Over 1 Year In - How are you getting on with Operational Resilience?

The Financial Conduct Authority (FCA) requires for firms to implement operational resilience plans by 31^st May 2022. As it stands, we are 1 year into a 3-year implementation period running from 31^st March 2022 to 31^st March 2025. By May 2023, firms should have made significant progress towards operational resilience and be ready to report where Impact Tolerances are exceeded.

Operational resilience refers to a firm's ability to withstand and adapt to disruptive events such as cyber-attacks, system failures, and other operational risks. Firms are expected to develop plans to identify their important business services, map out their supporting processes and systems, and develop strategies to ensure that these services can continue in the event of a disruption.

By now, firms should have completed their Self-Assessments and established their tolerance levels for disruption. Firms should have implemented appropriate controls and mitigation measures to address identified risks and be able to demonstrate their resilience to the FCA. In addition to these measures, firms should have established governance frameworks, reporting structures, and testing plans to ensure that their operational resilience plans are effective and continue to evolve over time.

During the transition period, firms should be developing the level of sophistication for Operational resilience, performing scenario testing and addressing identified vulnerabilities.

Overall, firms should have made significant progress towards operational resilience and be able to demonstrate to the FCA that they have a robust operational resilience framework in place. The exact level of progress required will depend on the size and complexity of the firm, as well as the nature of the services they provide.

So how is your firm doing against where they should be by now?

The important thing to recognise is that there is still time to catch up if you are behind but be careful of being tempted to leave your preparations until the end of the transition period. The FCA will expect that firms can demonstrate progress towards the Operational Resilience objectives, even though the final implementation date is still 2 years away.