Operational resilience – it’s all about your clients.

Expert: Cat Dankos, Regulatory Consultant, Herbert Smith Freehills
Facilitator: Paul Miles, Founder, Silverback Consultancy

Key takeaways:

1. Operational resilience is about joining the dots of the various components, Does the company know what the risks and risk tolerance are and how soon it could get up and running should a breach occur?
2. COVID-19 confirmed the value of old resilience issues and brought about new ones; systems interdependency and people.
3. This change in focus brings about opportunities - the conversation has been expanded and reframed. Remote working brings about cultural change.
4. The value of culture has been strengthened in the past 12 months as companies have relied on strong loyalty and buy in from employees working from home.

Context

The general feeling is that the industry has adapted well to the challenges brought about by COVID-19. Indeed, resilience was already high on the list of financial services firms in terms of regulatory expectations and managing risk on behalf of clients.  COVID-19 and remote working catapulted it right to the top of the list and has also gone on to present opportunities around people and business culture too.

How is resilience defined?

Operational resilience is about joining the dots of the various components, Does the company know what the risks and risk tolerance are and how soon it could get up and running should a breach occur?

At a basic level resilience means can a firm recover and be quickly operational again and how long is that likely to take. The sequence is to prevent, adapt, respond to and recover from an event. 

There needs to be resource to look at a variety of scenarios but also the acknowledgement that there are many unknown unknowns that could never be anticipated. COVID-19 is one of those.

The jigsaw of regulatory reviews and pushes have been largely around identifying tolerances for a given situation and what the maximum level of disruption would be in a given area before an operational disruption would occur.

The regulator wants to encourage standard contractual terms so there is some certainty over how quickly a firm can get back up and running. But sometimes there is a disconnect between what is feasible and doable and what the regulator wants.

New areas for resilience

COVID-19 confirmed the value of old resilience issues and brought about new ones; systems interdependency and people.

COVID-19 initially focused attention on how to risk manage remote working for all.

Technological advances, in particular digitisation, the cloud and SaaS, mean that the operational risk of not being able to move quickly to a remote model could be addressed.

Technology has also brought about layers of complexity and interdependency when it comes to data sharing and systems interoperability.  If one element fails there can be a very quick and potentially damaging domino effect on other areas.

Resilience also changed quickly from systems to people.

No one could have anticipated that the entire workforce would need to work from home and stay there for over a year. This means that thoughts around resilience needed to evolve and indeed resilience is now extended to managing how people work remotely and how to encourage and inspire them. 

Reframing resilience

This change in focus brings about opportunities - the conversation has been expanded and reframed. Remote working brings about cultural change.

There has been a sea change to input management, where there is direct monitoring of how people spend their time, to output management where the output is instead looked at and measured.

Tools to support remote working have now advanced into the everyday - virtual team meetings and the normalisation of managers and senior staff making direct contact with colleagues to offer support, virtual meetings with clients and other digital measures to ensure that business can go on.

They are now very much a part of the everyday and, in many instances, clients no longer wish to have infrequent face to face meetings instead preferring more regular digital touchpoints. The same applies to staff - some prefer working from home and this is expected to be much more commonplace post pandemic than previously.

Cultural changes.

The value of culture has been strengthened in the past 12 months as companies have relied on strong loyalty and buy in from employees working from home.

Having a different style of management plays into company culture and ways in which to uphold and measure that. It is hard to benchmark good practice but if we are looking at resilience in a people context then we need to know what is good and bad practice.

Mentoring for new starters, especially those that have not got experience in a variety of workplaces and thus fewer points of comparison, has become more important.