QUESTION:  What is Operational Resilience?

Every major regulator (FED, PRA, OCC) has expectations on how firms will maintain safety and soundness. Resilience has traditionally been about recovering from disaster and adapting organisational structure in response disaster.

In the future, it will mean more of a focus on how to not need to exercise a resilience posture.

A past example would be having a computer system down, results in equity stack falling over. The goal in a resilient world is that no one component can bring down the whole stack.

The COVID-19 example is unique because it didn’t originate internally. No bank or financial institution was prepared for COVID-19, no one will come out of this saying they tested for this, role played, etc. Everyone had to customize their plan once the crisis started.

QUESTION: Who is accountable for Resilience?

Accountability for resilience sits, in part, with the Head of Operational Risk and a small team of four people dedicated to BCM plan structuring, but they are not meant to own the plan. They are meant to own the validation that the plan exists and set firmwide standards on how plans should be structured.

Every business division within the organisation is accountable for their own plans. Within each area it falls to the first line risk officers.

When there is a need to link the plans together across the organisation, risk teams will pool the various plans together.

QUESTION: What roles have you created or changed?

Resilience risk always existed as an independent function, but it used to sit in first line technology risk, as part of the CIO function. It is now in the second line.

Up to this point there have been no external hires. To create the function people have been moved internally.

Going forward, there will be the need to hire an additional 5-6 people in the second line resilience risk team. There will be a new resilience risk model created and it will be more intensive and detail oriented.

There will also be a concerted effort to ensure that contingency plans link together better across the firm going forward.

QUESTION: What skill sets are in demand?

Historically people in BCM roles have been junior and generalists. The function consisted of people who were in the first line for a long time and would end up in a BCM seat.

As the resilience model evolves more technical people will be needed. In the first line there will need to be a mix of people with technology and business experience.

Going forward in the second line, people who can have an intelligent and knowledgeable conversation with the business about their BCM plan will be in demand.

QUESTION: What have you learnt from COVID-19?

We feel good about what we have accomplished in the last three months.

The plan moving forwards will be to try and organically solve the problem of ensuring a state of resilience.

We invested in virtualisation years ago which has been integral and allowed the firm to ramp up from 10% working from home to 98% very quickly. The COVID-19 crisis has shown this can be achieved.

INTERVIEW END

Would you like to download the complete Risk Resiliency Whitepaper?

Download the paper now

Leathwaite recently executed a series of interviews with global heads of Risk to understand how organisations across all sectors have been implementing crisis plans.

Since lockdown began, organisations across all sectors have been implementing crisis plans. We were keen to understand what financial services firms globally had put in place over the last year; since regulators, particularly in the UK, began to make stipulations around process mapping, understanding of impact tolerances and running increased scenario testing.

Contact us!

Click on the button below to contact your local Leathwaite office to discuss your executive search or senior leadership requirements: 

Click here to contact Leathwaite