Background
Aldbury International was commissioned to undertake an independent baseline assessment of an in scope dual regulated firm’s implementation of the regulators’ new policy statements, to complete a self-assessment document and to develop an Operational Resilience governance framework and scorecard.
This work was based on taking the firm's assessment of its processes and important business services it had already identified.
Solution
At the conclusion of the first phase of the project, the completed self-assessment document was presented to the firm's Board. This allowed the firm to take the next steps in ensuring that they would meet all regulatory deadlines within the allotted timescales.
Overview of work
Aldbury identified a number of elements that had to be addressed in the firm’s self-assessment document which reflected the overall process which needed to be followed in order to comply with the new rules on operational resilience.
Important Business Services (“IBS”)
Impact Tolerances
Mapping
Testing Plan
Scenario Testing as carried out
Lessons Learned Exercises
Vulnerabilities
Communication Strategy
Methodologies used to undertake the above
Create a baseline
To asses, the firm's baseline operational resilience, Aldbury undertook a series of internal workshops to identify and ratify the IBS identification processes. The data collected allowed Aldbury to assess the work undertaken and further work that needed to be completed. This assessment process included:
Inputs from departmental managers in relation to their processes included and excluded
Identification of initial tolerances that were then independently assessed and re-calculated
Document first stage process steps for each IBS
Output
The findings were then captured in our industry-first Operational Resilience Scorecard, showing the firm's status at the end of March.
This interactive scorecard is designed specifically for the C-Suite and board members to access a snapshot overview of progress. It also allows the firms internal teams to track and manage ongoing implementation and ensure that testing and training is completed.
Governance Framework and ongoing self-assessment
In order to meet the regulators’ expectation of full adherence and compliance by the 31st March 2025, Aldbury further identified milestones for the firm’s ongoing project. These milestones were then incorporated into the interactive scorecard. If those milestones are missed, the scoring and the Operational Resilience of the firm will decay. This can be captured in real time within the operational resilience trajectory element of the scorecard.
Milestones
Undertake a Severe but Plausible Scenario simulation with the participation of a key third party account manager in mid-2022. Fully document findings and lessons learned.
Validate understanding of Intolerable Harm through customer focus groups. Use this analysis to identify and publish sustainable Impact Tolerances in 2023.
Continue to refine the process of mapping all identified Important Business Services and known “work arounds”, ensuring that all process owners and their teams have access to these on an ongoing basis by 2024.
Annual compliance task for Important Business Service (IBS) owners to complete a self-assessment questionnaire/exercise and update of governance scorecard.
Outcome
The objective of this work on operational resilience was to ensure that the requirements of both the PRA and the FCA were met and more importantly, the firm was as operationally resilient as practicable.
The completed self-assessment document was presented for formal adoption by the Board, allowing the firm to continue the work needed to ensure that it continues to meet its operational resilience milestones.
Comments