FCA’s operational resilience deadline looms
Financial institutions have less than two years to ensure – and prove - their operational resilience strategy is robust, to comply with the FCA’s regulations for the UK’s financial sector – CP19/32.
If firms don’t take a drastic approach to overhauling their approach to operational resilience, the consequences are no longer limited to customer disgruntlement or reputational risk. They could be facing breach of regulatory compliance, fines, and potentially a threat to their very survival.
In the face of unprecedented rates of digital transformation, tighter than ever IT budgets, and ever-increasingly complex IT estates, ensuring robust operational resilience is becoming more and more challenging – and outages are on the up, not down. The need for financial institutions to improve their operational resilience is set against a challenging backdrop.
First, the rates of digital transformation in the wake of Covid-19 have been overwhelming. The pandemic forced digital transformation to progress at warp speed to allow businesses to keep up with rapidly changing norms and expectations. While there’s no doubt this shift has brought with it significant benefits, it is only now, as we head toward a "Covid normal" future, that we are be beginning to see the cracks.
We are now hyper-dependent on complex digital systems that very few people on this planet could explain the mechanics of, let alone monitor manually. Illustrating this point, our research indicates that as many as 84% of financial institutions believe that their IT environments have changed more over the last 12 months than in the firm’s entire lifespan – with digital transformation reported to be the main driver of this trend.
But despite the strain that this is putting on firms – with 94% of institutions agreeing that digital transformation is putting stress on their IT systems, compromising real-time data analysis, and creating storage and security issues – there is another problem that is further exacerbating the situation.
Tightening IT budgets are forcing operational resilience down the list of priorities for many firms. In fact, almost eight in 10 firms are adopting lower-quality IT solutions as a direct result of budget constraints – causing IT resilience to be further compromised, at a time when it is more important than ever.
The consequences of these circumstances are already revealing themselves: Over half of financial institutions globally are experiencing at least one full day of downtime every year, a figure which is on the rise. What’s more, for many institutions, operational resilience is fast becoming a “grey swan” issue: a potentially significant event whose impact is widely underestimated. Insufficient understanding of the risks that poor operational resilience presents will create potentially fatal blind spots for firms.
And with the issue firmly on the agenda of regulators – as well as that of customers, who are more likely than ever to take their business elsewhere in the face of repeated outages – the industry itself is now playing catch-up, and they cannot afford to waste any more time.
Do or die
While operational resilience certainly requires a financial investment that many firms may believe they cannot afford, the numbers prove definitively that they cannot survive without it. What’s more, despite the upfront cost needed for more robust IT solutions, many firms may not realise that not only do they have the potential improve observability and ensure operational resilience, but, in the long run, they will drive efficiencies, helping to keep costs down.
The current landscape represents a do-or-die crossroads: prioritising IT resilience has never been more important. With the rate of digital transformation only set to increase, the industry’s epidemic of outages will continue to accelerate, unless drastic change takes place. Incremental change isn’t enough; firms must overhaul their current structures completely, ensuring the importance of operational resilience is implemented across the entire firm’s operations, from the top down.
This can come in many forms, from increased allocation of funding to giving more power to internal players responsible for operational resilience. But whichever approach firms choose, more robust operational resilience is key not only to firms’ regulatory compliance, but their very survival. The reputational damage and customer losses following repeated failures cannot be underestimated. Firms must act now or face the consequences later.
You can read the original article in its entirety in Financial Regulation International here.
And you can learn more about what ITRS Group can do to help your organisation achieve and excel in operational resilience by clicking below.