Episode 25: Meeting new operational resilience expectations
Aug 23, 2022
auto_awesome
Joanne Johnson and David Young discuss the challenges of meeting operational resilience expectations, including understanding processes, mapping business processes to technology and suppliers, and managing audit trails. They also provide tips for organizations struggling to meet these expectations, such as reading and understanding regulations and networking with industry peers. The guests highlight the changing regulatory requirements and the focus on cyber resilience.
Operational resilience is now a priority for firms, with a focus on effective customer communication during disruptions.
Compliance with operational resilience requirements has prompted firms to adopt more customer-centric approaches.
Deep dives
Transitioning to Managing Operational Resilience as BAU
The transition from responding to incidents through business continuity to preventing disruption through operational resilience has been a challenging mindset change for organizations. Compliance with regulatory requirements was structured and well-managed, but organizations now face the task of managing operational resilience as part of their ongoing operations. Mapping exercises have surfaced vulnerabilities and highlighted the need to prioritize and promptly remediate them, gaining board sign-off for self-assessment of vulnerabilities has increased their visibility and importance. Scenario testing and testing existing crisis management and business continuity arrangements have led firms to focus on more effective customer communication during disruptions.
The Importance of Operational Resilience in Today's World
Operational resilience has become central to regulatory agendas due to global disruptions like the pandemic, geopolitical crises, and climate concerns. Compliance with operational resilience requirements has prompted firms to reflect on their ability to withstand challenges. The identification of important business services (IBS) and setting impact tolerances were part of the initial compliance phase. The focus on operational resilience has forced firms to think more about customer needs and the impact of disruptions on them, resulting in more customer-centric approaches.
Readiness and Challenges in Achieving Operational Resilience
Firms that fell under regulatory scope have complied with initial requirements, including identifying IBS, setting impact tolerances, and gaining board sign-off by March. However, ongoing challenges remain, such as remediating vulnerabilities identified through mapping exercises. Scenario testing is in its early stages, and firms must prioritize it over the next year. The biggest challenge has been the volume of work required, understanding business processes, and shifting from a business continuity mindset to operational resilience. Firms are in the process of adapting to these challenges.
Benefits and Recommendations for Operational Resilience
The operational resilience exercise has provided firms with several benefits. It has forced them to think differently about service delivery, focus on customer communication during disruptions, and prioritize the remediation of vulnerabilities. The exercise has also highlighted the need to align business continuity and incident management with operational resilience. Recommendations for firms include knowing the regulations, networking and sharing ideas with peers, and staying true to the organization's purpose and customer focus. Automation and embedding ownership and accountability for IBS are additional areas to focus on.
The new operational resilience rules have been effective since March 2022, forcing firms to think much more about how they communicate with customers when disruption does occur. Further regulatory developments are expected in the upcoming period to 2025, which will require firms to transition into new requirements.
In this episode, Irina Velkova is joined by Joanne Johnson, Head of Operational Resilience and End-to-End Controls at Wesleyan, and David Young, Associate Director at Grant Thornton UK LLP, for a conversation around how operational resilience is becoming a priority for firms.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
