On March 29, 2021, the Bank of England (BoE), Prudential Regulation Authority (PRA), and Financial Conduct Authority (FCA) jointly issued policy and supervisory statements to enhance the UK financial system’s resilience against operational disruptions.
Operational resilience necessitates firms embracing the notion that disruptions are inevitable. The underlying assumption is that business disruptions and failures will occur, emphasizing the ongoing requirement to evaluate the firm’s capacity to respond, recover, and take proactive measures to maintain resilience in its critical business services.
Gieom initiated a significant piece of independent research that was conducted over a 7-month period. Participants included many great minds and practitioners from Academia and the Banking Domain. The research report is available for reference in public domain. https://futurebankops.org/research/
Gieom took all of this valuable research and feedback into its labs, resulting in the creation of an approach to implementing operational resilience in 6 simple steps. Gieom`s Risk Central, a Risk and Resilience platform comes with inbuild features and techniques supporting each step of the process.
Gieom’s 6-Steps Process
Step 1 : Identifying Critical Business Service
Important business lines, also referred to as critical business lines or critical functions, are the core activities or services within an organization that are essential for its operations, reputation, and overall success. These are the key areas that must be protected and maintained during times of disruption to ensure the organization can continue functioning effectively.
Gieom`s Risk Central supports the Business Impact Analysis method of identifying critical services.
Business Impact Analysis (BIA) is a process that organizations undertake to assess and understand the potential impacts of disruptions on their key business operations. It involves identifying and analyzing the critical functions, processes, and resources within an organization, and determining the potential consequences of their disruption.
Step 2 : Resource Mapping
Mapping helps organizations identify and manage the critical services, including risks and dependencies related to people, processes, and systems and others. By understanding the service delivery process and potential dependency, organizations can implement appropriate measures to prevent service outages. This proactive approach can create value by streamlining existing control activities that are fragmented across different areas.
The process visualization feature helps in drawing process maps, mapping dependencies, linking to sub-process, linking standard operating procedures and others. The mapping facilitates the identification and management of operational process and dependency, enables the implementation of appropriate preventive measures, and can lead to value creation by rationalizing control activities.
Step 3 : Impact Tolerance
Setting impact tolerances is a process undertaken by organizations to establish thresholds or limits that define the level of harm to consumers or risks to the orderly operation of financial markets that are considered intolerable.
Gieom`s Risk Central supports FMEA method of identifying impact tolerance.
Failure Mode and Effects Analysis (FMEA) is a structured methodology used to identify and analyze potential failures or errors in a system, process, people etc., and to assess their potential severity and analysing effects and causes. The scenario analysis feature helps in assessing and evaluating various hypothetical scenarios that could impact an organization’s operations.
Step 4 : Risk & Control
Operational risk refers to the potential for losses or disruptions arising from inadequate or failed internal processes, systems, human actions, or external events. It is the risk of financial loss or harm to an organization’s reputation resulting from operational failures, including errors, misconduct, fraud, technology failures, or unexpected events.
The Operational Risk feature of Gieom`s Risk Central allows organisations to define risk scoring methodology to measure the inherent and residual risk, Additionally, the Risk & Control Self Assessment (RCSA), risk performance, risk mitigation and others help in carrying out an objective method of risk identification and assessment.
Step 5 : Data Analysis
Various types of data need to be captured and analysed to give a 360 degree view of the operational resilience status of the important or critical services.
The solution supports defining various types of data requirements, defining thresholds, analysing these data points to provide meaning full insights on the resilience health of the organisation. Events data, control deviations, key risk indicators etc. can be captured and analysed.
Step 6 : Remediation
Remediation refers to the actions taken by an organization to address and mitigate identified risks and impacts. It involves implementing measures to prevent or reduce the likelihood of risk events occurring or to minimize their potential impact if they do occur.
The Remediation feature of Gieom Risk Central allows organisation to define different types of mitigation plans and continuously monitor the progress of the same. The different types of mitigation plans could be control enhancement, process redesign, corrective measures and others.
Interested to learn more about Gieom`s six step Operational Resilience Process? Talk to our expert here.