Why it’s not just the finance sector that needs an operational resilience framework

Finacne

Thursday 1st October was the final deadline for the financial services sector to respond to a consultation paper on operational resilience prepared by the Bank of England and FCA. The regulation, expected to come into force in 2022, was prompted by concerns over the tolerance levels in the financial system in the wake of high profile cyber-attacks on Eurofins and Tesco Bank, as well as disruption resulting from TSB’s IT upgrade.

The proposed regulation stipulates that financial services companies map the business services that, if disrupted, could cause harm to consumers or market integrity. This covers the supporting people, processes, technology, facilities and information. Further it will mandate that these organisations ‘set impact tolerances for each of these services and test their ability to remain in tact through a range of severe but plausible disruption scenarios.‘

Although it is an important moment for the financial service sector specifically, companies in all industries should review the proposals and start taking the necessary steps to comply. Not only will the regulation be adopted by more sectors over time, but the best practices it encourages are critical at a time in which COVID-19 has exposed the lack of operational resilience in many UK businesses.

As an example, if you called a company’s customer service helpdesk in the first six weeks of the UK lock down, you were greeted with a strikingly similar message – “we’re experiencing an unusually high volume of calls.“ In most instances this excuse was completely fictitious. In reality these firms simply did not have the back up plans in place to cope if members of staff were not able to physically travel to their call centre.

Before attempting to build resilience plans, it is first essential to design and document the existing processes within your organisation, a foundational step that many have not yet taken. In smaller organisations and relatively simple processes, this can be done manually by bringing together the relevant individuals to discuss and document the process.

However for enterprise organisations, which typically take a siloed approach to process design, a better solution is leveraging automated process mining technology. These platforms generate actionable insight into processes that allow companies to optimize day-to-day operations and make smarter decisions, faster. In addition, they can identify the root causes of poorly performing processes by detecting and visualizing compliance violations, monitoring process performance and acting on critical cases and performance bottlenecks.

When it comes to process design, start with the most critical processes first and get into a rhythm of designing, simulating and documenting them in line with the organisations value stream and value chain. One of the biggest reasons that most companies haven’t already taken steps to map their processes is because of the sheer (perceived) size of the task. Break the problem down, and prioritise the mission critical processes first.

When it comes to resilience planning, it is important to interrogate the practicality and viability of your initial blueprints. Even in a crisis, you need to be sure that your organisation is following the most resource and cost-efficent process possible. This due diligence also accelerates the process of getting these plans approved across the company and signed off by senior leadership. Today’s process software solutions can help you automatically simulate and stress test  the impact that the plans will have across the organisation.

Finally, even companies that have successfully mapped their processes and built their resilience plans often fall into the trap of leaving them in a draw somewhere to gather dust. A better approach is to document and store the resilience plan on a platform that can serve as a ‘single source of truth’ for the whole organisation. This will significantly improve your ability to audit and, if required, demonstrate compliance to the regulator. Then take proaactive, positive steps to regularly cascade the information through relevant teams in as many different ways as possible.

In the course of day to day business, it is always tempting to put off process design and resiliency planning and focus on the daily grind. However, COVID-19 has taught us that the unexpected does happen. Next time make sure your organisation comes out ahead of the pack.


Henry Bush

Henry Bush is the Regional Manager, EMEA at Signavio

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...

The need to clean data for effective insight

David Sheldrake • 05th March 2025

There is more data today than ever before. In fact, the total amount of data created, captured, copied, and consumed globally has now reached an incredible 149 zettabytes. The growth of the big mountain is not expected to slow down, either, with it expected to reach almost 400 zettabytes within the next three years. Whilst...

What can be done to democratize VDI?

Dennis Damen • 05th March 2025

Virtual Desktop Infrastructure (VDI) offers businesses enhanced security, scalability, and compliance, yet it remains a niche technology. One of the biggest barriers to widespread adoption is a severe talent gap. Many IT professionals lack hands-on VDI experience, as their careers begin with physical machines and increasingly shift toward cloud-based services. This shortage has created a...

Tech and Business Outlook: US Confident, European Sentiment Mixed

Viva Technology • 11th February 2025

The VivaTech Confidence Barometer, now in its second edition, reveals strong confidence among tech executives regarding the impact of emerging technologies on business competitiveness, particularly AI, which is expected to have the most significant impact in the near future. Surveying tech leaders from Europe and North America, 81% recognize their companies as competitive internationally, with...