Operational Resilience Update - Mapping and 3rd Parties

Under Operational Resilience, firms must identify and document the people, processes, technology, facilities, and information essential for delivering important business services, including any third-party relationships that could affect impact tolerance.

As the mapping of resources and processes evolves, firms will gain a better understanding of the dependencies and interconnectivity needed for service delivery. If a third-party provider fails to meet impact tolerance, firms still have the responsibility for that failure. Therefore, it is important that firms actively manage relationships with third parties to ensure their resilience. Detailed mapping should help identify vulnerabilities that could cause breaches in impact tolerance during operational disruptions. This comprehensive approach ensures that firms remain within impact tolerance by recognising and mitigating potential risks from third-party dependencies and other critical resources.

Asset Managers may even feel that some of their third-party arrangements do not allow them to meet their own operational resilience requirements and will need to change the relationship. This may be one area where time is running out for 31^st May, especially if contractual issues with third parties must be negotiated.