Foreword
By Lyndon Nelson, Deputy CEO & Executive Director, Supervisory Risk Specialist and Regulatory Operations. Prudential Regulation Authority (PRA) and Stephen Jones, CEO UK Finance
A sustained and widespread operational disruption is one of the most significant challenges faced by the UK Finance Sector. For many years the UK Financial Authorities1 and the Sector have been testing our response in such events. Operational disruption can be triggered by a variety of causes. Last year we chose a prolonged and broad cyber attack. After many months of preparation, the 2018 sector wide exercise (SIMEX18) took place on 9 November 2018.
Following the live simulation exercise day which took place in real-time, participants were also asked to complete an additional ‘slow time’ post exercise activity. This activity explored the challenges and impacts, to participant firms and the wider sector, resulting from a protracted operational outage of a Global Systemically Important Bank (GSIB). The events of the exercise day, including participant feedback, and findings from the post exercise assessment have been reviewed and summarised in this report.
The exercise successfully rehearsed the work of the Cross Market Business Continuity Group (CMBCG) a key coordination group of the Sector and the Authorities. The exercise demonstrated the sector's ability to respond to a dynamic and challenging disruption scenario. We know from experience that effective communication with customers is vital in any disruption. SIMEX18 proved the sector's ability to co-ordinate collective external communications through the UK Finance incident management communications process. In doing so, the exercise demonstrated that improvements identified during the last sector exercise (SIMEX16) had been implemented, resulting in better co-ordination of external communications overall. It also proved once again the importance of the public and private sectors working together to deliver a continuous exercise programme, helping to drive improvement.
The themes outlined in this report represent the feedback and views of participants, the exercise control team, financial authorities and industry. Recommendations made associated with the themes outline resilience improvements that will deliver value to the sector as a whole. The report does not include lessons learned or action plans for any specific participant organisation, it is expected that organisations will manage these post exercise activities internally.
As with previous exercises, SIMEX18 was organised in close partnership with the sector. We are very aware of the resource commitment required to make these exercises a success and therefore would like to offer our thanks and appreciation to all those who contributed to its success. This commitment, of course, goes beyond the exercise itself and onto implementing the lessons learned. The goal being nothing less than the improved resilience of the UK finance sector to operational disruption.
1 Bank of England, including the Prudential Regulation Authority (PRA), Financial Conduct Authority (FCA) and Her Majesty’s Treasury (HMT)