The Bank of England (the Bank), Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) have today published a shared policy summary and co-ordinated consultation papers (CPs) on new requirements to strengthen operational resilience in the financial services sector.
Building the operational resilience of firms and Financial Market Infrastructures (FMIs) is a shared priority for the three supervisory authorities. The co-ordinated CPs build on the concepts set out in the operational resilience Discussion Paper published by the authorities last year, addressing many of the proposed policy changes based on the responses we received.
The policy proposals make it clear that firms and FMIs are expected to take ownership of their operational resilience and that they will need to prioritise plans and investment choices based on their impacts on the public interest. If disruption occurs firms are expected to communicate clearly, for example providing customers with advice about alternative means of accessing the service.
Under the proposals, firms and FMIs would be expected to:
- identify their important business services that if disrupted could cause harm to consumers or market integrity, threaten the viability of firms or cause instability in the financial system;
- set impact tolerances for each important business service, which quantify the maximum tolerable level of disruption they would tolerate;
- identify and document the people, processes, technology, facilities and information that support their important business services; and
- take actions to be able to remain within their impact tolerances through a range of severe but plausible disruption scenarios.
Andrew Bailey, FCA Chief Executive, said: “It is in the public interest that a resilient financial system is able to supply the most important services with minimal interruption even during severe operational events. The proposed new requirements are aimed at achieving this outcome.
“Disruptive events can have a high impact on consumers and businesses so firms and FMIs need to know where the risks to their service delivery lie and to make sure that they are prepared for any service disruption by testing their planned response.”
Sam Woods, CEO of the PRA and Deputy Governor for Prudential Regulation, said: “Operational resilience is a vital part of firms’ safety and soundness, and has become an important priority for the PRA. This consultation marks the next stage of integrating operational resilience into our regulatory framework. Alongside this, our proposals on outsourcing and the cloud will steer firms to be resilient in their adoption of new technologies.”
Jon Cunliffe, Deputy Governor for Financial Stability, said: “FMIs, both wholesale and retail, lay at the heart of the financial sector. They are the plumbing that allow the financial system to operate. The safe and resilient operation of FMIs is therefore crucial to the Bank’s financial stability objective. FMIs need to consider not only what steps they need to take to minimise operational disruption, but also how quickly they can recover from any operational disruption.”
To complement the policy proposals on operational resilience, the PRA has published a CP on ‘Outsourcing and third-party risk management’. The objectives of this consultation are to deliver on the Bank’s commitment to “facilitate greater resilience and adoption of the cloud and other new technologies”, as set out in the Bank’s response to the Future of Finance report, and to support the proposals on operational resilience. It reinforces the PRA’s expectation that firms should ensure that their important business services are able remain within their impact tolerances even when they rely on outsourcing or third party providers. The FCA’s Consultation Paper on operational resilience also contains a chapter on outsourcing.
The consultation period closes on 3 April 2020.