The FCA published PS21/3 Building operational resilience in March 2021. The Policy Statement set out the final rules and guidance on the FCA’s new requirements to strengthen operational resilience in the financial services sector. The firms affected by the rules, which came into force on 31st March 2022, include banks, building societies, insurers and Enhanced scope SM&CR firms, with firms being required to have performed mapping and testing by 31st March 2025 so they are able to remain within impact tolerances for each important business service.
The FCA has published a new webpage setting out observations and insights on the preparations firms have made towards complying with PS21/3: Building operational resilience. The FCA has asked firms to ensure they are ready to comply with the rules on operational resilience by the end of the transitional period (31 March 2025), setting out insights and observations on the new webpage for firms to use to help review their approach. These insights and observations include:
- Important business services
- Impact tolerance
- Mapping and third parties
- Scenario testing
- Vulnerabilities and remediation
- Response and recovery plans
- Governance and self-assessment
- Embedding operational resilience
- Horizon scanning