26th March 2024: Operational Resilience Training

Course Overview 

One of the ways in which regulators assess their performance is by measuring whether consumers get the products and services they need and want from firms they can trust.  Principle 6 (of the Principles for Business) and the subsequent 6 Treating Customers Fairly Outcomes explicitly call out the obligation to pay due regard to our customer’s needs and for products and services to perform as reasonably expected.

Yet things can and do go wrong – and regulators remain concerned that Financial Institutions are not doing enough to identify where this might happen or to remedy weaknesses in their businesses which allow this to happen.

This course explores the FCA and PRA proposals, explains the requirements and considers how we in firms can deliver a more resilient operational framework to deliver on what our customers and clients expect.

 

Date  26 of March 2024
Time 13:30 – 17:30 UK Time
Duration 4 hours
Price GBP 474 (incl. VAT)

 

Training Objectives

By the end of the programme, participants will:

 

• Understand the regulatory drivers and priorities

• Recognise the milestones and timelines to full compliance

• Consider the factors you should promote to build an inclusive operational resilience framework that staff can buy into

• Provide a foundation for your in-house strategies

• Understand the criteria by which you can identify important business services

• Recognise common risks and disruptors to operational stability

 

Training Outline 

Session 1: Introduction – the regulatory position

• FCA and PRA positions – risks to regulatory objectives

• Where we are now and how we got here

• Looking forward to March 31 2022 – what are the expectations and timelines

• Key milestones and practical validation requirements

• Rules or guidance – specific firm applicability

Case Studies: Issues at British Airways, O2, TSB Bank, HSBC (customised to client)

Session 2: Governance & Strategy

• Messaging – more than “Everyday Business Continuity”

• Prevent, Adapt, Respond, Recover, Learn

• SM24 responsibilities and broader SMCR integration

• Roles for all leaders, line of sight to senior management

• Leadership in a hostile cyber environment

Session 3: Building an effective and compliant operational resilience program

• Identifying key business services

1. Definitions

2. Single activities – not groups

3. Criteria for consistent assessment

4. Alignment with other business themes

•Setting impact tolerances

1. Identifying Risks and Disruptors

2. Probability / Impact / Control Effectiveness

3. Value-based / Volume-based / Time-based

4. Quantifying the maximum tolerable level of disruption

5. Addressing both FCA and PRA concerns

• Understanding upstream / downstream dependencies by identifying and documenting:

1. People

2. Processes

3. Technology

4. Facilities

5. Information

• Ongoing management

1. First Line – Monitoring / Surveillance

2. Second line – Testing

3. Scorecards / Dashboards – what, how, where

4. Stress testing / Scenario modelling

5. Annual review / Material change

Exercise – Breakout Rooms – Groups to discuss challenges and opportunities in building an effective program using templated handouts

Session 4: Holistic management considerations

• Links to Business Continuity / Disaster Recovery

• Front, middle and back office – connecting the lines to benefit consumers

• What actually happens when business services are disrupted – roles and responsibilities

• Communication plans – internal and external

• Employees – engage, empower, evolve

• Documenting effective self-assessment and lessons learned

Course Wrap-up:

• Summary

• Questions

• Open forum

 

Industry Expert | Steve Fairclough

Steve began his financial services career in 1993 and has over 20 years practical training experience across a range of sectors and topics.  He is a former Head of Education for HSBC covering the UK and Europe, responsible for regulatory and financial crime related compliance learning.  His time at HSBC was during intense scrutiny from regulators and government functions during the bank’s Deferred Prosecution Agreement.  Other roles include leading the Monitoring and Testing programme for a UK Wealth Manager, and Senior Vice President responsible for Global Risk & Compliance training at a US-based bank.  He also worked in the Insurance Firms division at the Financial Conduct Authority (in the FSA days) where he was the divisional expert for the rules and outcomes required under the Training & Competence handbook.

The HSBC role, along with five years at Barclays in their Private Clients and Wealth functions, has seen Steve work with retail, commercial, wholesale and private banking channels.  Since leaving HSBC, Stephen has worked with the compliance, HR and operational teams of firms to enhance their regulatory understanding, as well as delivering content across private equity firms, investment houses, banks and wealth managers.  He regularly delivers core programmes for TISA and the Investment Association.

Steve is a former member of the Investment Management Association Training & Education Committee and won the Thomson Reuters award for “Most Effective Compliance Training at a Regulated Firm” in 2010.

 

Who Should Attend 

PRA and FCA have differing application criteria though in the main, banks, building societies, PRA-designated investment firms, RIEs and ‘Enhanced’ SM&CR firms will have rules mandated.  That said, the FCA’s expectation is that all firms will have properly tested contingency plans and it is considered likely that the rules will apply as guidance for Core SM&CR firms who are solo-regulated.

Relevant staff roles include Risk and Compliance, Operational Oversight and Management plus those in Business Continuity and Disaster Recovery who will have crossover responsibility for operational resilience.

Learn More
Facebook
Twitter
LinkedIn
COntact us for assistance

Please fill our free consultation form and a member of our team will get in contact with you.