Building operational resilience and strengthening outsourcing controls in the financial sector

This event will help companies from the technology community and financial services industry understand the real impact of the newly published rules on resilience and outsourcing.

The FCA, alongside the Bank of England and the Prudential Regulation Authority, published a new set of rules which will impact the FS sector, but we also expect it to have a wider impact, affecting technology providers down the line as well as other industries.

This techUK webinar will enable attendees to understand why these rules have been developed, how they will be implemented and what it means for their business. Speakers include:

• Angus McFadyen, Partner, Pinsent Masons
• Luke Scanlon, Head of Fintech Propositions, Pinsent Masons
• Eddie Keal, Industry Leader, Financial Services, IBM UK & Ireland
• Joe Tan, Product Counsel Google Cloud
• Orlando Fernández Ruiz, Senior Technical Specialist, Bank of England
• Simon Rajgopaul, Senior Lawyer, Lloyds

Newly published rules matter

The new rules have been established to increase operational resilience and improve practice in outsourcing, which is important for consumers, firms and financial markets. Operational disruptions and the unavailability of important business services can have a wide and critical impact on the economy, businesses and consumers alike. These disruptions can ultimately threaten the viability of firms or cause instability in the financial markets.

Key rules highlighted

The PRA has issued outsourcing requirements which relate to operational resilience, cloud, data, data locations, data security, data classification and business continuity, together with a range of other matters relevant to technology providers.

Both the FCA and the PRA have particularly highlighted the following new requirements for affected financial services firms:

• identify their important business services that, if disrupted, could cause intolerable harm to consumers of firms or risk to market integrity, threaten the viability of firms or cause instability in the financial system
• set impact tolerances for each important business service (i.e. thresholds for maximum tolerable disruption)
• identify and document the people, processes, technology, facilities and information that support a firm’s important business services (mapping)
• test their ability to remain within their impact tolerances through a range of severe but plausible disruption scenarios
• conduct lessons learnt exercises, including with their technology providers, to identify, prioritise, and invest in their ability to respond and recover from disruptions as effectively as possible 
• develop internal and external communications plans for when important business services are disrupted.

Timeline and transition

To allow firms to adapt and adjust to the new rules, including testing, the new rules have set a transition period and decided on a phased approach:

• from 31 March 2021, firms need to begin considering the PRA’s outsourcing requirements when negotiating contracts with technology and other service providers
• by 31 March 2022, firms need to have identified their important business services, set impact tolerances for the maximum tolerable disruption to these and carried out mapping and testing to a level of sophistication necessary to identify important business services, set impact tolerances and identify any vulnerabilities in their operational resilience
• by 31 March 2025, firms will need to have performed mapping and testing so that they are able to remain within impact tolerances for each important business service, and made the necessary investments to enable them to operate consistently within their impact tolerances.

Please get in touch with the colleagues below for more information. 

Andy Thornley

Head of Financial Services, techUK

×

Andy Thornley

Head of Financial Services, techUK

Andy joined techUK in August 2022 as Head of Programme – Financial Services. His role includes leading techUK’s work in building a greater understanding of the 'technological art of the possible' in order to apply it to the reform and evolution of financial systems.

Before joining techUK, Andy worked for a number of other bodies in the financial services sector, including the British Insurance Brokers’ Association, where in addition to owning policy and public affairs, he was also responsible for fostering InsurTech in the sector.

Andy has a degree in Human Biology and holds a Certificate in Insurance (Cert CII) qualification from the Chartered Insurance Institute. Outside of work, Andy is an avid cyclist and races competitively both on the road as well as the velodrome.

Email:

[email protected]

Twitter:

@AndrewThornley

LinkedIn:

https://www.linkedin.com/in/mr-andy-thornley/

Ella Gago-Brookes

Team Assistant, Markets, techUK

×

Ella Gago-Brookes

Team Assistant, Markets, techUK

Ella joined techUK in November 2023 as a Markets Team Assistant, supporting the Justice and Emergency Services, Central Government and Financial Services Programmes.  

Before joining the team, she was working at the Magistrates' Courts in legal administration and graduated from the University of Liverpool in 2022.  Ella attained an undergraduate degree in History and Politics, and a master's degree in International Relations and Security Studies, with a particular interest in studying asylum rights and gendered violence.  

In her spare time she enjoys going to the gym, watching true crime documentaries, travelling, and making her best attempts to become a better cook.  

Email:

[email protected]