Cyber Security & Financial Sector Resilience
Operational resilience is the latest example of the UK regulators maintaining the standing and reputation of the UK banking sector . this initiative, lead by the Bank of England, the Financial Conduct Authority and the Prudential Regulatory Authority with the objective of securing that the UK remains at the forefront of global regulation innovation and remains a world-leader in financial and related professional services. The aims of the regulators are to set high standards of operational capability and have created high standards for individual financial institutions, and their supply chain, to achieve.
Operational Resilience goes further than traditional business continuity planning: business continuity has traditionally focussed on recovering from an operational impact, operational resilience aims to strengthen a financial firms operational capability so that it can absorb a disruptive impact without operational impairment.
The regulators requirements for financial firms fall into categories
1. Identifying Important Business Services: These are services which, if disrupted, could potentially cause intolerable harm to consumers of the firm’s services or risk to market integrity.
2. Identifying and setting impact tolerances by establishing the first point at which a disruption to an important business service would cause intolerable levels of harm to consumers or risk to market integrity.
3. Mapping & Scenario testing: financial firms are required to identify and document the people, processes, technology, facilities and information (resources) necessary to deliver each of a firm’s important business services.
4. Financial firms are required to test their ability to remain within their impact tolerances for each of their important business services in the event of a range of adverse scenarios, including severe but plausible disruption of its operations.
Financial Sector Resilience - our services
Our main services to financial sector firms are focussed on the following areas:
- Establishing management systems for continuous measurement of cyber security risks and business continuity
- Creating "joined up" frameworks" for both business continuity and operational resilience capabilities