As firms move from implementing to testing their operational resilience, could you be monitoring your risks more efficiently? How are you monitoring processes to test operational resilience?

Businesses are subject to more risks and shocks than ever with events like Brexit and the COVID-19 pandemic generating wide-ranging impacts for a variety of firms. That is why the Financial Conduct Authority (FCA) has implemented a policy to “strengthen operational resilience in the financial services sector.” The challenge for compliance officers is two-fold: they must put in place processes to mitigate potential disruptions and then monitor those processes.

The FCA defines operational resilience as “the ability of firms, financial market infrastructures and the financial sector as a whole to prevent, adapt and respond to, recover and learn from operational disruption.” Per their policy paper PS21/3 Building operational resilience, the FCA’s objective of creating this new policy is to building and strengthen the operational resilience of the UK’s financial services sector to minimise disruptions. This matters because “Operational disruptions can cause wide-reaching harm to consumers and pose a risk to market integrity, threaten the viability of firms and cause instability in the financial system.”

What this means for firms

The rules and guidance of PS21/3 have been in force since 31 March 2022, at which point firms were obliged to have:

• “identified their important business services”
• “set impact tolerances for the maximum tolerable disruption”
• “carried out mapping and testing to a level of sophistication necessary to do so”
• “identified any vulnerabilities in their operational resilience”

The FCA has given firms a three-year window between 31 March 2022 and 31 March 2025 to perform this obligatory mapping and testing so that they can demonstrate being within their outlined impact tolerances. To help firms stay operational in those impact tolerances, the FCA also expects firms to make “necessary investments” within this three-year period.

Regtech and compliance management technology offer compliance officers tools to balance the many demands of demonstrating operational resilience compliance alongside other compliance responsibilities. For example, ComplyPortal’s Monitoring module helps to continuously monitor tasks while producing a full reporting and audit trail to demonstrate continuous monitoring to the regulator.

Additionally, tools like the visual ‘heatmap’ in ComplyPortal’s Risk module help firms to map risks and track both inherent and residual risk scores which could impact their firm’s operational resilience. This allows firms to easily visualise and focus on those controls which are most important at mitigation of highest risk areas.

Compliance teams can also ensure staff awareness of company procedures through ComplyPortal’s Attestations module. Users can efficiently send reminders for staff to affirm their understanding of policies and procedures and how they can contribute to minimising operational risks throughout a firm.

Using software to assist and centralise areas of compliance gives compliance officers more time and freedom for complex tasks like long-term strategizing and planning for current and future operational risks.

Find out more about how the ComplyPortal platform can help firms adapt to new regulatory expectations at: https://complyportal.uk/modules

About ComplyPortal:

First developed in 2011 by compliance professionals for compliance officers, ComplyPortal offers workflow, automation, and several modules to help firms with control and regulatory compliance monitoring.

ComplyPortal simplifies financial services regulatory compliance management on an easy-to-use cloud-based comprehensive compliance platform. It enables compliance officers, risk officers and senior management to keep track of their firm’s regulatory responsibilities and workflows. Our platform includes the following modules, among others:

• Monitoring: a year-round schedule pre-populated with monitoring questionnaires to ease compliance processes.
• Registers: lists controlled by the Compliance officer, but easy for staff to view.
• Risk: map and control risk areas to effectively identify and manage risk for your firm.
• eKYC solution: perform comprehensive searches, including client identity verification, document authenticity, and more for a comprehensive KYC and AML approach

After the first anniversary of the landmark review into UK fintech, what has changed in the industry—and what do firms need to know now?

According to Ron Kalifa OBE, fintech is “a permanent, technological revolution”.  This, contained in his preface to the Kalifa Review of UK Fintech, explains in a nutshell why so much attention is being paid to this area of financial services. Financial services is often seen as a crown jewel in the UK economy, so it’s no wonder that one year ago we saw the results of a government-commissioned independent review into how to grow and develop the fast-growing fintech landscape.

