Operational resilience 1 April deadline– Senior Management and Board sign off

With a month to go until the new Operational Resilience rules are implemented, firms should be looking to get a credible self-assessment in place ahead of 1 April 2022.

The FCA and PRA have made it clear that assessing a firm’s Operational Resilience rests with the Board and Senior Management. This includes the identification of important business services, impact tolerances, and self-assessment. This is not a job that should or can be left for the SMF24 (Chief Operations) title (if indeed you have one). All members of the Board are required to take responsibility and ultimately, accountability if things do go wrong.

Given the importance of the task, and the personal responsibility that sits with it under Senior Managers & Certification Regime (SMCR) anyone with senior management responsibility should be considering whether they and the Board have the necessary skills, knowledge and expertise to provide constructive challenge and assurance.

Successful firms are more likely to have invested in relevant and tailored training, been kept appraised throughout the planning and decision-making process, particularly on what constitutes important business services. If this does not sound familiar, it’s not too late to act. Better to ask yourselves some uncomfortable questions now rather than wait for the Regulator who will be asking firms for their self-assessment from 1 April 2022.

Questions for Board members to ask themselves:

1. Are my operational resilience responsibilities clearly defined and documented?

2. Is the management information I am receiving fit for purpose – is it telling me what I need?

3. Has the process to complete your self-assessment been subject to appropriate challenge and have decisions been sufficiently documented in Board packs?

4. If a business service fails in the future, and it was not included in your assessment – do you have the evidence and justification you need to demonstrate why it was excluded?

5. Have we got the right level of input from subject matter experts?

6. Is the second line sufficiently resourced to manage operational resilience on an on-going basis?

7. Is the culture of our firm aligned to our success?

8. Do the members of board have the individual and collective knowledge and expertise to not only sign off the self-assessment off to answer the key exam questions but to govern resilience going forwards?

9. If the self-assessment identified areas where work is needed to ensure impact tolerances are not breached, is there a plan in place to properly address the risks identified?

Do get in touch if you have any questions on complying with the new rules and bringing together your self-assessment.