Michael D’Onofrio, CEO, Orbus Software
Prevent. Adapt. Respond. Recover. Learn. These are the five goals set out by the Statement of Policy on Operational Resilience in 2018 on how financial services must overcome disruption. As of March 31st 2022, regulated service providers need to comply with this statement.
While initiated before the pandemic, the global event has accelerated the need for regulators to take a more solid step in this direction. Now more than ever, there are increasing challenges financial services firms face in managing operational disruption.
It is clear from recent conversations with CIOs and Chief Information Security Officers within the banking sector that resiliency is a topic that is quickly moving up executive agendas.
Resiliency is more than just a word. It is becoming one of those overarching terms that focus on taking a more holistic perspective on behaviours, processes and technologies within a business. These all come together to support a digital operating model which sits at the heart of most businesses today.
We think about resiliency as having four key parts:
- Clarity is understanding what you have now, and where you are going in the future. A business’ digital transformation journey is fundamental to understand where it is going in terms of clarity of purpose.
- Agility is knowing how you get there and being able to assemble technologies that exist within a business. An example of agility is when one of your sites goes down and both your people and data centre are offline. How do you rapidly and flexibly respond to that? How do you ensure you have agility around your operations, so you don’t get impacted at the same magnitude from these activities going forward?
- Reliability is where technology and business operations meet and are often complex. In the past, companies may have had on premise software that was relatively easy to manage. Now, businesses have hybrid environments: whether cloud, on premise, or a combination of the two. Reliability in this complex environment is hard to achieve.
- Sustainability means making the right long-term decisions for the business. This is not just in terms of technology and business processes, but also the environment too. For example, moving an on-premise application into the cloud has sustainability benefits due to the efficiency of the hyperscale data centres.
Businesses need to get these four elements right to be able to have a resiliency level that is mature, that can respond to external shocks, and that is also both effective and efficient in terms of internal operations.
Across the UK there’s an operational resiliency regulatory mandate kicking in. But US regulators have pushed for these changes many years before. Being a bigger market and having more resources, the US may be slightly ahead here. Having said this, it’s not so much that the US has gone first, and the UK and Europe are following, but that they’re both in a sort of continuous resiliency building activities.
Some think that resiliency is merely a risk management strategy. However, resiliency is more about adopting a strategic and operational mindset and taking a holistic approach to what’s going on. Security is a huge part of resiliency. The more we move to the cloud, the more complex the security posture becomes. How you’re going to respond is partly driven by the architecture that you’ve set up. A well-designed architecture is a resilient architecture.
Financial risks arising from climate change is also an important theme that needs to be considered in this context. Providing for the needs of current and future generations gives purpose to resilience, seeking better long-term outcomes. Sustainable decisions need to be made now to get ahead of the curve otherwise, we will always be playing catch up. Ensuring that you can deliver both internal operations and products and services to customers in a decade’s time is important.
There are many dimensions to diversity: talent base, workforce, executive teams should reflect that of the world around you. And for us, diversity refers to another part of the ESG or environmental, social and governance considerations of a business. An organisation should reflect its customers and the world which, of course, is a very diverse place.
Global events such as the pandemic have had a big impact on business resiliency. According to two MIT Sloan professors, the pandemic has taught us that “it’s not enough for organisations to excel at a steady state — they also must build the resilience to respond to irregular operations and conditions”.
This is where the four elements mentioned above come into play: you need to have clarity of where you’re going and the agility to be able to respond to these situations. According to Reuters report “Fintech, Regtech and the Role of Compliance in 2021”, 70% of risk and compliance experts said the pandemic has increased their reliance on technology to improve decision making, performance monitoring, and risk management.
However, while other software in your business – like transactional systems or payroll systems – need to be 100% accurate, Enterprise Architecture is often operating in the 80/20 range, sometimes with even less information. Knowing that you’re going to need to make decisions with imperfect information is a critical part of Enterprise Architecture.
Understanding where you are, what your challenges are, where you’re going, and the different parts needed to get there, is one of the ways that digital platforms and skills within your team, often sitting within the architectural strategy teams, can help you be more resilient.
