Finance sector must resolve to tackle growing threats posed to operational resilience

How firms deal with the growing number of operational threats, how they prevent or recover from them and how they protect customers will be critical to maintaining their reputation, future competitiveness and long-term sustainability. That’s according to new report issued by TheCityUK and PwC.

These threats range from cyber crime, climate change and complex and interconnected supply chains through to technological innovation and ageing legacy systems. Increasingly, those challenges are becoming inevitabilities rather than possibilities.

The report, entitled ‘Operational Resilience in Financial Services: Time to Act’, notes that although UK-based institutions are now financially resilient and able to meet the most stringent of financial stress tests, their operational resilience faces a range of threats.

However, financial services firms and regulators are well placed to boost operational resilience and support businesses facing operational difficulties. The positive impacts of doing so are significant. They include more sustainable performance, leadership in the global context and a boost to confidence, reputation and the ability to attract investment into UK plc.

Operational resilience

Miles Celic, CEO of TheCityUK, said: “Operational resilience isn’t a choice. Rather, it’s a commercial imperative. Thousands of businesses and millions of customers rely on the financial services industry to save, borrow, purchase products and services and to go about their everyday activities with the expectation that everything will always work smoothly. Firms that maintain safety and efficiency through a crisis will have a clear commercial advantage and be more sustainable over the longer term. Those who don’t might not last very long.”

Celic went on to state: “Operational resilience cannot be achieved in isolation. There must be cross-sector collaboration to support resilience as well as close engagement with, and indeed action from, the regulators. Given the UK’s position as a global hub for finance, there must also be global consistency and co-operation. Any business is only as strong as its weakest link. Poor operational resilience in the supply chain can have dire consequences for all other component parts.”

Simon Chard, financial services partner at PwC, commented: “Technological advances are a double-edged sword for the industry as consumers and businesses demand more tailored, more efficient and more secure technology. The upsides of automation and Artificial Intelligence can be offset by firms’ vulnerability to attacks, system outages or simple human error. Current market conditions mean that the risk and potential impact of these events is growing.”

In conclusion, Chard stated: “The firms best positioned to deal with potential issues are recognising that the speed of technological innovation and the rapid adoption of relatively untested technologies is increasing business risk. The cost of ensuring operational resilience is actually relatively small compared to financial resilience and conduct demands. However, it brings with it significant opportunities for firms and the wider UK economy.”

Recommendations for industry and regulators

TheCityUK and PwC make a number of recommendations for industry and regulators to become operationally resilient, duly focusing on the following core areas:

Innovation and technological change Firms must review their approach to change and adapt their risk frameworks, governance and strategy to keep pace with innovation. They must prioritise the resilience of key services, building this into strategy and business plans

Good governance Good quality, future-looking management and information are essential. Culture has a key role to play and operational resilience should be built into management development programmes. Transparency on the potential threats, as well as clear lines of accountability and collective responsibility, will be key

Regulators UK regulators should continue to take a leading role in driving global standards on operational resilience. They will need to enhance capacity by expanding their skills and experience, while also providing greater clarity to firms on what they need to do

Connectedness Regulators should seek to map the sector to understand operational dependencies. The sector will need to work together to identify collective solutions to common challenges, integrating recovery and resolution arrangements where and when necessary. Working with technology providers, the industry should develop standardised support frameworks for key infrastructure services

TheCityUK and PwC have also identified five core areas of risk pertaining to a firm’s operational resilience:

Cyber crime Cyber attack is consistently cited as the single most urgent concern among senior industry executives. Attacks are going deeper and becoming more sophisticated, with attackers using more complex strategies and focusing on the most valuable targets

Climate change Climate-related risks have the potential to cause significant disruption and reputational damage. Physical risk can arise from extreme weather events such as storms, floods and heatwaves, as well as longer-term changes such as gradual increases in temperatures and rising sea levels. Transition risks such as changing market sentiment, or the gradual move towards a lower-carbon economy, will entail extensive policy, legal, technology and market evolutions to which the industry must adapt

Technological innovation Firms must make sure that data is available, accurate and confidential. They must also comply with an ever-growing roster of cyber and privacy regulations

Rising connectedness Whatever their cause, outages can lead to significant operational breakdowns, while increasing connectedness raises the chance – and the potential impact – of a systemic event

Managing change Business model evolution, IT infrastructure renewal and the changing competitive and regulatory landscape all pose challenges to a business’ ability to operate

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts