The PRA stresses the importance of Boards and senior management actively supervising the implementation of the firm’s operational resilience program.

The Chief Operating Officer (COO) or Chief Information Officer (CIO) should prioritise operational resilience and compliance, being responsible for the approach.

Taking a proactive stance is crucial for firms to meet regulatory standards.

Sheffield Haworth offers support to firms by:

-ensuring the effective implementation of the resilience program plan in compliance with PRA guidelines and continuously enhancing it.

-identifying operational resilience gaps and suggesting areas for improvement.

-keeping operational resilience policies and procedures current and well-tested.

Regulators are now emphasising the urgency for Financial Services firms to enhance their response capabilities to various operational events that could potentially disrupt their operations due to increasing concerns about operational continuity failures.

This shift is noticeable in supervisory statements and expectations released since 2015. Recent engagements between regulatory bodies like the PRA and FCA and firms highlight the growing focus on operational resilience. Furthermore, regulations such as the discussion paper on Critical third parties in the UK financial sector and the Digital Operational Resilience Act (DORA) in the EU have become crucial guidelines actively followed by firms within their jurisdiction.

The operational resilience policy, jointly introduced by the Bank, PRA, and FCA, requires firms to identify critical business services, set impact tolerances, and proactively ensure the continuous delivery of these services during severe disruptions. This policy, along with updates on outsourcing and third-party risk management, acknowledges firms‘ increasing reliance on third parties, including cloud service providers. The PRA is committed to evaluating firms‘ progress against its policy expectations, ensuring the ability to deliver essential business services within established impact tolerances by March 31, 2025.

The review has been written by Charles Matthee​, Risk Advisory Lead. To discuss the review further, reach out to Charles or Adriaan Hugo, Executive Director, Change Consulting.

Welcome to the Sheffield Haworth Inclusive Insurance report 2024, where the Insurance and InsurTech team examines the industry’s major talent trends for the remainder of the year ahead.

2023 has been a tough year for the economy, but not so much for Insurance. With insurers enjoying a hard market that looks set to continue into 2024, and broking undergoing a period of intense investment, firms were more reticent to hire than we might have expected. Yet this reticence can’t last. In fact, the signs point to a more buoyant talent market in 2024, and this is where firms must take diversity more seriously in their hiring.

In our article “10 ways for insurance firms to increase diversity” Mark Lomas, Head of Culture at Lloyd’s, discusses cultural diversity principally regarding ethnicity and gender. Yet, his words could equally apply to any form of diversity, from the need to bring in and develop new skills (discussed in our article “Future skills: challenges and solutions for the insurance industry in 2024”) to the need to consider roles and responsibilities across organisations in a more holistic way (which we touch upon in our piece “Bringing fresh skills to insurance clients”).

We hope this Outlook will provide helpful insights as you develop talent strategies to achieve success in 2024 and beyond.

Digital transformation should be broadly defined because it touches every aspect of a business. Digital transformation should remodel not just operations but how we imagine value for clients.

What makes digital transformation challenging is that most banks use the digital tools they already own as starting points and then focus on incrementally enhancing them. To think this way is not to think big enough….

This comprehensive research report delves into the crucial role of Chief Information Security Officers (CISOs) and explores the strategies and skills they need to cultivate to influence the board effectively. Recognising the growing importance of Cybersecurity in today’s digital landscape, this paper highlights the significance of bridging the gap between technical expertise and board-level decision-making.
We talked with 30 leading cybersecurity leaders in the Asia-Pacific region in key sectors, including consulting, technology, financial services, telecoms, and consumer goods. We discuss the challenges of Generative AI, how this is impacting the nature of the role, and what skills and strategies are needed to influence the board.

Key Takeaways in Part 1 :

Why CISOs Will Become Better Business Leaders

The contributors discuss the significant cybersecurity risks Generative AI, such as Chat GPT, poses, including data loss, misuse of sensitive information, and increased cyberattacks and agree there is a lack of guidelines and common standards regarding the use of generative AI. The lack of guidelines leads to challenges in response strategies, with employees being the weakest line of defence and lacking awareness of the risks associated with generative AI, leading to potential data breaches and privacy issues.

To read the full detailed discussion and conclusions from our 30 cybersecurity leaders, download the report here.

If you would like to discuss the findings in this report or other talent-related topics, please get in touch with our team of specialist consultants here.

Risk and resilience are at the heart of the regulatory agenda: prevent, adapt, respond, recover, and learn. All the buzzwords necessary for strategic change and transformation programs.

Over the past few years, new regulations, guidelines, directives, and standards have dominated the financial landscape and continue to do so in the years ahead. The EMIR Refit, DORA, and MiFID III deadlines are fast approaching. At the same time, the EU Corporate Sustainability Due Diligence Directive (CSDDD) and Cyber Resilience Act (CRA) are expected to be finalised in 2023. Not to mention reforms to ESG and crypto assets that are also at the forefront of regulatory development for 2023. In an ideal world, an organisation would have five, or even ten years to plan its transformation program carefully. However, this isn’t the reality, and change programs are often reactionary to the rapidly evolving financial markets.

Toby Enstone, Director, Change Consulting

The risks of incomplete human due diligence in M&A are steep. They do not need to be.

Announcements of mergers and acquisitions are ritually accompanied by rhetorical nods to the human elements of a deal, nearly always in the most glowing terms. What every veteran of M&A knows is how often the human elements are underappreciated in the process of getting a deal done.

Although investment banking compensation will likely be down again this year as revenues continue to drag, this is good news for banks looking to hire.