Operational Resilience FCA PS21/3 and PRA PS6/21 … Why ...
文章推薦指數: 80 %
Operational Resilience, FCA PS21/3 and PRA PS6/21…Why it is not just BI. Paul Greenhalgh and Robert Simpson January 6, 2022. operational resilience fca.
Home>Blog>OperationalResilience,FCAPS21/3andPRAPS6/21…WhyitisnotjustBI
Blog
OperationalResilience,FCAPS21/3andPRAPS6/21…WhyitisnotjustBI
PaulGreenhalghandRobertSimpson
January6,2022
Somefirmsmistakenlyconcludethatreportingontheirbusinesscontinuityactivitiesusingtheregulator’sparlanceissufficient.Itisnot.
Inreality,theobligationsthatthepolicystatementsdescribeareconsiderablyfurtherreaching,detailingthenecessityforastep-changeinafirm’sapproachtoensuringoperationalresilience.Theyexplaintheneedtotranslatethefiveinterventionstepsdescribedinthepolicystatements(prepare,detect,respond,recoverandadapt)tosolutiondesignprinciplesandthenidentifyareasofstrategicandoperationalimportanceforfutureinvestmentandimprovement.Servicesneedtobeidentifiedandmappedtoprocessesandresources.Customer,firmandmarketimpacttolerancesneedtobesetandplausibledisruptionscenariosdefinedandtested.
Toachievealloftheseaviewofthefirm’swiderresourceecosystemisneeded.Itisessentialthatanup-to-dateholisticviewofthefirmsoveralloperationalresiliencehealthisreadilyaccessibletoallkeystakeholders,allofthetime.Improvedoversightoftheentirerangeofresourcetypesandthetimelydetectionofresourcevulnerabilitiesiskeytomakingsurethatthoseresponsibleforensuringtheoperationalresilienceofimportantbusinessserviceshavethedatatheyneed.
Traditionalbusinessintelligenceanddatavisualisationtoolsdoagreatjobofretroactivelyreportingontrendsandhelpingdiscoverpatternsofpastbehaviour.TheyareanessentialpartofafirmsreportingcapabilityandITecosystembuttheydonotdelivertheactionableinsightrequired,nordotheysupporttheworkflowsandprocessesrequired,tocontinuallyassureafirm’soperationalresilience.
Reportingthatincludesthedocumentationofworkflows,thedecision-makingprocessesandthecurationofevidenceisanotherareainwhichBItoolssimplyarenotabletoprovidethefunctionalityrequired.Theregulatorsmakeitclearthatafirmisexpectedtoshowevidenceofprocessessuchas:
Whyaserviceisconsideredtobeimportantorisnot?
Whyimpacttoleranceshavebeensetwheretheyhave?
Whichcriteriahavebeenused,why,andhowoftenhaveimportantservicesbeentestedagainstplausiblebusinessscenarios;inadditiontotheresultsofthetesting.
TheIBSreassessments,thelogicused;opinionsofstakeholders;justificationsandtheindividualsresponsible.
Whyinvestmentdecisionshavebeentaken,whyandwhattheywilldelivertowardstheaimofimprovingthefirm’soperatingresilience.
TheFCA’sandPRA’sBuildingOperationalResiliencePolicyStatements21/3&6/21describetheneedforfirmsto:
Identifyimportantbusinessservicesanddetermineappropriateimpacttolerances.
Identifyanddocumentthenecessarypeople,processes,technology,facilitiesandresourcesrequiredtodelivertheimportantbusinessservices.
Usescenariosandlearningtodetermineifservicesareresilientagainstdefinedimpacttolerances.
AsolutionwiththeFCA/PRA’spolicystatement/satitsheartisneeded,ratherthantryingtoretrofittherequirementsandrepurposingexistingBIsolutions.ThesolutionneedstobefocusedontranslationofthefiveinterventionstepsdescribedinBuildingOperationalResiliencePS21/3and6/21tokeysolutiondesignprinciples.Thiswillallowfirmstobetterprioritiseareasofstrategicandoperationalimportanceforinvestment.Itmustbecomprehensiveandallowfirmstoidentifyandmapallservices,processesandresources.Customer,firmandmarketimpacttolerancesthenneedtobesetandplausibledisruptionscenariosdefinedandtested.Thesolutionmustsupportalloftheseelements,endtoend.Finally,thesolutionmustbeconnectedasitmustintegratewiththewiderITecosystemtoenablethedetectionofresourcevulnerabilitiesanddelivertheholisticoversightofafirm’soperationalresiliencethatisdemanded.
CorporaterOperationalResilienceSolution
Corporater’sOperationalResiliencesoftwaresolution’soutoftheboxfunctionalityallowsfirmstoprepare,detect,respond,recoverandadapttodisruptionstoimportantbusinessservices.
FormoreinformationseeCorporaterOperationalResilienceSolution.
Interestedtoseeademo?Contactus.
OperationalResilienceintheUKfinancialsector:FrequentlyAskedQuestions
LearnmoreaboutOperationalResilienceintheUKfinancialsector.ClickheretoaccessOperationalResilienceFAQsansweredbyourspecialistsontheimplications,practiceandimplementationoftheoperationalresilienceframeworkintheUK.
PopularBlogs
AdvantagesvsBenefitsofRiskManagement
Readmore>
TenBenefitsOfUsingTechnologyinStrategyManagement
Readmore>
WhatisGRC(Governance,RiskandCompliance)?
Readmore>
KPIismorethananumber.ItisaStory!
Readmore>
OperationalResiliencevsBusinessContinuity:AComparison
Readmore>
Tags
BusinessContinuityManagement
BusinessIntelligence
ComplianceManagement
OperationalResilience
PerformanceManagement
延伸文章資訊
- 1Operational Resilience for the Financial Services sector - Inoni
We provide an end to end consulting service for the implementation and ongoing management of PS6/...
- 2Prudential Regulation Authority publishes PS6/21 and PS7/21
SS 1/21 sets out the PRA's expectations for the operational resilience of firms' important busine...
- 3UK authorities finalise operational resilience approach - PwC
Central Counterparties. Central Security Depositories. Recognised Payment. System Operators and. ...
- 4PS21/3 Building operational resilience | FCA
We've set out our final rules and guidance on new requirements to strengthen operational resilien...
- 5PRA BOE Operational Resilience: Impact tolerances for ...
PRA BOE Operational Resilience: Impact tolerances for important business services PS6/21 · identi...