Our previous article discussed Scenario Testing. Now we turn our lens on building a resilient culture.
Operational Resilience – what now?
Most of the focus has been on developing methodologies and preparing documentation to meet the initial deadline. But attention is now shifting, with firms beginning to bring Operational Resilience to life. Practically, how can firms make this happen?
Bringing the paperwork to life
With the documents written, methodologies drafted and infrastructure in place, it’s time for firms to start, or continue, to embed a resilient culture throughout the organisation. Despite what the name suggests, this isn’t an “Operations” regulation. It is a firm-wide initiative that requires the engagement of everyone: the regulation is focused on operations in the widest sense, not just the administrative aspect. Every individual – from the Board to entry level staff – is integral and must play their part. But this is easier said than done.
- It’s not as simple as engaging ‘champions’ to drive involvement (although this is important).
- It’s about making resilience second nature.
- It’s about ensuring every business decision considers the impact on the firm’s resilience.
- And it’s thinking about prevention and recovery for customers and the market, not just a resource that keeps the coffee machine running.
Our 2022 Sionic Operational Resilience Market Insights Survey identified creating a resilient culture as a priority for firms, and very much a primary issue to be addressed. Of the firms surveyed, 53% agreed Operational Resilience was only partially understood throughout their organisation. Undoubtedly that will have increased in the interim, but firms need to have the building blocks in place to disseminate resiliency widely. For example, having a robust governance structure, with clear roles and responsibilities, and appropriate training in place that provides the foundation for embedding a resilient culture. But once these building blocks are in place, what next? After all, resiliency is not just about Operations. It’s about process, technology, information, people, facilities and third parties.
Organisations require robust policies and procedures across all these elements to support the resiliency of important business services. In our experience, a firm achieves this by:
- Driving accountability and empowerment across functions
- Bringing the regulation to life – ie what does it mean to each individual’s life?
- Demonstrating the tangible benefits
Driving accountability and empowerment across functions
Board accountability is a critical theme in the regulatory papers – and this accountability cannot be delegated. Boards cannot just be given outputs. It’s incumbent on the Board to understand the methodologies that underpin information, the decision-making that brought about the thinking and be sufficiently knowledgeable on the subject matter to be able to effectively challenge. Similar approaches will be required for Customer Duty when finalised. What we have seen work best is when Boards have been communicated with from the outset of programmes, actively engaged and driving the “tone from the top” enabling a level of participation through genuine empowerment and understanding.
Regular communications relating to Operational Resilience through tools and approaches relevant to each firm (such as town halls, lunch and learns, one-to-ones), all help to engage stakeholders and increase the relevance and realisation of the direct impact on an individual’s role, even if that role is ordinarily internal business facing.
Ensuring everyone understands the importance of their role will lead to increased engagement and start the process of embedding a resilient culture.
Bringing the regulation to life
Most regulation is ‘dry’, and as such, difficult to embed. Bringing it to life and relating it to everyday life is critical. There’s a reason why all drivers must pass a theory AND a practical test… And one of the best ways to do this is through scenario testing. What is so vital about scenario testing (aside from identifying critical gaps by replicating real-life situations) is how it involves people. By involving all levels of stakeholders, not just senior staff, people across the firm will start to be educated in how to deal with a disruption. Individuals who may have seen the regimes as a burden on their BAU activities will begin to realise there are gaps that may impact the business. They will realise their team isn’t as clued up on internal procedures as they first thought. And they will begin to realise the real value that the Operational Resilience regulation brings. Which brings us on to the benefits.
Demonstrating the tangible benefits
Normally, firms only pick up on regulation that impacts them directly, but we have seen a number of firms which are not impacted by the regulation putting operational resiliency front and centre of their agenda because it makes business sense to do so.
In our recent survey, one wealth manager told us:
“We are currently a core firm… Nevertheless, we feel the process is good practice in protecting our clients from disruption and provides a good framework to address these issues in.”
This demonstrates the value of the exercise and that it is not just a one-off compliance exercise. If you are a firm in scope, focus on the benefits in all of your communications and not just around it being a “must do” activity. And if you are a firm not yet in scope, it makes sense to get your ducks in a row now and start to get stakeholders bought into resilience as soon as possible.
Our award-winning team of specialists advises firms internationally on all aspects of Operational Resilience. If you would like to discuss any aspect of this article or our practical approach, please contact us.
Read the previous article in this series:
Download the results of our survey:
Read more on this topic