Q3 2024 COO Magazine

Operational Resilience

Cyber | Technology | 3rd Party Vendor | Business Continuity | Crisis Management

With global regulators adopting differing levels of scrutiny within resiliency, some financial services companies have responded by appointing a global head of operational resilience, invariably reporting to the Chief Technology Officer.

This is understandable when much of the resiliency risk sits within technology – but importantly – not all of it.

In the UK, the Senior Manager’s regime imposed an obligation on the COO, appointed SM24, as the senior executive with responsibility for the operations and technology of the company. This manifested itself with the requirement to establish an operational resilience framework.

The regulatory interim deadline of April 2021 – March 2022 was an initial implementation period, which required the SMF24 to implement all aspects of the policy, except being able to stay within impact tolerances at all times.

We entered the next phase in March 2022, carrying through to March 2025 which is the transitional period whereby firms are required to invest in their ability to remain within their impact tolerances.

This confirmed a focus on cyber security, 3rd party vendor management, technology, and the link into business continuity, all being scenario stress tested.

One COO noted:

‘‘These are all established risks, nothing new, but we must now look at them through a nuanced lens, called resiliency. It’s become a wrapper around what we already do, where this can lead to a fragmented approach.’’

Most argue this fragmented approach can be managed by taking a horizontal view across business activities to test resiliency, some suggest a framework would be better aligned to established non-financial risk taxonomies, providing oversight to meet resiliency requirements.

Alongside the debate on management and governance, COO feedback suggests there are several topics that supersede governance in their importance:

  • Can we better manage third parties that are systemic to the industry?
  • Do we have a consistent view of ‘severe but plausible’?
  • Can we standardise responses to customer demands with regard to op res assurance?

These are worthy of debate and will be tabled throughout 2024 and 2025 as part of The International COO Community (iCOOC) programme of debate. iCOOC will further investigate whether the fragmented approach noted above could lend itself to the design and implementation of an integrated resilience framework.

Key points of discussion will be:

  • The governance of operational resilience, the marriage and integration of established 1st and 2nd line risk and control functions, the over lapping role of risk committees, and how best to develop, test and provide a non-financial emerging risk and horizon scanning capability.
  • A capability that would partner resiliency, thus ensuring interoperability and sustainability of the business against the impact of anticipated and unforeseen events.

Within this programme of debate the aim is to evaluate the role of the COO in meeting the demands of operational resilience, define principles for adoption and explore ways in which the community can benefit from cross industry discussion on this market-wide, non-proprietary challenge.

Maurice Evlyn-Bufton

CEO, Armstrong Wolfe

Q3 2024 Content

Badget Text

Operational Resilience: Prioritizing Customer Trust in Times of Disruption

In today’s interconnected and fast-paced global economy, disruptions are inevitable. Whether due to cyber-attacks, natural disasters, pandemics, or supply chain failures, businesses must be prepared to navigate these challenges. However, beyond just keeping the lights on, a truly resilient organization prioritizes its customers, ensuring their trust and satisfaction even during turbulent times. Operational resilience, when viewed through the lens of customer focus, not only maintains business continuity but also secures long-term loyalty and success.

Badget Text

A perspective from Armstrong Wolfe's COO

Piers Murray
Armstrong Wolfe

Badget Text

A sell side perspective: Ask a philosopher about your data

Rob Wilson
Armstrong Wolfe Advisor
Former BNY Mellon and Merrill Lynch

Badget Text

SMF24 Perspective: The COO’s regulatory obligation

Martha Fee
Armstrong Wolfe Advisor
Former SMF24 as COO EMEA & APAC
Northern Trust Asset Management

Badget Text

COO Interview: Brian O’Neill - Standard Chartered

COO, TTO & Global Head, Group Transformation

Brian is the Chief Operating Officer for Transformation, Technology & Operations, and from May 2024, he is also the Global Head, Group Transformation.

Badget Text

Understanding DORA

Operational Resilience in the Financial Sector

The implementation of DORA signifies a significant international effort in the area of operational resilience. The attention from international competitive authorities and other regulators on the EU’s approach to operational resilience is noteworthy. 

Badget Text

Operational resilience in the face of climate change

There is no denying that we are feeling the effects of climate change but have you assessed the risks to your operations and are you making the adaptation measures required?

Badget Text

The COO: Driving sustainable change

Over the past few years, companies across every industry have made sustainability commitments ranging from diversity targets through to transitioning their business to net zero.

Badget Text

Managing Operational Risks with Advanced AI: Insights from Behavox

In today’s financial landscape, operational risks are a persistent challenge, threatening the stability, reputation, and legal standing of organisations.

Back to the top

Become a Member

Email us today or complete this form and join the only global membership committed to the advancement of the Financial Services COO.

Be engaged, connect with the industry and your peers, empower your people through knowledge transfer and learning.