Meet FCA requirements with the leading Operational Resilience solution

Use Ansarada GRC to meet the PS21/3 Building Operational Resilience Standard with confidence.

Comply with the new Operational Resilience framework set in place by the Financial Conduct Authority (FCA) in time for the 2025 deadline.

Easily evidence your important business services and that you are reviewing the register on a regular basis.

Reporting outputs highlight any services that were deemed to be outside of your firm’s impact tolerance and what remedial actions were taken.

Scenario testing can be recorded on a regular basis and upon any material change to your firm.

Comply with the FCA's PS21/3 Building Operational Resilience Standard

Ensure your firm is prepared for any future scenario. Book a demo of Ansarada GRC today.

Book a demo Download the brochure

Why is Operational Resilience so crucial now?

Why is Operational Resilience so crucial for UK Financial Services firms now?

Most companies simply aren’t prepared for disruption. Data from BCG shows that only 10% are resilient and thriving.

On 29th March 2021 the Financial Conduct Authority (FCA) published final rules that will create a new Operational Resilience framework for banks, building societies and other specific financial institutions in the UK.

The new rules came into effect on 31st March 2022, giving firms three years to embed appropriate metrics and controls to measure ‘important business services’ and set ‘impact tolerances’ to help them understand and evidence that should a critical system fail, they can continue to operate without serious adverse effects on the business and their customers.

Who is impacted by the FCA’s new Operational Resilience rules?

The rules will affect banks, building societies, designated investment firms, insurers, Recognised Investment Exchanges (RIEs), enhanced scope senior managers and certification regime (SMCR) firms and entities authorised or registered under the Payment Services Regulations 2017 or the Electronic Money Regulations 2011.

For those not in scope, given recent events and the potential future focus of regulators, core firms under SMCR may benefit from familiarising themselves with the forthcoming regime.

Ansarada GRC for Operational Resilience

Address all of the FCA's requirements while building an operationally resilient firm.

Manage your Important Business Services Register

The FCA requires the identification of important business services that if disrupted could cause harm to consumers or market integrity, threaten the viability of firms or cause instability in the financial system.

Use Ansarada GRC to:

Create a centralised and accessible register of important business services
Assign these to stakeholders and rate their priority & criticality
Understand and maintain critical operations to minimise the likelihood and impact of disruption
Link services to other records throughout the GRC system, enabling links to third parties, time-based metrics, risks, events and scenarios
Ensure the resources that enable critical services and processes can adapt in the event of disruption
Set alternate processes or resources where a disruption occurs

Be confident you are within acceptable impact tolerances

For each Important Business Service, an FCA-regulated entity must establish set impact tolerances, which would quantify the maximum level of disruption they would tolerate.

Use Ansarada GRC to:

Define what is an ‘inconvenience’ vs. ‘intolerable harm’, and establish tolerance levels across processes and resources
Use the Impact Time Matrix to measure the impact against the duration the service is not working
Put in controls and mitigants to ensure you can maintain critical operations within tolerance levels
Be able to confidently demonstrate this to the FCA
Once tolerances are established, conduct regular scenario testing to calibrate impact tolerances

Conduct robust scenario testing

The FCA requires robust scenario testing, using severe but plausible scenarios to assess your ability to remain within your defined impact tolerances. Find drivers, triggers and other factors to inspire useful scenarios in our AI-powered Scenario Library, which includes any mandatory testing required by the FCA and other recommended topics based on what is happening within your industry and around the world.

Coming soon to Ansarada GRC:

Access a library of suggested scenarios
Guided scenario tests are set up for you to execute at the click of a button
View the results of your tests and how they stack up against your impact tolerances
Measure your tolerance across a specific duration and see how long recovery would take to ensure that you are not crossing into ‘intolerable harm’ levels
Maintain a detailed audit trail of all your scenario tests in the centralised platform, including results, tests completed and tests approved

Self assessment & reporting

The FCA requires developing and maintaining appropriate monitoring, analysis and reporting of operational risks and escalation processes for operational incidents and events.

This includes the use of effective information systems to monitor operational risk, compile and analyse data, and facilitate reporting to the regulator, the Board and senior management. This also includes scenario tests executed, lessons learned from scenario tests, and what remediation activities you are undertaking based on those lessons.

Coming soon to Ansarada GRC:

Align with FCA reporting standards
Produce professional executive and Board reporting for visibility across your organisation
Give regulators and auditors a clear and holistic view of your important business services and the processes and resources mapped to them

Ansarada GRC for Operational Resilience

There's only so far spreadsheets can take you when it comes to meeting your firm's Operational Resilience requirements. Manage current and future risk with purpose-built software.