Linking OCiR and operational resilience: potential opportunities and benefits
Operational continuity in resolution (OCiR) and operational resilience are closely related concepts within the broader domain of risk management, particularly in the financial services sector. Breaking these concepts down helps us understand their similarities and the opportunity presented.
OCiR is a regulatory framework introduced by the Prudential Regulatory Authority (PRA) to enhance the preparedness of financial institutions in the event of their failure. Most recently, set out in supervisory statement SS4/21, it aims to ensure that critical functions and services can continue without interruption even if an organisation faces severe financial distress or enters resolution proceedings. OCiR requires firms to develop comprehensive plans and capabilities for maintaining operational continuity during resolution, including the ability to segregate and transfer critical functions to viable entities, maintain access to essential resources, and communicate effectively with stakeholders.
Operational resilience refers to an organisation’s ability to withstand and adapt to disruptions in its operations, ensuring the continuity of critical business processes and services. It involves identifying potential vulnerabilities with its important business services (IBS), implementing measures to mitigate those vulnerabilities, and building the capability to recover quickly when disruptions occur. As set out in supervisory statement SS1/21, operational resilience is essential for maintaining trust and confidence among stakeholders, safeguarding an organisation’s reputation, and meeting regulatory requirements.
The link between OCiR and operational resilience lies in their shared focus in ensuring the continuity of critical business functions and services, particularly in adverse scenarios. Operational resilience practices, such as risk identification, scenario planning, service mapping, and business continuity management are essential for firms to meet OCiR requirements effectively.
Business service mapping is a key activity in meeting both OCiR and operational resilience regulatory requirements. In the case of OCiR, this is to identify, through the creation of a service catalogue, critical services and map them to their underlying operational assets. For operational resilience, it maps IBS to operational assets to enable identification and analysis of vulnerabilities related to these resources.
Suggested mapping linkage
Achieving the linkage of service mapping methodologies requires a multifaceted approach. First, a unified taxonomy and business architecture are established to streamline the categorisation and alignment of services. This ensures a coherent framework for understanding capabilities across the organisation which in turn facilitates mapping. Secondly, a comprehensive data dictionary for operational assets is developed, fostering consistency in approach and facilitating efficient management of each operational asset type. Finally, a singular methodology is implemented for both mapping and managing capabilities, integrating strategies to optimise OCiR and operational resilience.
Benefits of streamlining
Streamlining service mapping methodologies offers a multitude of benefits for organisations. Firstly, it leads to operational cost savings by optimising teams and systems, resulting in greater efficiency and resource utilisation. Additionally, it enhances the integrity of service mapping data, ensuring accuracy and reliability. This not only improves operational performance but also provides a strategic regulatory advantage, particularly with the PRA, which may integrate these capabilities in the future. Furthermore, streamlined service mapping methodologies facilitate enhanced business continuity planning, enabling banks to readily identify critical functions and develop robust continuity plans through this enhanced understanding. This comprehensive approach extends to risk management and incident response, as organisations can effectively identify and mitigate operational risks, bolstering resilience and fostering a culture of preparedness across the board.
Closing thoughts
Unifying service mapping methodologies between OCiR and operational resilience offers organisations an opportunity to enhance resilience and continuity. By establishing a coherent framework, fostering consistency, and integrating mapping methodologies, banks and building societies can optimise operations, achieve regulatory compliance, and mitigate risks effectively. This streamlined approach not only improves efficiency and cost savings but also strengthens business continuity and regulatory preparedness, given the likely direction of associated regulation.
For firms that are currently implementing SS4/21 or SS1/21, Be UK have proven health check tools typically executed over four to six weeks which provide critical insight into where OCiR or operational resilience gaps may exist, approaches to close these gaps, as well as highlighting opportunities where the two regulatory requirements could be unified.
About the author
George is an experienced manager in the retail banking, technology and private wealth sector who has delivered projects for UK and European banks, UK wealth managers, asset managers and professional services firms from front to back office.