financial stability to reputation management and stakeholder relationships. It can work as an effective risk management tool to mitigate exposure to various operational and service risks and build a resilient organisation in an increasingly complex and unpredictable business environment.

The Affinity Reply Approach to Operational Resilience

The key to running an effective program to improve operational resilience is to have a well-rounded approach to understand the unique challenges faced by your organisations to bring in operational resilience to key business functions. The value proposition for operational resilience should be centred the key pillars listed below, along with tailored solutions tailored to meet each organisation's specific needs:

Prove value fast and establish repeatability: Assess a small number of critical business units to manage scope, establish a robust repeatable process, and generate deliverables that become a blueprint for a repeatable process for the organisation.
Holistic Assessment: Conduct thorough assessments to identify risks and issues for services that support critical business functions. This is followed by a set of customised remediation actions to address challenges that are unique to these services. The key focus is to get ahead of the curve in identifying a potential disruption to service and reduce their impact to your operations.
Establish Resilient Infrastructure: Help build a robust infrastructure and IT systems that are resilient to disruptions, ensuring continuous availability of services to customers.
Ongoing Support and Optimisation: Continuous support and optimisation of services to help organisations enhance their resilience capabilities and stay ahead of emerging threats.
Creation of key standards for both internal and external vendors: Creation of best practices for organisation governance and technology services. Look to learn from technology leaders and industry best practices.

Improving operational resilience (OpRes) is not only a strategic advantage but also necessity in today's volatile business environment. Some of the recent drivers to look into OpRes has come from regulatory requirements like DORA by the EU and PS21/3 from the FCA. But we urge organisations to not look at OpRes just as a regulatory ask, but as an opportunity for them to get ahead of the curve in dealing with potential disruptions. The time and money spent in dealing with even low impact incidents quickly adds up for organisations.

An OpRes program should help implement industry leading technology solutions, patterns and products in your organisation . By proactively addressing risks through comprehensive assessments, robust infrastructure, and continuous optimisation, organisations can safeguard their operations and maintain service continuity. A good start point is to build a robust framework that helps to create a comprehensive view of business process, their underlying services and the technology roadmap supporting them.

Another key takeaway is to look beyond the regulatory deadlines and establish a self-serving process that looks at continuous improvement. OpRes is an ongoing activity and the key is to establish the right building blocks that we have discussed in this article for successful outcomes.
  • strip-0

    AFFINITY REPLY

    Affinity Reply are Architecture, Design & Data advisory specialists who accelerate clients to realise new digital capabilities, drive business change and unlock Next Gen Architecture.

CONTACT US