Meet FCA requirements with the leading Operational Resilience solution

Use Ansarada GRC to meet the PS21/3 Building Operational Resilience Standard with confidence.

Comply with the new Operational Resilience framework set in place by the Financial Conduct Authority (FCA) in time for the 2025 deadline.

Easily evidence your important business services and that you are reviewing the register on a regular basis.

Reporting outputs highlight any services that were deemed to be outside of your firm’s impact tolerance and what remedial actions were taken.

Scenario testing can be recorded on a regular basis and upon any material change to your firm.

Comply with the FCA's PS21/3 Building Operational Resilience Standard

Ensure your firm is prepared for any future scenario. Book a demo of Ansarada GRC today.
Book a demoDownload the brochure
Why is Operational Resilience so crucial now?

Why is Operational Resilience so crucial for UK Financial Services firms now?

Most companies simply aren’t prepared for disruption. Data from BCG shows that only 10% are resilient and thriving.

On 29th March 2021 the Financial Conduct Authority (FCA) published final rules that will create a new Operational Resilience framework for banks, building societies and other specific financial institutions in the UK. 

The new rules came into effect on 31st March 2022, giving firms three years to embed appropriate metrics and controls to measure ‘important business services’ and set ‘impact tolerances’ to help them understand and evidence that should a critical system fail, they can continue to operate without serious adverse effects on the business and their customers.

Who is impacted by the FCA’s new Operational Resilience rules?

Who is impacted by the FCA’s new Operational Resilience rules?

The rules will affect banks, building societies, designated investment firms, insurers, Recognised Investment Exchanges (RIEs), enhanced scope senior managers and certification regime (SMCR) firms and entities authorised or registered under the Payment Services Regulations 2017 or the Electronic Money Regulations 2011.

For those not in scope, given recent events and the potential future focus of regulators, core firms under SMCR may benefit from familiarising themselves with the forthcoming regime.

Ansarada GRC for Operational Resilience

Address all of the FCA's requirements while building an operationally resilient firm.

Important Business Services Register

Manage your Important Business Services Register

The FCA requires the identification of important business services that if disrupted could cause harm to consumers or market integrity, threaten the viability of firms or cause instability in the financial system. 

Use Ansarada GRC to:

  • Create a centralised and accessible register of important business services
  • Assign these to stakeholders and rate their priority & criticality
  • Understand and maintain critical operations to minimise the likelihood and impact of disruption
  • Link services to other records throughout the GRC system, enabling links to third parties, time-based metrics, risks, events and scenarios
  • Ensure the resources that enable critical services and processes can adapt in the event of disruption
  • Set alternate processes or resources where a disruption occurs
Be confident you are within acceptable impact tolerances

Be confident you are within acceptable impact tolerances

For each Important Business Service, an FCA-regulated entity must establish set impact tolerances, which would quantify the maximum level of disruption they would tolerate.

Use Ansarada GRC to:

  • Define what is an ‘inconvenience’ vs. ‘intolerable harm’, and establish tolerance levels across processes and resources 
  • Use the Impact Time Matrix to measure the impact against the duration the service is not working
  • Put in controls and mitigants to ensure you can maintain critical operations within tolerance levels
  • Be able to confidently demonstrate this to the FCA
  • Once tolerances are established, conduct regular scenario testing to calibrate impact tolerances 
Scenario testing library

Conduct robust scenario testing

The FCA requires robust scenario testing, using severe but plausible scenarios to assess your ability to remain within your defined impact tolerances. Find drivers, triggers and other factors to inspire useful scenarios in our AI-powered Scenario Library, which includes any mandatory testing required by the FCA and other recommended topics based on what is happening within your industry and around the world.

Coming soon to Ansarada GRC:

  • Access a library of suggested scenarios
  • Guided scenario tests are set up for you to execute at the click of a button
  • View the results of your tests and how they stack up against your impact tolerances
  • Measure your tolerance across a specific duration and see how long recovery would take to ensure that you are not crossing into ‘intolerable harm’ levels
  • Maintain a detailed audit trail of all your scenario tests in the centralised platform, including results, tests completed and tests approved
Self Assessment & Reporting

Self assessment & reporting

The FCA requires developing and maintaining appropriate monitoring, analysis and reporting of operational risks and escalation processes for operational incidents and events.

This includes the use of effective information systems to monitor operational risk, compile and analyse data, and facilitate reporting to the regulator, the Board and senior management. This also includes scenario tests executed, lessons learned from scenario tests, and what remediation activities you are undertaking based on those lessons.

Coming soon to Ansarada GRC:

  • Align with FCA reporting standards
  • Produce professional executive and Board reporting for visibility across your organisation
  • Give regulators and auditors a clear and holistic view of your important business services and the processes and resources mapped to them

Ansarada GRC for Operational Resilience

There's only so far spreadsheets can take you when it comes to meeting your firm's Operational Resilience requirements. Manage current and future risk with purpose-built software.

Important Business Services

Clear and easily accessible list of important business services

Automated reviews

Automatic creation, allocation and notification of scheduled reviews

Respond quickly to changes

Adhoc reviews resulting from a material change to your business

Map to 3rd parties

Mapping to 3rd parties to show relationship considerations

Easy-to-use dashboards

BI Dashboards for high level analysis

Scenario testing

Scenario testing, recording findings and resolutions

Drive Operational Resilience within your firm

Connect data points across your entire organization to eliminate risk silos and improve organization-wide resilience with Ansarada GRC.
Book a demoDownload the brochure