Operational resilience is the ability of an organisation to prevent, adapt and respond to, recover and learn from operational disruptions (FCA, 2024).

The development of operational resilience has been spearheaded by the Financial Services Supervisory Authorities (PRA, FCA, BoE) to ensure the financial sector in the UK is resilient to any disruptions to its operations.

In development since 2018, operational resilience regulatory requirements come into full force in March 2025, and aim to build on existing resilience methodologies such as Business Continuity (BC) and Disaster Recovery (DR), providing a wider view of resilience for not only individual organisations but their customers, the financial sector and the UK economy as a whole.

Although the regulatory requirements apply to financial organisations, these new requirements are having a knock on effect within the supply chain and continuity and resilience best practice.

Operational resilience requires organisations to not only focus on the internal continuity of  processes, system, data, facilities and people but to widen their view to the impact a disruption to services could have outside of the organisation.

To do this organisations need to identify and prioritise the services they provide to an external client that, if disrupted, would cause intolerable harm to one or more of the organisations clients, or pose a risk to the safety and soundness of the organisation or wider sector/markets. These services are defined as Important Business Services.

This process adds an additional resilience lens to business continuity activities, ensuring an in depth understanding of the services an organisation provides to its clients and the level of harm a disruption to those services may cause. To support this a framework of activity should take place:-

• Identification of Important Business Services

Identifying the external services, which if disrupted, could cause intolerable harm to clients, or risk the safety and soundness of the organisation or the sector/market.

• Dependency mapping of the activities and processes that deliver an Important Business Service

Mapping the Important Business Service, to understand how the service operates, the operational dependencies (people, technology, data, suppliers and facilities) and any vulnerabilities that could result in disruption to the service.

• Identifying the Impact Tolerance (ITOL)

Identification and justification of the point of disruption where intolerable harm or a risk to safety & soundness could occur.

• Testing and Reporting

Testing the strategies and plans in place to respond to disruption and ensure they are robust enough to enable the service to remain within the ITOL.

An annual  Self Assessment is also produced and maintained, to summarise and evidence to the Board:

• the resilience activities undertaken over the last year (e.g. testing);
• any vulnerabilities identified;
• action/investment planned to improve the resilience of the organisation.

Like business continuity, operational resilience is not just a tick box exercise. It is a strategic methodology that can provide a clear view on the impact disruption to your services can have on your clients, your organisation and the wider society. By combining business continuity and operational resilience activities within your organisations resilience journey you can :-

• Support your strategy and financial growth, through the sustainable delivery of your Important Business Services;
• Enable competitive advantage during disruption, when you can continue to operate when your competitors can’t.
• Maintain your reputation through disruptive events;
• Win contracts, tenders or grants by evidencing your understanding of your Important Business Services and the impact disruption could have on your clients and stakeholders;
• Meet legal or regulatory requirements;
• Focus resilience investment where it will have the most impact for your organisation and clients;
• Support stability not only of your organisation, but your employees, clients, suppliers, stakeholders and wider society.