As firms move from implementing to testing their operational resilience, could you be monitoring your risks more efficiently? How are you monitoring processes to test operational resilience?

Businesses are subject to more risks and shocks than ever with events like Brexit and the COVID-19 pandemic generating wide-ranging impacts for a variety of firms. That is why the Financial Conduct Authority (FCA) has implemented a policy to “strengthen operational resilience in the financial services sector.” The challenge for compliance officers is two-fold: they must put in place processes to mitigate potential disruptions and then monitor those processes.

The FCA defines operational resilience as “the ability of firms, financial market infrastructures and the financial sector as a whole to prevent, adapt and respond to, recover and learn from operational disruption.” Per their policy paper PS21/3 Building operational resilience, the FCA’s objective of creating this new policy is to building and strengthen the operational resilience of the UK’s financial services sector to minimise disruptions. This matters because “Operational disruptions can cause wide-reaching harm to consumers and pose a risk to market integrity, threaten the viability of firms and cause instability in the financial system.”

What this means for firms

The rules and guidance of PS21/3 have been in force since 31 March 2022, at which point firms were obliged to have:

  • “identified their important business services”
  • “set impact tolerances for the maximum tolerable disruption”
  • “carried out mapping and testing to a level of sophistication necessary to do so”
  • “identified any vulnerabilities in their operational resilience”

The FCA has given firms a three-year window between 31 March 2022 and 31 March 2025 to perform this obligatory mapping and testing so that they can demonstrate being within their outlined impact tolerances. To help firms stay operational in those impact tolerances, the FCA also expects firms to make “necessary investments” within this three-year period.

Regtech and compliance management technology offer compliance officers tools to balance the many demands of demonstrating operational resilience compliance alongside other compliance responsibilities. For example, ComplyPortal’s Monitoring module helps to continuously monitor tasks while producing a full reporting and audit trail to demonstrate continuous monitoring to the regulator.

Additionally, tools like the visual ‘heatmap’ in ComplyPortal’s Risk module help firms to map risks and track both inherent and residual risk scores which could impact their firm’s operational resilience. This allows firms to easily visualise and focus on those controls which are most important at mitigation of highest risk areas.

Compliance teams can also ensure staff awareness of company procedures through ComplyPortal’s Attestations module. Users can efficiently send reminders for staff to affirm their understanding of policies and procedures and how they can contribute to minimising operational risks throughout a firm.

Using software to assist and centralise areas of compliance gives compliance officers more time and freedom for complex tasks like long-term strategizing and planning for current and future operational risks.

Find out more about how the ComplyPortal platform can help firms adapt to new regulatory expectations at:

About ComplyPortal:

First developed in 2011 by compliance professionals for compliance officers, ComplyPortal offers workflow, automation, and several modules to help firms with control and regulatory compliance monitoring.

ComplyPortal simplifies financial services regulatory compliance management on an easy-to-use cloud-based comprehensive compliance platform. It enables compliance officers, risk officers and senior management to keep track of their firm’s regulatory responsibilities and workflows. Our platform includes the following modules, among others:

  • Monitoring: a year-round schedule pre-populated with monitoring questionnaires to ease compliance processes.
  • Registers: lists controlled by the Compliance officer, but easy for staff to view.
  • Risk: map and control risk areas to effectively identify and manage risk for your firm.
  • eKYC solution: perform comprehensive searches, including client identity verification, document authenticity, and more for a comprehensive KYC and AML approach