Book A Demo Today

What is Operational Resilience?

Published on December 19, 2022

The word resilience is of Latin origin, which means ‘to rebound’. The current application of the word in operational resilience is not too far-fetched. It refers to an organisation’s ability to cope and recover from any operational disruptions. The global pandemic COVID-19 is a pure example of this, but so are many changing regulations that are imposed on various industries, particularly in the tech and financial sectors.

man in a storm with an umbrella


Let’s take a deep dive into the value of building an operational resilience framework, especially among financial services firms.

What does operational resilience mean?

Operational resilience is a set of strategies that enable people, processes, and systems to adapt to disruptive events. A resilient business is able to operate consistently despite the changing business environments. It specifically ensures business continuity management in the key areas of business operations. Building operational resilience means that a company is able to ramp up or slow down its operations on a per-need basis to maintain a competitive edge while it adapts to the changing external conditions.

From a business perspective, operational resilience also means that an organisation can protect and sustain its core competencies in the face of operational disruption. It is critical that those key areas remain functional as they can impact the business’s ability to overcome disruptive events and impact tolerances.

Why is operational resilience important?

All businesses are aware that risks are present and those disruptive events could happen at any moment’s notice. It is not a matter of if, but when these events could happen.

Your ability to identify and mitigate the risks is what will showcase your operational resilience. Even as challenges and changing market conditions impact your business, building operational resilience ensures that the magnitude of their impact on critical business functions is greatly reduced.

Hand of a man preventing dominos from falling


Customers don’t care what your business is going through. All they care about is for you to deliver the products or services to them when they need them. Therefore, it is your job as a business to become operationally resilient and continue serving your customers. Otherwise, they will turn to your competitors who can serve their needs.

Operational resilience is important in this sense – your ability to maintain business after the disruptive event is over. The use of proper strategy guarantees that various critical business functions are aligned and that functions are siloed. You need to have a strategic plan in place on what approaches to adopt based on the various functions and departments within the organisation.

How to build operational resilience?

For a business to achieve operational resilience, it requires the alignment of common goals among the various areas of your business. Even though the risks vary from one sector of your business to another, you must have a clear idea of what to do in case of a business disruption.

It also requires a culture change within the organisation. Dealing with operational disruptions require identifying and prioritising business flows while maintaining coordination across various teams.

Here are five actionable steps to build operational resilience:

1. Define key business services and functions.

Your company must identify the key services or areas that, if disrupted, can have maximum impact on the organisation and business continuity. The goal is to make these areas the crux of your operational resilience program to ensure that you can continue working toward your business objectives in the face of changing market conditions.

2. Set impact tolerances for your business.

There are various factors that impact your business operation and each of them varies in the level of impact they make. It is important that your company can make that distinction to ensure that you are able to predict, pre-empt, or mitigate the risk based on the hierarchy of importance.

Laptop on a table showing the word resilience on screen

3. Identify dependencies in your organisation.

Companies operate on a dynamic landscape that involves a relational framework of data, systems, and processes. Identifying and understanding dependencies is a ticket to building operational resilience because once you're aware of those connections, you can see things from a larger viewpoint and make impactful changes to your organisational processes.

4. Identify your company’s risk appetite.

Knowing your risk appetite is the first step to developing operational resilience. You can build and leverage the various scenarios that could potentially lead your business to fail. It’s also a smart move to look at past failures and see how you can make changes to your responses to disruptive events and become more operationally resilient. Tie this step into the rest of your business continuity strategy planning.

5. Communicate the plan.

Communicating your operational risk management strategies and business continuity management to stakeholders and team members is just as critical. Make sure to perform testing prior to deploying your continuity and risk management strategies, too.

    What type of firm does operational resilience apply to?

    Operational resilience is vital for the UK financial sector to maintain its stability. Given that a new operational resilience regime was implemented on March 2022 in the UK, banks and firms must adapt and showcase resilience.

    building of banking industry


    These new guidelines were designed by various supervisory authorities in the UK, such as the Financial Conduct Authority (FCA), the Bank of England (BoE), and the Prudential Regulation Authority (PRA).

    The goal of these new operational resilience initiatives is to build stability for the financial infrastructures and firms, while also lessening the blow on the UK economy, should a disruption occur to these financial companies. It’s no secret that financial services firms are a prime target for cyber-attacks and other similar threats. Building cyber resilience is critical in the quest to promote operational resilience.

    Operational Resilience & FCA Compliance

    The FCA operational resilience framework applies to financial services firms, banking firms, building societies, PRA-designated investment firms, investment exchanges, and other firms within the financial markets.

    If your company belongs to these industries, it is imperative that you have an operational resilience strategy in effect.

    Here is a summary of the list of operational resilience policies from FCA:

    • Important business services – A list of services that would cause intolerable harm to customers and the financial markets in case of a disruption.
    • Impact tolerances – The highest level of disruption or impact tolerances that your business can endure while staying operationally resilient. If disruptive events, such as cyber-attacks go beyond this level, it would mean significant harm to the customers and UK financial sector.
    • Transitional arrangements – All financial firms in the UK have until the end of March 2022 to implement the new set of operational resilience requirements. The FCA has outlined a 3-year transitional period for all affected firms.
    • Mapping and testing – The mapping stage is where the businesses establish the necessary resources to continue delivering the products or services to their customers. Meanwhile, testing is when you evaluate if the firm can sustain its impact tolerances.
    • Self-assessment – Building an operational resilience strategy is not a one-time thing. You have to continually re-assess it to improve and make it better.

    Operational Resilience for Other Industries

    The importance of operational resilience is not exclusive to financial services firms. It is valuable across various industries and sectors in the UK, and globally.

    The global effect of the pandemic in 2020 was unprecedented and opened the eyes of businesses from various sectors to the possibility that any singular event can lead to a major operational disruption that could end up crippling the economy.

    Woman serving another woman in a bank


    While the financial sector has been the target for UK regulatory bodies in maintaining operational resilience, other industries and firms need a solid strategy in place.

    One of the top industries that would benefit from operational resilience is the industrial sector. Industrial organisations are facing major challenges with cyber-physical connectivity, which adds a layer of complexity to meeting the existing operational resilience requirements.

    Operational resilience is also essential for technology and data service providers. With consumers and businesses alike relying on technology and data service providers, it is important to maintain resilience in its end-to-end value chain even in the face of disruption. Cyber resilience is going to be an essential part of any organisation’s risk management efforts in this sector.

    C2 has developed a complete software solution for the automation of FCA/PRA Compliance which helps your business identify, analyse and protect Important Business Services in an intuitive and effective way that naturally extends from your existing business continuity planning and processes. Book a demo today to see this module in action.