QUESTION:  What is Operational Resilience?

Broadly, operational resilience is the ability of a firm to absorb and react to shock. It is also about the ability to recover from shock. It takes a different approach to BCM or disaster recovery. Resilience is about having a wider perspective. It is about the real world shock events. The arrival of COVID-19 is timely in this sense.

An organisation needs to know where its’ essential components are and where it will get risk exposure from if a crisis event occurs. It is about knowing where your extended enterprise is, what services they provide you and where these services are based.

Operational resilience requires having people in place who can think and react to a situation and collaborate within their own organisation and with supply partners, as well as broader industry. You have to have the basics in place, such as being in active conversations with your suppliers on their resilience capabilities, before you are able to bring resilience.

QUESTION: Who is accountable for Resilience?

Accountability for resilience sits with the Chief Data Officer who is also the Chief Resilience Officer. It is however a multi-player sport and complete accountability should not just sit with one function. The Chief Resilience Officer has to bring together a range of different stakeholders in the first line, including cyber security, HR, third party management, as well as work effectively with colleagues in the second line.

The business in the first-line are also accountable and should be taking ownership of resilience for the clients they serve.

QUESTION: What roles have you created or changed?

They have recently created the Chief Resilience Officer position and given it, as an additional area of responsibility, to the Chief Data Officer. Firms across the market are doing similar and creating Chief Resilience Officer roles. They are filling these either in the way they have, by adding it to an existing leadership role, or hiring a high profile person from the external market.

The Chief Resilience Officer needs to be someone senior, who is credible with senior stakeholders across the organisation, who can drive change and co-ordinate activity across a range of functions.

QUESTION: What skill sets are in demand?

There are not many Chief Resilience Officers in the market. Those that do exist have come from IT or info-security backgrounds, such as CISOs.

However, although having a CISO type background is useful it is not essential in these types of roles. It is more important to have come from a background with exposure to the constituents parts of resilience, to be good at stakeholder management and able to effectively navigate an organisation. It is important to be able to get senior attention and to bring people together to solve issues.

QUESTION: What have you learnt from COVID-19?

Firms will be considering their off-shoring strategy and concentration risks. Any organisation that has off-shores operations will be looking carefully at how they have performed and how badly they have been impacted.

For a number of organisations, working from home solves many resilience issues. However, if some off-shore work involves sensitive customer data or physical data, there may be significant risk in having people work from home.

If organisations bring their operations back on-shore, were a certain big scale shock to happen again, such as another pandemic flu or climate change incident that could cause a big problem. Organisations will need to consider whether it makes sense to have all their operations in one location?


Would you like to download the complete Risk Resiliency Whitepaper?

Download the paper now

Leathwaite recently executed a series of interviews with global heads of Risk to understand how organisations across all sectors have been implementing crisis plans.

Since lockdown began, organisations across all sectors have been implementing crisis plans. We were keen to understand what financial services firms globally had put in place over the last year; since regulators, particularly in the UK, began to make stipulations around process mapping, understanding of impact tolerances and running increased scenario testing.

Contact us!

Click on the button below to contact your local Leathwaite office to discuss your executive search or senior leadership requirements: 

Click here to contact Leathwaite