Case Study: Strengthening Operational Resilience through rigorous testing background
- Joshua Spencer
- 5 days ago
- 1 min read
Aldbury International was approached by a financial services firm following an FCA review of its Operational Resilience Self-Assessment.
While the firm had invested significant time and effort in developing its resilience framework, the FCA identified several deficiencies - most notably:
A lack of rigour in its testing regime.
Limited engagement from the Crisis Management Team (CMT).
Insufficient justification for Impact Tolerances.
Failure to fully identify vulnerabilities within key business services.
Findings
On review, Aldbury identified that the firm’s Impact Tolerances were largely based on internal experience and assumptions rather than objective evidence.
By encouraging the firm to engage directly with its customer base to understand when “intolerable harm” would occur, Aldbury helped establish a more credible, data-driven foundation for these tolerances.
The mapping process used by the firm was also too granular, making it difficult to identify wider systemic vulnerabilities. Additionally, because testing scenarios were not designed to push the organisation near or beyond its Impact Tolerances, the Crisis Management Team had not been actively involved - limiting the value of the exercises.
Solution
Aldbury worked with the firm to:
Develop high-level process mapping that revealed single points of failure.
Design and deliver progressively complex, severe-but-plausible testing scenarios.
Facilitate Crisis Management Team exercises to strengthen communication, decision-making and performance under pressure.
These measures enabled the Executive Committee to clearly see vulnerabilities within the firm’s structure and operations, while ensuring the Crisis Management Team gained the confidence and co-ordination needed to manage real-world disruption.
Outcome
Through Aldbury’s structured approach, the firm established a more robust, evidence-based Operational Resilience framework, enhanced CMT engagement and a testing programme that now meets regulatory expectations. Most importantly, the business is now better equipped to protect its clients, its reputation and its long-term continuity.
Comments