Finding operational resilience difficult, complex and quite frankly a hard slog? You’re not alone. Many wealth managers have recognised we’re in the warm-up phase of the long game that is Operational Resilience. Which means it’s time to get your team in, assess where you are, and confirm or revise your strategy for the next stage.
Trouble is, with the March 2022 FCA deadline firmly behind us, and 2025 deadline still a long way off, it’s all too easy to tire.
Our advice is to stay focused: this really is a marathon, not a sprint. Now is the time to reality check and if necessary revise your plans, progress key actions, keep the programme on track and keep the Board confident that your business really is becoming more resilient.
Rather than pacing down, it’s time to up your game.
As experts in asset and wealth management, we also take a long-term view. In the year since we first published our first Operational Resilience survey and findings, the world around the regulation has continued to evolve at pace.
Here are the key themes from our experience over the past 12 months, along with top tips for 2023:
Include Your Third Parties
Wealth management firms operate complex technological and operational landscapes, with technology and services increasingly provided by third parties. From video calling to risk profiling to entire CRM platforms, there is a growing reliance on third party products and services across the end-to-end client journey. It should therefore be a primary concern that any issue with any one of these providers could quickly lead to a domino effect that the organisation simply does not have the capacity or capability to manage. Firms must ensure transparency with and from their third parties and must work collaboratively and cooperatively together. Contractual remedies alone are not sufficient.
Indeed, the need for organisations to include third party providers in their Operational Resilience programmes applies now more than ever. With the FCA discussion paper on this topic due to close for feedback on 23 December 2022, firms’ reliance on third party providers is quickly becoming the centre of attention with the regulator – and rightly so. The publication of specific third-party Operational Resilience regulations seems imminent. This should accelerate firms’ desire to speak to these parties sooner rather than later. After all, the firm is only as strong as its weakest provider.
Of course, some third parties will be more on the ball than others, depending on whether they already fall under the guise of Operational Resilience. For instance, a technology provider of video calling facilities will not be subject to these regulations, whereas a provider for a custodian platform will. Organisations need to take stock of their third parties’ current states and resiliency awareness, and then incorporate this into their resiliency plans and actions.
- Our tip is to make sure you get all over this – if you haven’t done so already. You can also find more and practical tips on how to include their third parties in your programmes here.
Spread the word
Despite its title, Operational Resilience is actually overall business resilience; a firm-wide initiative that needs to engage all staff. For that to happen, communications must be clear, digestible, and relevant. People need to know exactly what this means for them – and why it is important for the end client, beyond the tactical workings of a front-to-back plan (although they need to understand the part they play tactically too).
Crucially, the emphasis on formal plans and documentation must mask the need for measured and appropriate communication to the wider business. While it is not necessary for each staff member to read their firm’s entire self-assessment, the business does need to break down the relevant elements into a communicable format, unique for each different business area. Broad-brush is simply not good enough.
We advise clients on all aspects of Operational Resilience, witnessing first-hand how the lack of digestible communications becomes apparent in scenario testing. As soon as plans are put to the test, participants fail to follow lines of escalation or key protocols, leaving leaders painfully aware of the gaps in understanding.
Join the dots
Given the financial world is increasingly interlinked, many firms (and their service providers) will have some exposure to the UK market. These firms can easily, if inadvertently, become entangled in liability for Operational Resilience. For example, if a firm is providing an offshore bond to a UK wealth management firm and this is a part of the firm’s important business service, then they too are subject to the implications of the regulation.
Organisations should also be mindful that this works both ways. UK FCA regulated firms operating in multiple locations can be stung by other parts of their business which may not be up to speed with Operational Resilience simply because there are differing – or no – regulations around this subject in that location. Ignoring this is neither acceptable, nor wise. Operational Resilience should not be seen as an obligatory burden but as a best practice standard to be rolled out across a firm, regardless of location.
- Our tip is to treat the provision as coming from a third party and encompass it within your operational resilience plans.
See this as an opportunity, not a threat
Although core firms within the UK are not currently regulated under Operational Resilience, the regulation still provides a readymade formula for resilience, with the opportunity to adopt best practice while also flexing and adapting the regulation guidance to suit the firm’s business model. The ability to operate with a sound level of resilience is powerful, and it makes strong business sense for firms to benefit from the competitive advantage that resilience also brings.
Firms should not need coercing by the regulator into operating with resilience. This is an opportunity to improve the way an organisation can operate sustainably and continuously, ensuring they continue to deliver their client services in challenging circumstances. An initial investment of time and effort upfront will reap long-term benefits when a resilient culture becomes embedded throughout an organisation.
But you do need to keep going. With over two years still to go until the 2025 deadline and new regulations such as Consumer Duty to attend to meanwhile, it’s not surprising if you find your plans fall behind or veer off-track. If so, don’t panic. Be honest with yourself, recognise the issue and take a health check to get your plans back on track.
Get an expert objective check up
We help clients undertake their initial assessment, develop plans, and execute effectively. Our short, high impact best practice health check is deployable at any time to assess the state of a resiliency programme and use our wider market insight to assess where any firm is positioned against its peers and the industry at large. This gives you an objective view of:
- where you are
- where you should be
- whether you’re still doing the right things in the smartest way
- whether you’re applying the appropriate programme standards
- what wider competitive, cultural and business benefits you should aim to gain as you go
As specialists in creating high performing organisations, we also pay expert attention to the human dynamics of resilience. After all, this is about the end client, not internal politics. Where there are tensions, challenges, and differences, we deploy specialists in high performing organisations, the power of purpose and cultural change to resolve problems and drive resiliency forward at pace.
To find out how we can help you achieve Operational Resilience, please contact us.
Read more on this topic:
- Sionic’s Operational Resilience Wealth Management & Private Banking Market Insights & Survey 2022
- Third Parties – Solution or Achilles heel?
- Sionic Signals – Operational Resilience Asset Management Survey and Forum Findings
- Making Operational Resilience real
- Enhancing Operational Resilience – regulatory burden or just good business practice?