New data reveals the maturity of the financial sector in business continuity and operational resilience

Organisations – regardless of sector – should use the FCA & BoE’s recommendations to improve operational resilience. This is according to Peter Groucutt, managing director of Databarracks. 

The FCA and BoE issued a discussion paper that aims to engage with the financial services industry and improve the operational resilience of firms and financial market infrastructures (FMIs). Commenting on the findings, Groucutt says: “The financial sector leads in business continuity best practice. It is well regulated and requires high levels of uptime. The best practices introduced by the sector are often taken and more widely adopted by other industries.

Our recent Data Health Check research which surveyed over 400 IT decision-makers revealed 64 per cent of financial firms have tested their disaster recovery processes in the last 12 months compared to only 47 per cent amongst other industries.

“Banks and FMIs have recently been in the headlines due to TSB’s problematic systems - upgrade and Visa’s network outage. The BoE and FCA have issued the paper to generate debate and understand what can be done to reduce operational disruption. But many of the challenges it highlights are broadly applicable beyond just the financial sector.

“All organisations are dealing with growing cyber incidents and cost pressures. All organisations have increased customer demands for accessibility and speed of transactions. All industries are facing disruption by AI and distributed ledger technologies.”

Groucutt continued: “The challenges and questions the BoE and FCA raise are relevant to all industries. The report provides sound advice for firms to take on board regardless of whatever industry they operate in.”

“Notably, setting board-approved impact tolerances is an excellent suggestion. This describes the amount of disruption a firm can tolerate and helps senior management prioritise their investment decisions preparing for incidents. This is fundamental to all good continuity planning; particularly as new technologies emerge, and customer demand for instant access for information intensifies. These tolerances are essential for defining how a business builds its operational practices. It’s something that needs to be regularly reviewed and tested as tolerances change.”

Groucutt continues: “Focusing on business services rather than systems is a good recommendation and one we strongly agree with. Designing your systems and processes on the assumption that there will be disruptions – but ensuring that you can continue to deliver business services is key.”

“It’s also pleasing to see the report highlight the increased concentration of risk due to a limited number of tech providers. This is particularly prevalent in the financial sector for payment systems, but again there are parallels for other industries and technologies. In cloud computing, for example, we’re reaching a state of oligopoly, with the market dominated by a small number of key players. For the end-user, it can lead to a heavy reliance on a single company. This poses a significant risk to your organisation. Yes, these public cloud services allow you to build resilience in by using multiple locations and regions, but you should also aim to limit single-supplier risk.”