The focus of risk in the financial industry has changed dramatically in the past few years. Greater integration in the sector has created a complex web of third-party interdependencies. Today, if one organisation should go down as a result of a cyber attack, power outage, war, cloud server failure, climate incident, or pandemic, it’s likely to have a direct and serious impact on many other financial companies — as well as their customers.
Regulators are keenly aware of this shift. In March 2022, the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) introduced a piece of joint legislation, ‘Building Operational Resilience’, to boost the ability of the financial services sector to prevent, minimise and recover from operational disruptions.
As a result, a huge range of companies, including insurers, banks and building societies, and large-scale asset managers, must now invest heavily in examining and improving the resilience of their services, to ensure they maintain a consistent standard for their clients.
And if they don’t? The regulators are ready to enforce huge fines. To date, fines ranging from £1m to over £48m have been seen.
By March 2025, every firm affected by the regulation needs to be in a state of “full operational resilience” in the eyes of the regulators. The industry has a long way to go with many players yet to act. Those that have acted may not fully comprehend the complexity of their self-assessment process, while others may not be prepared for the journey they can expect as the regulation evolves.
But this process can be much more than a mere tick-box exercise. By fully embracing the demands of the regulation, your organisation will make itself less vulnerable to disruption and better equipped to limit its impact when it does occur. It is also likely to become more functional and efficient.
This guide is designed to support you in the journey to operational resilience. It breaks down the six steps you need to take as indicated below, exploring the inherent challenges, and explaining why Novatus is uniquely placed to support your business needs.
Novatus offers a range of advisory services, from implementation and assurance to post-implementation health checks. If you would like to discuss our other offerings further, please contact Hugo Warner: email@example.com.