UK regulators expect financial sector to beef up operational resilience

Maria Nikolova

The challenges to the firms’ resilience to operational disruptions have become more complex and intense in recent years, during a period of technological change and in an increasingly hostile cyber environment.

Open a bank account directly with a central bank

In line with an approach outlined in a recent speech by Lyndon Nelson, Deputy CEO of the Bank of England’s Prudential Regulation Authority (PRA), a number of UK regulators – the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA), have presented their joint view on the need for the financial sector to boost its operational resilience.

The joint discussion paper, published today, focuses on the operational resilience of the financial system and the individual firms and financial market infrastructures (FMIs) within it.

Operational resilience refers to the ability of firms, FMIs and the sector as a whole to prevent, respond to, recover and learn from operational disruptions. There are various challenges to making sure their businesses are resilient to operational disruption. These challenges have become more complex and intense in recent years, during a period of technological change and in an increasingly hostile cyber environment. Additional challenges occur where firms operate internationally or outsource a significant level of activities to third parties.

The supervisory authorities consider that the continuity of business services is an essential component of operational resilience. Accordingly, firms and FMIs are expected to focus on that outcome when approaching operational resilience. The supervisory authorities envisage that boards and senior management have to assume that individual systems and processes that support business services will be disrupted, and focus on back-up plans, responses and recovery options.

Also, the authorities anticipate that the boards and senior management of firms and FMIs would set impact tolerances for the operational disruption of business services, on the assumption that some or all supporting systems and processes will fail. In setting impact tolerances, the supervisory authorities suggest that a firm’s or FMI’s board or senior management might prioritise those business services which, if disrupted, have the potential to: threaten the firm’s or FMI’s ongoing viability; cause harm to consumers and market participants; or undermine financial stability. The chapter also highlights relevant existing regulatory standards related to operational resilience that firms and FMIs are already expected to meet.

Impact tolerance is expressed by reference to specific outcomes and metrics. Such metrics could include the maximum tolerable duration or volume of disruption, a measure of data integrity or the number of customers affected.

Having impact tolerances may help ensure that boards and senior management consider what the firm or FMI would do when a disruptive event occurs, rather than only trying to minimise the probability of disruption. This might include how to handle the situation to minimise the consequences of disruption as well as ensuring that the relevant business services continue to be delivered within tolerance.

The discussion paper also suggests an approach for potential supervisory expectations and assessment:

  • Preparation: firms and FMIs identify and focus on the continuity of their most important business services as a means of prioritising their own analysis, work and investment in operational resilience. They set impact tolerances for their important business services and are able to demonstrate substitutability or the capability to adapt processes during disruption.
  • Recovery: firms and FMIs assume disruptions will occur, and develop the means by which they can adapt their business processes and practices in the event of shocks in order to preserve continuity of service.
  • Communications: firms and FMIs have strategies for communicating with their internal and external stakeholders, including the supervisory authorities and consumers. This should include how to handle the situation to minimise the consequences of disruption.
  • Governance: firms’ and FMIs’ boards and senior management are crucial in setting the business and operational strategies and overseeing their execution in order to ensure operational resilience.

Feedback is welcomed from all parts of the financial sector, as well as from consumers, market participants and other stakeholders, including other regulatory organisations. Comments are accepted by October 5, 2018.

Read this next

Digital Assets

Luxembourg’s regulator warns on false regulation of Crypto Capital Profits

The regulator of Luxembourg’s financial markets, the Commission de Surveillance du Secteur Financier (CSSF), has warned that a firm claiming to be authorized under the name Crypto Capital Profits is in fact not licensed to carry out business from within its jurisdiction.

Institutional FX

FINRA fines Wedbush $900K over reporting violations

The Financial Industry Regulatory Authority continues to take disciplinary actions against financial services firms for providing inaccurate securities trading information.

Digital Assets

Bitkub investigated by Thai regulator in ‘wash trading’ case

Thailand’s Securities and Exchange Commission has targeted Bitkub over allegations of inaccurate reporting and wash trading on its cryptocurrency platform.

Crypto Insider secures approval to launch its services in France has registered its cryptocurrency services with the dual regulatory structure in France, which includes the Autorité des Marchés Financiers (AMF) and the Autorité de Contrôle Prudentiel et de Résolution (ACPR).

Inside View

How to offer iOS compliant trading apps? Editorial by Chris Rowe

Webtraders are becoming increasingly important for FX and CFD brokers as more and more of their clients are trading using their mobiles. 

Institutional FX

SpiderRock deploys Eventus trade surveillance for futures and options offering

“As we have begun to provide direct market access as a routing broker and grown in our futures offering, which is subject to a different regulator, we wanted to make sure we chose a trade surveillance platform that has all the tools that we need, a format we can review easily, and capabilities to demonstrate to regulators that we have the proper trade surveillance procedures in place. Validus checks all the boxes for us.”

Industry News

Space and Time raises $20 million to grow its decentralized data warehouse

“We look forward to seeing the ways in which Space and Time will allow the business logic in centralized systems to be automated and connected directly to smart contracts.”

Digital Assets

Mastercard, hi app partner to issue cards with NFT avatars

In partnership with Mastercard, crypto and fiat financial app hi is launching what it calls “the world’s first debit card featuring NFT avatar customization.”

Digital Assets

Wirex to support government of Uzbekistan to adopt blockchain

“We’re excited to work alongside the Uzbekistan Direct Investment Fund in order to help the sector thrive, enrich the financial ecosystem there and set a benchmark for other countries, and ultimately expand.”