Operational Resilience: Building Effective Frameworks

Session 1: Introduction – The Regulatory Position

• FCA and PRA positions – operational risk resilience to regulatory objectives
• Where we are now and how we got here
• Key milestones and practical validation requirements are covered in this operational resilience training course
• Rules or guidance – specific firm applicability concludes this session
• Further expectations by March 31, 2025
• Case Studies: Issues at British Airways, O2, TSB Bank, HSBC

Session 2: Governance & Strategy

• Messaging – more than “Everyday Business Continuity”
• Prevent, Adapt, Respond, Recover, Learn
• SM24 responsibilities and broader Senior Managers and Certification Regime (SMCR) integration
• Roles for all leaders; line of sight to senior management
• Leadership in a hostile cyber environment 

Session 3: Building an Effective and Compliant Operational Resilience Program

• Identifying key business services:
• Definitions
• Single activities – not groups
• Criteria for consistent assessment
• Alignment with other business themes

• Setting operational resilience impact tolerances:
• Identifying operational risks, resilience and disruptors
• Probability / Impact / Control Effectiveness
• Value-based / Volume-based / Time-based
• Quantifying the maximum tolerable level of disruption
• Addressing both FCA and operational resilience PRA concerns

• Operational resilience courses at Redcliffe cover the understanding of upstream/downstream dependencies by identifying and documenting:
• People
• Processes
• Technology
• Facilities
• Information

• Ongoing operational resilience management:
• First Line - Monitoring / Surveillance
• Second-line - Testing
• Scorecards / Dashboards – what, how, where
• Stress testing / Scenario modelling
• Annual review / Material change is covered during operational resilience training
• Exercise in breakout rooms for groups to discuss challenges and opportunities in building an effective program using templated handouts  

Session 4: Holistic Management Considerations

• Links to Business Continuity / Disaster Recovery
• Front, middle and back office – connecting the lines to benefit consumers
• What actually happens when business services are disrupted? Roles and responsibilities
• Communication plans – internal and external are covered during operational resilience training
• Employees – engage, empower, evolve
• Documenting effective FCA operational resilience self-assessment and lessons learned 

Session 5: Introducing AI opportunities

• Proactive Risk Identification and Modelling
• Automation in Disruption Response and Recovery
• Continuous Improvement and Adaptive Operations
• Data and Governance Considerations
• Managing AI-Specific Risks

Course Wrap-up:

• Summary
• Questions
• Open forum; participants attending our operational resilience framework course find this extremely helpful in concluding the session

Operational resilience training courses at Redcliffe are delivered by a specialist with over 20 years of experience in financial services. He is extremely well-placed in supporting participants across a range of compliance-related topics.

As a former Head of Education for HSBC covering the UK and Europe, he is responsible for regulatory and financial crime-related compliance learning. His time at HSBC was during intense scrutiny from regulators and government functions during the bank’s Deferred Prosecution Agreement.

Our specialist has a wealth of practical experience, including leading the Monitoring and Operational Resilience Scenario Testing programme for a UK Wealth Manager. He was Senior Vice President responsible for Global Risk & Compliance training at a US-based bank, and also worked in the Operational Resilience Insurance Firms division at the Financial Conduct Authority, back in the Financial Services Authority (FSA) days. Here, our operational resilience training lead was the divisional expert for the rules and outcomes required under the Training & Competence handbook.

The HSBC role, along with five years at Barclays in their Private Clients and Wealth functions, has seen our expert work with retail, commercial, wholesale and private operational resilience in banking channels. Since leaving HSBC, our specialist has worked with the compliance, HR and operational teams of firms to enhance their understanding of regulations, as well as delivering content across private equity firms, investment houses, banks and wealth managers. He regularly provides core programmes for the Truth in Savings Act (TISA) and the Investment Association.

This operational resilience training course is delivered by a former Investment Management Association Training & Education Committee member and won the Thomson Reuters award for “Most Effective Compliance Training at a Regulated Firm” in 2010.

Operational resilience training courses at Redcliffe provide a comprehensive framework for understanding regulatory expectations, building robust frameworks, and equipping professionals with the knowledge to strengthen business continuity and compliance across organisations.

• Sessions aid the understanding of regulatory drivers and priorities.
• Recognise milestones and timelines for full compliance.
• We’ll consider the factors you should promote to build an inclusive operational resilience framework that staff can buy into from an FCA perspective.
• Provide a foundation for your in-house strategies.
• Understand the criteria by which you can identify operational resilience.
• Recognise common risks and disruptors to business continuity and operational resilience stability.
• Consider appropriate operational resilience governance and oversight models.
• Sessions appreciate how developing AI opportunities is included in operational resilience training.

• Operational Resilience courses at Redcliffe are led by an expert with knowledge of FCA expectations, their changes, best practices and mandatory updates.
• We have served clients of all shapes and sizes in the financial sector and are fully aware of the obligations required of regulated firms. This session covers what’s expected by regulators.
• We have delivered training for over 20 years, gaining a profound understanding of the industry.
• Your course director is experienced as a regulator and in training operational resilience regulation requirements across wholesale and retail financial firms. Sessions are enhanced by the wealth of knowledge and experience passed on by the trainer.
• We do not use academics for this operational resilience training course. All our trainers are highly experienced professionals with relevant vocational experience in the real world.
• Our case studies enhance learning points and are often found essential in truly understanding the requirements and growing the necessary skills to apply them.
• At Redcliffe Training, we are judged by results, and these speak for themselves; previous delegate feedback speaks highly of this course.

Operational resilience training courses are delivered by a time-served industry expert. PRA and FCA have differing application criteria, though in the main. Banks, building societies, Prudential Regulation Authority (PRA) designated investment firms, RIEs and ‘Enhanced’ SM&CR firms will have rules mandated. That said, the FCA expects that all firms will have properly tested contingency plans, and it is considered likely that the rules will apply as guidance for Core SM&CR firms that are solo-regulated.

Relevant staff roles applicable include Operational Risk Resilience and Compliance, Operational Oversight and Operational Resilience Management. Plus, those in Business Continuity and Disaster Recovery who will have crossover responsibility for FCA PRA operational resilience will also benefit from this session.

Redcliffe’s operational resilience training covers the regulatory position, governance and strategy. Master how to build an effective resilience program and the considerations for holistic management.

One method regulators use to assess performance is by measuring whether consumers receive the products and services they need and want from firms they can trust. Principle 6 of the Principles for Operational Resilience Business and the six Treating Customers Fairly outcomes explicitly highlight the obligation to consider customers’ needs and ensure products and services perform as reasonably expected.

Yet things can go wrong and will go wrong. Regulators remain concerned that Financial Institutions are not doing enough to identify where this might happen or to remedy weaknesses in their businesses which allow this to happen.

Operational resilience courses explore the FCA building operational resilience and PRA proposals, explain the requirements and consider how we in firms can deliver a more resilient operational framework, including the potential for AI usage, to deliver what our customers and clients expect.