The Kalifa Review: Key Points

The review recommends a 5-point delivery and action plan in the following areas:

Discover how ComplyPortal can help you adapt to new and future challenges at: https://complyportal.uk/modules

About ComplyPortal:

First developed in 2011 by compliance professionals for compliance officers, ComplyPortal offers workflow, automation, and several modules to help firms with control and regulatory compliance monitoring.

ComplyPortal simplifies financial services regulatory compliance management on an easy-to-use cloud-based comprehensive compliance platform. It enables compliance officers, risk officers and senior management to keep track of their firm’s regulatory responsibilities and workflows. Our platform includes the following modules, among others:

• Monitoring: a year-round schedule pre-populated with monitoring questionnaires to ease compliance processes.
• Registers: lists controlled by the Compliance officer, but easy for staff to view.
• Risk: map and control risk areas to effectively identify and manage risk for your firm.
• eKYC solution: perform comprehensive searches, including client identity verification, document authenticity, and more for a comprehensive KYC and AML approach

While Europe’s financial institutions are struggling to absorb the shock caused by the COVID-19 pandemic, security risks and the frequency of Information and Communications Technology (ICT) and security-related incidents (including cyber incidents) are rising, which, in turn, has the potential to adversely impact financial institutions’ operational functioning.

The financial sector’s increasing digitalisation and the growing interconnectedness between financial institutions and third parties make financial institutions’ operations vulnerable to internal and external ICT and security risks that could potentially compromise their viability. As a result, sound ICT and security risk management are key for a financial institution to achieve its strategic, corporate, operational and reputational objectives.

For this reason, the European Banking Authority (EBA) issued its Guidelines on ICT and security risk management which entered into force on 30 June 2020. These guidelines set out EBA’s expectations on how financial institutions should manage the internal and external ICT and security risks.

Do you meet the requirements?

• Financial institutions have adequate internal governance and internal control framework in place for their ICT and security risks. The management and mitigation of ICT and security risks through an independent and objective control function, appropriately segregated from ICT operations processes and not responsible for any internal audit, and an independent internal audit function.
• Maintain up-to-date inventories of business functions and assess the operational risks related to ICT and the security risks and determine what measures are required to mitigate the identified risks.
• Requirements to implement effective information security measures, including having an information security policy in place; establishing, implementing and testing information security measures; and establishing a training programme for all staff and contractors.
• Requirements for ICT operations management including requirements to improve, when possible, the efficiency of ICT operations; implement logging and monitoring procedures for critical ICT operations; maintain an up-to-date inventory of ICT assets; monitor and manage the life cycle of ICT assets; and implement backup plans and recovery
• Requirements for ICT project and change management, including the acquisition, development and maintenance of ICT systems and services.
• Business continuity management and developing response and recovery plans, including testing, and their consequent updating based on the test results. Ensure effective crisis communication measures in place so that all relevant internal and external stakeholders can be informed in a timely manner.

If you don’t know where to start and are uncertain as to the security risks that exist in your organisation and how they should be identified and controlled, we are here to help you.

For more insight on compliance technology options and benefits, visit https://complyportal.uk/modules/ and find out how our straightforward, comprehensive compliance technology solution can help you and your organisation.

About ComplyPortal:

First developed in 2011 by compliance professionals for compliance officers, ComplyPortal offers workflow, automation, and several modules to help firms with control and regulatory compliance monitoring.

ComplyPortal simplifies financial services regulatory compliance management on an easy-to-use cloud-based comprehensive compliance platform. It enables compliance officers, risk officers and senior management to keep track of their firm’s regulatory responsibilities and workflows. Our platform includes the following modules, among others:

• Monitoring: a year-round schedule pre-populated with monitoring questionnaires to ease compliance processes.
• Registers: lists controlled by the Compliance officer, but easy for staff to view.
• Risk: map and control risk areas to effectively identify and manage risk for your firm.
• eKYC solution: perform comprehensive searches, including client identity verification, document authenticity, and more for a comprehensive KYC and AML approach

CLICK HERE TO GET STARTED!