Operational Resilience: Building Effective Frameworks

Session 1: Introduction – The Regulatory Position

• Operational Resilience training begins with FCA and PRA positions – operational risk resilience to regulatory objectives
• Where we are now and how we got here
• Key milestones and practical validation requirements
• Rules or guidance – specific firm applicability concludes this session
• Further expectations by March 31, 2025
• Case Studies: Issues at British Airways, O2, TSB Bank, HSBC

Session 2: Governance & Strategy

• Messaging – more than “Everyday Business Continuity”
• Prevent, Adapt, Respond, Recover, Learn
• SM24 responsibilities and broader Senior Managers and Certification Regime (SMCR) integration
• Roles for all leaders; line of sight to senior management
• Session two of this operational resilience course concludes with leadership in a hostile cyber environment 

Session 3: Building an Effective and Compliant Operational Resilience Program

• Identifying key business services:
• Definitions
• Single activities – not groups
• Criteria for consistent assessment
• Alignment with other business themes

• Setting operational resilience impact tolerances:
• Identifying operational Risks resilience and Disruptors
• Probability / Impact / Control Effectiveness
• Value-based / Volume-based / Time-based
• Quantifying the maximum tolerable level of disruption
• Addressing both FCA and operational resilience PRA concerns

• This operational resilience masterclass covers the understanding of upstream/downstream dependencies by identifying and documenting:
• People
• Processes
• Technology
• Facilities
• Information

• Ongoing operational resilience management:
• First Line - Monitoring / Surveillance
• Second-line - Testing
• Scorecards / Dashboards – what, how, where
• Stress testing / Scenario modelling
• Annual review / Material change is covered during operational resilience training
• Exercise in breakout rooms for groups to discuss challenges and opportunities in building an effective program using templated handouts  

Session 4: Holistic Management Considerations

• Links to Business Continuity / Disaster Recovery
• Front, middle and back office – connecting the lines to benefit consumers
• What actually happens when business services are disrupted? Roles and responsibilities
• Communication plans – internal and external
• Employees – engage, empower, evolve
• Documenting effective FCA operational resilience self-assessment and lessons learned 

Session 5: Introducing AI opportunities

• Proactive Risk Identification and Modeling
• Automation in Disruption Response and Recovery
• Continuous Improvement and Adaptive Operations
• Data and Governance Considerations
• Managing AI-Specific Risks

Course Wrap-up:

• Summary
• Questions
• Open forum; participants attending our operational resilience framework course find this extremely helpful in concluding the session

At Redcliffe Training, our operational resilience training course is delivered by a specialist with over 20 years of Financial Services experience. He is extremely well-placed in supporting participants across a range of compliance-related topics.

As a former Head of Education for HSBC covering the UK and Europe, he is responsible for regulatory and financial crime-related compliance learning. His time at HSBC was during intense scrutiny from regulators and government functions during the bank’s Deferred Prosecution Agreement.

Our specialist has a wealth of practical experience, including leading the Monitoring and Operational Resilience Scenario Testing programme for a UK Wealth Manager. He was Senior Vice President responsible for Global Risk & Compliance training at a US-based bank and also worked in the Operational Resilience Insurance Firms division at the Financial Conduct Authority; back in the Financial Services Authority (FSA) days. Here, our trainer was the divisional expert for the rules and outcomes required under the Training & Competence handbook.

The HSBC role, along with five years at Barclays in their Private Clients and Wealth functions has seen our operational resilience training lead work with retail, commercial, wholesale and private operational resilience in banking channels. Since leaving HSBC, our specialist has worked with the compliance, HR and operational teams of firms to enhance their understanding of regulations, as well as delivering content across private equity firms, investment houses, banks and wealth managers. He regularly provides core programmes for the Truth in Savings Act (TISA) and the Investment Association.

He is a former Investment Management Association Training & Education Committee member and won the Thomson Reuters award for “Most Effective Compliance Training at a Regulated Firm” in 2010.

Participants attending our operational resilience framework course are learning directly from a trainer with a wealth of dedicated experience.

• Operational Resilience training helps you understand regulatory drivers and priorities.
• Sessions teach you how to recognise milestones and timelines for full compliance.
• We’ll consider the factors you should promote to build an inclusive operational resilience framework FCA that staff can buy into.
• Provide a foundation for your in-house strategies.
• Understand the criteria by which you can identify operational resilience.
• Recognise common risks and disruptors to business continuity and operational resilience stability.
• Consider appropriate operational resilience governance and oversight models.
• Appreciate developing AI opportunities.

• Redcliffe Training’s Operational Resilience course is led by an expert with knowledge of FCA expectations and how they have changed, best practices and mandatory updates.
• We have served clients of all shapes and sizes in the financial sector and are fully aware of the obligations required of regulated firms. This session covers what’s expected by regulators.
• Redcliffe’s has delivered training for over 20 years, gaining a profound understanding of the industry.
• Your course director is experienced as both a regulator and in training operational resilience regulation requirements across wholesale and retail financial firms. Sessions are enhanced by the wealth of knowledge and experience passed on by the trainer.
• We do not use purely academics for our operational resilience framework training course. All our trainers are highly experienced professionals with relevant vocational experience in the real world.
• Our case studies enhance learning points and are often found essential in truly understanding the requirements and growing the skills to apply them.
• We are always judged by results which speak for themselves; previous delegate feedback speaks highly of this course.

At Redcliffe Training our operational resilience training course is delivered by a time-served industry expert. PRA and FCA have differing application criteria though in the main. Banks, building societies, Prudential Regulation Authority (PRA) designated investment firms, RIEs and ‘Enhanced’ SM&CR firms will have rules mandated. That said, the FCA expects that all firms will have properly tested contingency plans and it is considered likely that the rules will apply as guidance for Core SM&CR firms who are solo-regulated.

Relevant staff roles applicable to operational resilience training include Operational Risk Resilience and Compliance, Operational Oversight and Operational Resilience Management. Plus, those in Business Continuity and Disaster Recovery who will have crossover responsibility for FCA PRA operational resilience will also benefit from this session.

This Operational Resilience masterclass covers the regulatory position, governance and strategy, how to build an effective resilience program and considerations for holistic management.

One method regulators use to assess their performance is by measuring whether consumers get the products and services they need and want from firms they can trust. Principle 6 (of the Principles for Operational Resilience Business) and the subsequent 6 Treating Customers Fairly Outcomes explicitly call out the obligation to pay due regard to our customer’s needs and for products and services to perform as reasonably expected.

Yet things can and will go wrong. Regulators remain concerned that Financial Institutions are not doing enough to identify where this might happen or to remedy weaknesses in their businesses which allow this to happen.

This operational resilience course explores the FCA building operational resilience and PRA proposals, explains the requirements and considers how we in firms can deliver a more resilient operational framework, including the potential for AI usage, to deliver what our customers and clients expect.