Q3 2024 COO Magazine
Operational Resilience
Cyber | Technology | 3rd Party Vendor | Business Continuity | Crisis Management
With global regulators adopting differing levels of scrutiny within resiliency, some financial services companies have responded by appointing a global head of operational resilience, invariably reporting to the Chief Technology Officer.
This is understandable when much of the resiliency risk sits within technology – but importantly – not all of it.
In the UK, the Senior Manager’s regime imposed an obligation on the COO, appointed SM24, as the senior executive with responsibility for the operations and technology of the company. This manifested itself with the requirement to establish an operational resilience framework.
The regulatory interim deadline of April 2021 – March 2022 was an initial implementation period, which required the SMF24 to implement all aspects of the policy, except being able to stay within impact tolerances at all times.
We entered the next phase in March 2022, carrying through to March 2025 which is the transitional period whereby firms are required to invest in their ability to remain within their impact tolerances.
This confirmed a focus on cyber security, 3rd party vendor management, technology, and the link into business continuity, all being scenario stress tested.
One COO noted:
‘‘These are all established risks, nothing new, but we must now look at them through a nuanced lens, called resiliency. It’s become a wrapper around what we already do, where this can lead to a fragmented approach.’’
Most argue this fragmented approach can be managed by taking a horizontal view across business activities to test resiliency, some suggest a framework would be better aligned to established non-financial risk taxonomies, providing oversight to meet resiliency requirements.
Alongside the debate on management and governance, COO feedback suggests there are several topics that supersede governance in their importance:
- Can we better manage third parties that are systemic to the industry?
- Do we have a consistent view of ‘severe but plausible’?
- Can we standardise responses to customer demands with regard to op res assurance?
These are worthy of debate and will be tabled throughout 2024 and 2025 as part of The International COO Community (iCOOC) programme of debate. iCOOC will further investigate whether the fragmented approach noted above could lend itself to the design and implementation of an integrated resilience framework.
Key points of discussion will be:
- The governance of operational resilience, the marriage and integration of established 1st and 2nd line risk and control functions, the over lapping role of risk committees, and how best to develop, test and provide a non-financial emerging risk and horizon scanning capability.
- A capability that would partner resiliency, thus ensuring interoperability and sustainability of the business against the impact of anticipated and unforeseen events.
Within this programme of debate the aim is to evaluate the role of the COO in meeting the demands of operational resilience, define principles for adoption and explore ways in which the community can benefit from cross industry discussion on this market-wide, non-proprietary challenge.
Maurice Evlyn-Bufton
CEO, Armstrong Wolfe
Q3 2024 Content
Operational Resilience: Prioritizing Customer Trust in Times of Disruption
In today’s interconnected and fast-paced global economy, disruptions are inevitable. Whether due to cyber-attacks, natural disasters, pandemics, or supply chain failures, businesses must be prepared to navigate these challenges. However, beyond just keeping the lights on, a truly resilient organization prioritizes its customers, ensuring their trust and satisfaction even during turbulent times. Operational resilience, when viewed through the lens of customer focus, not only maintains business continuity but also secures long-term loyalty and success.
A perspective from Armstrong Wolfe's COO
Piers Murray
COO
Armstrong Wolfe
A sell side perspective: Ask a philosopher about your data
Rob Wilson
Armstrong Wolfe Advisor
Former BNY Mellon and Merrill Lynch
SMF24 Perspective: The COO’s regulatory obligation
Martha Fee
Armstrong Wolfe Advisor
Former SMF24 as COO EMEA & APAC
Northern Trust Asset Management
COO Interview: Brian O’Neill - Standard Chartered
COO, TTO & Global Head, Group Transformation
Brian is the Chief Operating Officer for Transformation, Technology & Operations, and from May 2024, he is also the Global Head, Group Transformation.
Understanding DORA
Operational Resilience in the Financial Sector
The implementation of DORA signifies a significant international effort in the area of operational resilience. The attention from international competitive authorities and other regulators on the EU’s approach to operational resilience is noteworthy.
Operational resilience in the face of climate change
There is no denying that we are feeling the effects of climate change but have you assessed the risks to your operations and are you making the adaptation measures required?
The COO: Driving sustainable change
Over the past few years, companies across every industry have made sustainability commitments ranging from diversity targets through to transitioning their business to net zero.
Managing Operational Risks with Advanced AI: Insights from Behavox
In today’s financial landscape, operational risks are a persistent challenge, threatening the stability, reputation, and legal standing of organisations.
Back to the top
Become a Member
Email us today or complete this form and join the only global membership committed to the advancement of the Financial Services COO.
Be engaged, connect with the industry and your peers, empower your people through knowledge transfer and learning.