Ask Camelot: “What could possibly go wrong?”
The practitioners’ guide to Operational Resilience
The second instalment in the Camelot Live: Ask Camelot series was hosted by Camelot’s very own Compliance, Ethics & Risk Think Tank entitled – ‘What could possibly go wrong? The practitioners’ guide to Operational Resilience’. This event strove to help insurance companies / financial services companies to understand new operational resilience changes taking place.
The workshop was spurred by recent regulatory changes in the compliance and risk arenas – something touched upon by Blandine Arzur-Kean. Although the FCA is focusing on certain types of firms, all companies should strive to have strong risk management processes – even if they fall outside the scope of the government consultation paper. If you provide services to any of those firms, they are likely to ask questions on your Operational Resilience as they need to understand the distribution chain of their product.
Companies, therefore, need to assess the accountabilities for Operational Resilience at a granular level and how every part of the business connects together. They will face a variety of challenges, some more related to culture change while others will need to understand how they are going to map the required changes and the resources it will take.
Look at the processes already in place and spot the potential gaps – think about how you will report these to the governing bodies within your organisation.
How well do you feel you understand the regulatory expectations of your company?
Very well: 41%
Not very well at all: 59%
Another question that was analysed in this Camelot Live event regarded the allocation of responsibility within an organisation for Operational Resilience. Nousheen Hassan emphasised that Operational Resilience has come to the forefront now because of how it impacts customers. Ensuring businesses and firms can provide continuous services with minimal disruption is essential to maintaining a positive brand reputation and credibility.
She also agreed with the poll (below), that the COO should have responsibility for Operational Resilience with input from everyone across the business because all business functions are going to be impacted one way or another. Above all, you need to prioritise your plan based on what your customers need. Protecting them and the key services they need from your business is of paramount importance. It is also important to understand when thinking about tolerance levels regarding services that may go down, which functions may need to recover first in order of priority on a risk basis.
Who in your organisation currently has responsibility for Operational Resilience
Head of Compliance: 15%
Head of IT: 15%
COO: 54% (most)
The top of your list of priorities should be doing the basics really well and stress testing your Operational Resilience plans regularly, advised Hugh Hessing. Key risks and contingencies should be clearly outlined. Everything is connected these days, and everything is immediate, so customers feel the effects more when those same services slow down. It is possible to be pragmatic in defining which business services matter the most to customers, with customer support and access coming at the top of the list. Make sure you prioritise services that will be impactful to the customer, not just what your Sales Execs and Directors are telling you are ‘critical’.
Practice, practice, practice. Prescribe behaviours and processes to be adopted should things fail and follow these when things do actually go wrong. You’re probably already doing work that can be pulled into your Operational Resilience practices, all it requires is an amalgamation of this work and bringing it all together in one place.
Given everything you’ve heard today, how well equipped and prepared do you feel your company is to deal with operational resilience challenges?
Very well prepared: 37%
Not very well prepared at all: 63%
An analysis of Operational Resilience would not be complete, of course, without mention of the global Covid-19 pandemic and its impact on the financial services sector. In delivering against Operational Resilience expectations, Isaac Alfon outlined two key learning points from these unusual circumstances. The first point was the industry proving their ability to focus on something (e.g. switching to working from home and delivering technology change) within a very short period of time.
The second learning point from Covid-19 was the importance of crisis management. When we think about regulatory requirements, there is lots of planning and mapping to be done based on several scenarios. When the next Operational Resilience event hits, however, crisis management will be the thing that saves you. People mustn’t forget this being a fundamental component of their organisation’s Operational Resilience toolkit.