Risk and Resilience

The PRA stresses the importance of Boards and senior management actively supervising the implementation of the firm’s operational resilience program.

The Chief Operating Officer (COO) or Chief Information Officer (CIO) should prioritise operational resilience and compliance, being responsible for the approach.

Taking a proactive stance is crucial for firms to meet regulatory standards.

Sheffield Haworth offers support to firms by:

-ensuring the effective implementation of the resilience program plan in compliance with PRA guidelines and continuously enhancing it.

-identifying operational resilience gaps and suggesting areas for improvement.

-keeping operational resilience policies and procedures current and well-tested.

Regulators are now emphasising the urgency for Financial Services firms to enhance their response capabilities to various operational events that could potentially disrupt their operations due to increasing concerns about operational continuity failures.

This shift is noticeable in supervisory statements and expectations released since 2015. Recent engagements between regulatory bodies like the PRA and FCA and firms highlight the growing focus on operational resilience. Furthermore, regulations such as the discussion paper on Critical third parties in the UK financial sector and the Digital Operational Resilience Act (DORA) in the EU have become crucial guidelines actively followed by firms within their jurisdiction.

The operational resilience policy, jointly introduced by the Bank, PRA, and FCA, requires firms to identify critical business services, set impact tolerances, and proactively ensure the continuous delivery of these services during severe disruptions. This policy, along with updates on outsourcing and third-party risk management, acknowledges firms’ increasing reliance on third parties, including cloud service providers. The PRA is committed to evaluating firms’ progress against its policy expectations, ensuring the ability to deliver essential business services within established impact tolerances by March 31, 2025.

The review has been written by Charles Matthee, Risk Advisory Lead. To discuss the review further, reach out to Charles or Adriaan Hugo, Executive Director, Change Consulting.

Read the full report

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_75BJ6ML4DR	2 years	This cookie is installed by Google Analytics.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
F24_autoID	10 years	This is a temporary identifier on a local machine or phone browser that helps us track anonymous information to be later married up with f24_personid. If this is left anonymous it will be deleted after 6 months . Non-essential, first party, 10 years, persistent.
F24_personID	10 years	This is an ID generated per individual contact in the Force24 system to be able to track behaviour and form submissions into the Force24 system from outside sources per user. This is used for personalisation and ability to segment decisions for further communications. Non-essential, first party, 10 years, persistent.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

SH INSIGHTS

Share this document