Bank of England, PRA and FCA look to bolster operational resilience in finance sector

The Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) have published a shared policy summary and co-ordinated consultation papers on new requirements designed to strengthen operational resilience in the financial services sector.

Building the operational resilience of firms and financial market infrastructures (FMIs) is a shared priority for the three supervisory authorities. The co-ordinated consultation papers build on the concepts set out in the operational resilience discussion paper published by the authorities last year, addressing many of the proposed policy changes based on the responses received.

The policy proposals make it clear that firms and FMIs are expected to take ownership of their operational resilience and that they will need to prioritise plans and investment choices based on their impacts on the
public interest. If disruption occurs, firms are expected to communicate clearly, for example by providing customers with advice about alternative means of accessing the service.

Under the proposals, firms and FMIs would be expected to:

*identify their important business services that, if disrupted, could cause harm to consumers or market integrity, threaten the viability of firms or cause instability in the financial system

*set impact tolerances for each important business service, duly quantifying the maximum tolerable level of disruption they would tolerate

*identify and document the people, processes, technology, facilities and information that support their important business services

*take actions to be able to remain within their impact tolerances through a range of severe, but plausible disruption scenarios

Resilient financial system

Andrew Bailey, CEO at the FCA, said: “It’s in the public interest that a resilient financial system is able to supply the most important services with minimal interruption even during severe operational events. The proposed new requirements are aimed at achieving this outcome. Disruptive events can have a high impact on consumers and businesses so firms and FMIs need to know where the risks to their service delivery lie and make sure that they’re prepared for any service disruption by testing their planned response.”

Sam Woods, CEO of the PRA and deputy governor for Prudential Regulation, stated: “Operational resilience is a vital part of firms’ safety and soundness, and indeed has become an important priority for the PRA. This consultation marks the next stage of integrating operational resilience into our regulatory framework. Alongside this, our proposals on outsourcing and the cloud will steer firms to be resilient in their adoption of new technologies.”

Jon Cunliffe, deputy governor for financial stability, commented: “FMIs, both wholesale and retail, lay at the heart of the financial sector. They are the plumbing that allow the financial system to operate. The safe and resilient operation of FMIs is therefore crucial to The Bank of England’s financial stability objective. FMIs need to consider not only what steps they need to take to minimise operational disruption, but also how quickly they can recover from any operational disruption.”

To complement the policy proposals on operational resilience, the PRA has published a consultation paper on ‘Outsourcing and Third Party Risk Management’. The objectives of this consultation* are to deliver on The Bank of England’s commitment to “facilitate greater resilience and adoption of the cloud and other new technologies”, as set out in its response to the ‘Future of Finance’ report, and to support the proposals on operational resilience. It reinforces the PRA’s expectation that firms should ensure their important business services are able to remain within their impact tolerances even when they rely on outsourcing or third party providers.

The FCA’s consultation paper on operational resilience also contains a chapter on outsourcing.

*The consultation period closes on 3 April 2020

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts