We worked with a mid-size client to help meet its Operational Resilience requirements, by:
- Identifying the Important Business Services(IBS) using a profile of their reputation, profit generation or brand importance;
- Mapping the IBS components including people, processes, systems, data, third parties and facilities;
- Assessing the exposure and Impact Tolerance of each component;
- Launching remediation internally or with suppliers for instances in which loss of a component could cause intolerable interruption; and
- Created a reporting tool to allow senior management to see at a glance where their exposures are: at the level of the Group, the Department, or the Important Business Service.
The work concluded by conducting Lessons Learned and handing over an Operating Model to ensure self-reliance for the bank’s ongoing programme.
The UK’s Operational Resilience regulations are the latest in a trend of increasing regulatory focus on retail fund managers. With the coming advent of UK SoX, DORA in the EU, and the challenges of ESG’s likely security and privacy focus, the cyber regulatory spotlight on retain fund managers is unlikely to reduce in the foreseeable future. The good news is this provides an opportunity for some firms to strengthen the way they manage their operations; gaining business value beyond compliance minimum standards.