QUESTION:  What is Operational Resilience?

Operational resilience should not be viewed as a risk type but as the end state we are looking to achieve. Operational risk is the main underlying risk. It is about managing the breadth of operational risks to achieve resilience, rather than seeing resilience as a new risk discipline in itself.

As a start-up bank, all systems have been built from the ground up and therefore should to a certain extent already be resilient. The challenge is having to make sure this level of resilience is transferred to people and third party considerations.

As the volume of third parties used by any start-up business grows, all these third parties need to be aligned to the same vision as the bank, from a resilience. perspective.

QUESTION: Who is accountable for Resilience?

Accountability for resilience is split across the CIO, Head of Operations and the Head of Legal, who is also responsible for third party management.

The CIO is required to ensure that systems built are resilient and are kept up to date.

The Head of Operations is responsible for always maintaining strong customer communication and ensuring transactions on behalf of customers are correctly dealt executed.

The Head of Legal, HR & Third Party Risk Management is responsible for ensuring all of the firm’s third party suppliers are resilient.

Post COVID-19, resilience will need to be emphasised more heavily across these role descriptions. Risk, and specifically the operational risk function, is responsible for ensuring that all of the above happens and assessing the robustness of controls. The SMF24 (Chief Operations Function) role is the most natural home for resilience.

QUESTION: What roles have you created or changed?

Given the company has been built from the ground up to be resilient, the organisation has not had to play catch-up in order to be resilient. As a result, nobody has been recruited into the organisation recently to complete resilience work.

Where additional headcount has been added from a first and second line risk management perspective, hiring managers have been mindful of candidate’s resilience capabilities.

A new Head of First-Line BCM and Disaster Recovery has joined the organisation recently and is part of the Operations function. This is not a newly created role, it was already an established position within the organisation

QUESTION: What skill sets are in demand?

In future, pure operational resilience roles will crop up and senior individuals will be hired into these roles. As a result, individuals with strong operational resilience skill sets, including significant technology risk, cyber and operational experience, as well as an understanding of the regulatory landscape around this, will be in demand.

However, for now it is important to embed resilience principals, educate the broader business and ensure individuals in the first, second and third line have clearly responsibilities relating to resilience.

QUESTION: What have you learnt from COVID-19?

Third party risk management and resilience planning are not a response to COVID-19 but COVID-19 will have a significant impact on how they evolve. Many firms will consider their outsourcing strategy and whether it is better to bring certain activities in-house.

One of the biggest takeaways will be the consideration of how much office space is needed and whether working from home can be just as effective. Firms will be looking at their footprint in London and this will be up for review across many organisations.

There may be reviews in terms of the level of detail involved in BCM. For example, prior to COVID-19 there was not an actionable plan for a potential flu pandemic at this organisation. Often there has been push back around too much BCM and having plans scoped out in advanced. There now may be a difference of opinion on this. However, if working remotely applies across a very large number of possible crisis scenarios, do firms need such detailed BCM.

INTERVIEW END

Would you like to download the complete Risk Resiliency Whitepaper?

Download the paper now

Leathwaite recently executed a series of interviews with global heads of Risk to understand how organisations across all sectors have been implementing crisis plans.

Since lockdown began, organisations across all sectors have been implementing crisis plans. We were keen to understand what financial services firms globally had put in place over the last year; since regulators, particularly in the UK, began to make stipulations around process mapping, understanding of impact tolerances and running increased scenario testing.

Contact us!

Click on the button below to contact your local Leathwaite office to discuss your executive search or senior leadership requirements: 

Click here to contact Leathwaite