Maintaining operational resilience in a changing Finance sector
The Finance sector has always been one of the most dynamic, rapidly evolving industries, and this shows no signs of changing any time soon. But while shifts in the landscape may well open new opportunities, they will also come with new challenges, and it is the organisations who are ready and able to face these head-on who will continue to thrive in the years ahead.
In the aftermath of COVID-19 and with cyber-attacks on critical infrastructure escalating in frequency and intensity, financial institutions are challenged to demonstrate the highest level of operational resilience, in order to maintain citizens' and organisations' confidence in their services. This is no longer solely a question of building strong customer relationships. In March 2021, the Financial Conduct Authority (FCA) set out formal requirements around operational resilience (PS21/3) that all firms must adhere to. These officially came into force on 31st March 2022, which means firms have until 31st March 2025 to ensure they have mapped and tested their impact tolerances to within the FCA's guidelines and developed clear processes for managing any potential disruptions.
- Data security
- Access and information rights
- Outsourcing (i.e. service providers outsourcing certain elements of their service delivery to separate providers)
- Business continuity processes
"[to] 'facilitate greater resilience and adoption of the cloud and other new technologies' as set out in the Bank of England (the Bank)'s response to the 'Future of Finance' report;"1
While Cloud transformation has been picking up speed across the Finance sector for some years now, it is clear that the introduction of PS21/3 means these plans must accelerate further, in order to ensure firms' IT infrastructure not only meets their immediate requirements in terms of operational resilience, but will also provide ample scope to scale and evolve in the future.
Furthermore, while networking services previously fell outside the 'material outsourcing' category, and so were not subject to these regulations, this is no longer the case. As a result, firms that maintain multiple, interconnected physical sites must factor this area of their infrastructure as part of their wider operational resilience measures, as any downtime will now result in fines.
1Supervisory Statement | SS2/21: Outsourcing and third party risk management, March 2021, p.5
Considering these technological challenges in parallel with the more stringent requirements regarding third parties in the Finance sector, the choice of technology partners is therefore both increasingly critical and increasingly complex.
Exponential-e is actively working with firms across the Finance sector to not only weather the challenges presented by PS21/3, but identify and act on any opportunities to accelerate digital transformation plans that present themselves, integrating a range of leading-edge technologies towards a common business goal.
There are numerous elements to this journey, but we have already found that the software-defined networking model highly effective in terms of establishing fast, secure connections between sites, supporting the increasing usage of SaaS applications, and the move to Cloud-based infrastructure. At the same time, it offers firms the control, flexibility, and scalability they require to seamlessly deliver their services, ensuring it will not just support PS21/3 objectives, but provide ample scope for future growth.
When we combine this next-gen connectivity with Secure Access Service Edge (SASE), to ensure corporate security policies are consistently and effectively applied at all times, firms may very well be able to use the FCA's new operational resilience standards as an opportunity to strengthen every element of their underlying IT infrastructure, embrace new ways of working, and optimise their service delivery.
The possibilities are immense, but only if firms are ready to work with their trusted technology partners to ensure connectivity, cyber security, Cloud, and communications platforms are deployed in fully integrated combinations, tailored for both the new regulatory and cyber threat landscapes, and their long-term business goals. If you would like to discuss your own firm's digital transformation journey and the impact of the new regulations, do not hesitate to contact us.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.