Operational Resilience: Six weeks to go…

Hogan Lovells
Contact

Hogan Lovells

The UK regulators’ new rules on Operational Resilience enter into force on 31 March 2022. Firms need to ensure that they have identified “important business services” and set “impact tolerances” for those important business services by the deadline, as well as ensuring they have processes to comply with the other requirements under these new regimes.

The background

In March 2021, both the PRA and the FCA issued statements setting out new rules for certain firms in relation to operational resilience (PRA SS1/21 and FCA PS21/3 respectively).  The new rules require firms to:

  • identify important business services (broadly, services provided by the firm to clients, the disruption of which could cause intolerable harm to: consumers; market integrity; the firm’s safety or soundness; or financial stability); and
  • set impact tolerances for those important business services (broadly, an impact tolerance is the maximum tolerable level of disruption to an important business service as measured by length of time and any other relevant metrics). 

There are also rules aimed at ensuring firms can consistently remain within their impact tolerances. 

What firms need to do now?

Under both the PRA and FCA regimes, the deadline for identifying important business services and setting impact tolerances for those important business services is 31 March 2022. Firms should therefore be well underway with their projects to meet these requirements or else commence them as a priority.

Dual-regulated firms that are subject to both regimes will need to ensure that this exercise takes account of the regulators’ different objectives when setting impact tolerances. The FCA and PRA define the term “impact tolerance” differently, with the FCA’s definition focusing on consumer harm and the PRA’s definition focusing on prudential soundness. 

Whilst impact tolerances set under each regime may often be aligned, firms will need to ensure they understand where they differ and that they are able to effectively monitor and deal with any potential breaches of those separate impact tolerances where this is the case

Next steps

Under both regimes, firms have a three year transitional period from 31 March 2022 to 31 March 2025 to take the necessary steps to be able to stay consistently within impact tolerances for all important business services. However, the regulators’ expectation is that firms will take steps to do this as soon as possible after 31 March 2022 rather than waiting until the end of the transitional period.

In order to meet this requirement, firms will need to undertake exercises to map the people, systems, and services that underpin important business services (including any third party suppliers on which firms rely for the performance of important business services). Firms will also need to undertake regular scenario testing to ensure that they can remain within impact tolerances and will need to conduct “lessons learned” exercises following any tests to understand the changes that need to be made in order to improve their ability to remain within impact tolerances.

In addition, firms should give thought to whether their contractual arrangements with service providers involved in the performance of important business services are sufficiently robust to ensure compliance with the new rules and remediate these if required.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Hogan Lovells

Written by:

Hogan Lovells
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Hogan Lovells on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide