Operational Resilience & Cyber Security Support

The release of the FCA’s Operational Resilience Policy (PS21/3) outlines new rules coming into force on 31 March 2022. Firms that fall within scope must have identified their important business services, set impact tolerances for the maximum tolerable disruption, and conducted adequate mapping and testing.

Firms need to ensure they have processes, systems, and controls in place to comply with the new rules. Impacted financial services firms are required to produce a self-assessment document which shows how they meet the operational resilience requirements with the firm’s management body expected to review and approve the self-assessment documents regularly.

Success or failure of a company comes down to one single factor: the clients. Regulated firms should be tailoring the operational resilience framework to suit their client needs and services being offered. With a constantly evolving regulatory environment, market stability, increased competition, advancements in technology and a highly complex threat environment; it’s more crucial than ever for firms to be prepared and know their tolerances.

Operational Resilience frameworks should focus on a multitude of areas including, but not limited to:

  • Understanding the nature of customer complaints.
  • Adhering to the scope of the business resilience strategy and objectives.
  • Defining Change Control Management (CCM) and Governance Structures to ensure key milestones and actions are understood.
  • Ongoing Project Management governance and Risk Management for innovative technologies.
  • Establishing a testing regime and quality control processes to achieve business objectives.
Our Specialist Team

Complyport’s Operational Resilience support unit is led by Pantelis Angelides, a leading expert in Cybersecurity, Risk, and Organisational Resilience and Darren Schindler, an expert in Operational Resilience. Supported by a team of 15 technical specialists, our consultants team have helped banks, insurance firms and financial institutions meet their resilience targets across the UK and the EU.

Our Teams’ Technical Standards

  • ISO 31000:2018, Risk management — Guidelines
  • BS EN ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements
  • BS EN ISO 22313:2020, Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301
  • ISO 27001: 2013, Information technology — Security techniques – Information security management systems- requirements
  • ISO 27002, Information technology — Security techniques – Code of practice for information security controls
  • ISO 27005, Information technology — Security techniques – Information security risk assessment
  • ISO 27014 – Information technology — Security techniques – Governance of information security
  • ISO/IEC 27036- 4, Information technology — Security techniques — Information security for supplier relationships – Part 4: Guidelines for security of cloud services
Operational Resilience Impact Assessment

Complyport’s Operational Resilience Team can help regulated firms ensure they are prepared for the FCA’s Operational Resilience Policy by undertaking an Operational Resilience Impact Assessment. Following this review, our consultants will provide a report that will function as a roadmap, outlining what needs to be completed and by when to ensure compliance with the new requirements by 31 March 2022.

As part of our Operational Resilience Impact Assessment we can:

  • Present an assessment of your Operational Resilience framework in line with the Operational Resilience Policy of FCA.
  • Outline gaps within your Operational Resilience framework.
  • Support the definition /redefinition of your approach towards the risk scenarios of operational disruptions and the optimisation of the continuity strategies and tactics to improve your operational resilience posture.
  • Provide summary with respect to the Operational Resilience framework arrangements and mechanisms that need to be in place to comply with the new Operational Resilience Policy requirements.
Ongoing Operational Resilience Support

Following the Operational Resilience Impact Assessment, Complyport can help ensure your firm maintains compliance with the regulations after the 31st of March of 2021.

To discuss the ongoing maintenance and support associate with Operational Resilience, please contact us via the form below to arrange a call with one of our specialist consultants.

At Complyport, we have deep understanding of Operational Resilience and helping regulated firms achieve it. Our team operates on a global scale across multiple jurisdictions and we offer a tailored service to perfectly match your company’s requirements.

Interested in learning more about our services?

Please fill our free consultation form and a member of our team will get in contact with you.

    Contact Us

    First Name
    Last Name
    Phone Number *
    Email *
    Company or Organisation name *

    I agree with the usage of my email to be used by Complyport and related companies for marketing purposes