Today the Bank of England, Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) have published a joint discussion paper (DP) on an approach to improve the operational resilience of firms and financial market infrastructures (FMIs). It envisages that boards and senior management can achieve better standards of operational resilience through increased focus on setting, monitoring and testing specific impact tolerances for key business services, which define the amount of disruption that could be tolerated.
The challenges for operational resilience have become even more demanding given a hostile cyber environment and large scale technological changes. As recent disruptive events illustrate, operational resilience is a vital part of protecting the UK’s financial system, institutions and consumers.
An operational disruption such as one caused by a cyber attack, failed outsourcing or technological change could impact financial stability by: posing a risk to the supply of vital services on which the real economy depends; threatening the viability of individual firms and FMIs; and causing harm to consumers and other market participants in the financial system. This DP focuses on how the provision of these products and services can be maintained within reasonable tolerances regardless of the cause of disruption. It reinforces the need for firms and FMIs to develop and improve response capabilities so that any wider impact of disruptive events is contained. The speed and effectiveness of communication with the people and institutions most affected, in particular customers, should be at the forefront of every firm’s response.