As the financial services industry continues to evolve at an unprecedented pace, operational resilience is at the forefront of concerns for many firms within the UK Financial firms and customers alike. The UK Financial Services industry, a cornerstone of the global financial ecosystem, is now grappling with rising threats that could significantly impact firms’ operational resilience frameworks.
Operational resilience goes beyond mere business continuity and disaster recovery. Financial institutions and FMIs must establish strong frameworks to ensure the provision of critical services, regardless of the disruption’s origin. This encompasses human-induced risks like physical and cyber attacks, IT system failures, and third-party supplier failures. Moreover, it encompasses natural threats such as fires, extreme weather, floods, and pandemics.
In this article, we highlight some of the areas FCA-regulated firms may need to consider when implementing frameworks, strategies and culture where it pertains to remaining operationally resilient in the face of threats and mitigating exposure to adverse events.
1. The Importance of Cybersecurity in an Evolving Cyberspace
In an increasingly interconnected world, where technology plays an integral role in nearly every aspect of our lives, the need for robust cybersecurity measures has become paramount. Cybersecurity is not merely a risk to be managed; it is the proactive response and protective action against the dangers lurking within the expansive realm of cyberspace. The term “cyber risks” or “cybercrime” may better capture the essence of the threats that can infiltrate regulated firms and disrupt their operations, compromising sensitive data, financial stability, and even public trust. As the digital landscape continues to evolve and cybercriminals become increasingly sophisticated, understanding the significance of cybersecurity and its role in safeguarding regulated firms has never been more critical.
This is amplified by the case of LinkedIn’s data breach in 2021 where the professional networking giant saw 700 million of its user’s data compromised by criminals sharing illegally obtained data on the dark web. A hacker used data-scrapping techniques by exploiting the site’s API. LinkedIn argued that no sensitive data was obtained. Nevertheless, this was a gross breach of the company’s terms of service. The hacker obtained email addresses, phone numbers, geolocation records, gender, and other social media details, all of which provided malicious actors with enough information to potentially craft convincing follow-on social engineering attacks.
2. Navigating through Global Disruptions
The Covid-19 pandemic unveiled another unchartered territory: operational continuity amidst global disruption as a result of the pandemic, affecting a plethora of industries including the financial services industry. The pervasive effects of the pandemic greatly impacted freedom of movement restricted due to lockdowns and quarantines, along with infection rates causing a reduction in the workforce population. The abrupt transition to remote working conditions exposed gaps in disaster recovery and business continuity plans. The insights gained from the pandemic, including the realisation of traditional business continuity plans’ shortcomings, ought to be prompting a substantial reconsideration of conventional operational risk management strategies.
3. UK Financial Firms in the Post-Brexit Era: Adapting to Change
Brexit has posed multifaceted challenges to UK financial firms. The withdrawal from the European Union has necessitated the establishment of new operational frameworks to accommodate changes in regulatory requirements, data sharing, and cross-border operations. Firms have had to reevaluate their supply chains, technology systems, and staffing arrangements to ensure continuity in service provision amidst evolving geopolitical and trade dynamics. The increased complexity of navigating distinct regulatory regimes has demanded robust risk management practices and substantial investments in compliance functions. Additionally, the alteration in market access arrangements has led to heightened volatility in trading activities, underscoring the significance of resilient trading platforms and risk monitoring mechanisms. Overall, UK financial firms have confronted the imperative of adapting their operational models to maintain both stability and competitiveness in a post-Brexit landscape.
4. The Supply Chain: Unveiling Third-Party Risks
Modern financial services rely heavily on third-party vendors for technology, data management, and other critical functions. However, these external dependencies can introduce vulnerabilities if not properly managed, from data breaches at the vendor level to the potential for service interruptions.
A notable example of supply chain risk in the financial sector involved a data breach in 2019 at Capital One affecting over 100 million people. A Former Amazon Web Services software engineer illegally accessed one of the Amazon Web Services servers storing Capital One’s data and stole 100 million credit card applications dating back to 2005, leaving millions of people vulnerable to criminals. The extent of compromised data categorises this incident as among the most severe data breaches in the financial services sector.
How can Firms Mitigate Risks?
To mitigate these threats, a proactive, multi-faceted approach is imperative. This includes fostering a strong culture of due diligence, regularly testing and updating disaster recovery plans, vigilantly monitoring regulatory changes, and strengthening vendor risk management.
However, true operational resilience goes beyond risk management. It requires a paradigm shift: viewing resilience not as a regulatory obligation but as an opportunity to drive competitive advantage. In an industry where trust is a key currency, a robust operational resilience strategy can serve as a powerful differentiator.
It’s a challenging landscape, but one ripe with opportunities. As threats to operational resilience continue to mount, UK Financial Services must take the helm, turning adversity into an advantage through anticipation, preparation, and innovative thinking.
How can Complyport Help?
Our Operational Resilience (OR) team specialise in building robust and digitally enabled solutions to strengthen your Operational Resilience capabilities. Our comprehensive range of OR and IT services are designed to support your journey towards Operational Resilience and OR regulatory compliance. Here’s how we can assist you:
- Operational Resilience Programme Support
- Initiation and implementation of advanced operational resilience strategies
- Operational Resilience Impact Assessment to identify potential gaps
- Expert guidance in defining risk scenarios and optimising continuity strategies
- Ongoing Operational Resilience Support
- Ensuring compliance with regulators’ requirements
- Detailed report as a roadmap to achieve regulatory compliance
- Health-check and progress assessment for sustainable resilience methodologies
- Comprehensive IT Audit, IT Audit Report, and Annual IT Audit Plan
- Address IT challenges
- Improve IT governance
- Meet stakeholders’ expectations and compliance and assurance responsibilities in the context of IT
- Comprehensive auditing of IT systems
- Audit Report and establish an Annual IT Audit Plan
- Third Party Risk Management Services
- Effective management of outsourcing and third-party risk
- Evaluation of practices against regulatory requirements
- Remediation assistance
- Efficient Day-to-day Operational Processes
- Comprehensive operational process management
- Operational Resilience Assurance
- Demonstrating to stakeholders the effectiveness of your operational resilience framework
- Independent assurance report with a granular view of control effectiveness
- REP018 Report
- Risk assessment on operational resilience and information security
- Analysis of the risk assessment findings
For tailor-made services that align with your company’s needs, get in touch with Complyport. Let us be your trusted partner in achieving operational resilience excellence and meeting regulatory expectations. Contact us today at thomas.salmon@complyport.co.uk