How centralising risk management can improve resilience

Operational resilience has traditionally been siloed across many teams, but a single vision can help companies mitigate against future risk

With the threat of cyber attack ever on the horizon, both the European Commission’s ‘Digital Operational Resilience Act’ (Dora) and the Financial Conduct Authority’s Operational Resilience regulations have been implemented to ensure all financial services companies adhere to a common set of standards around cybersecurity and operational resilience. The first major institutional framework for ensuring operational resilience, it is fundamentally changing the ways in which companies manage risk.

“You need to have a wider enterprise integrated risk management solution to cater for the requirement. Because what you generally find is that these solutions get built up in their siloes. With something like the Archer platform,” says Chris Mann director for Archer European business, “you’re able to achieve control harmonisation.” With uniform regulation in place, companies can look across their business units and centralise risk and resilience strategies to ensure no gaps are left in the corporate defences.

But in the 10 years or so that operational resilience has become a key corporate need, ownership of it has sat within individual teams. Finance, say, looked after its own resilience strategy while digital did so as well. Now, the shift to centralisation is seeing organisations put the reins in the hands of a single leader within the company, says Mann. “It’s starting to become the bridge to all of these different siloes,” he adds.

That’s been the case for global wealth management platform FNZ, which has built a culture of risk management that uses a strong framework for risk management that links to its operational resilience strategy.

It has deployed Archer’s Operational Resilience tool, which enables teams across the organisation to operate within the same framework and standard for risk management. The system is configured to allow teams to use the same syntax across the company, while still enabling them to draw individualised, meaningful analysis from the data itself.

“Operational resilience is strong risk management and risk management done well,” Kirsty McLaughlin, global risk systems manager at FNZ, says. “All we had to do was pull all those threads of data together.”

Mann adds that ability to gain visibility across the organisation not only leads to a more resilient business, but a stronger reputation as well. “If you don’t have the appropriate risk controls in place to sustain business long-term, you’re going to have shareholder value issues and you’re going to have reputational damage.”

By aligning a company’s many data sources and providing a more insightful analysis of that data will lead to “a single source of truth.”

The two plus years of disruption the world has experienced has only elucidated further need for better insight and a stronger, more resilient business. Not only has Covid-19 affected business, but climate change has posed a risk to businesses around the world.

The Dora and FCA regulations are coming into force at an optimal time to encourage the financial sector to achieve operational resilience. “This regulation just takes that idea that you’re never too big to fail and turns the dial a bit more,” Mann says. He points to key aspects that could lead to an “operational downfall” – the likes of the ongoing climate crisis, supply chain disruption or cyber attack – as indicators that there’s a greater need for organisations to prove to shareholders that they are mitigating risk wherever possible.

If companies can implement improved scenario analysis and risk quantification, as FNZ has done through the Archer Operational Resilience platform, they will be better placed to address future disruption. Similarly, quantification of risk, like with Archer Insight, can support decision-making with actionable information. Rachael Ward, head of group risk oversight – operational resilience at FNZ says, “Effective risk management enables our own management to safely deliver business strategy and plans…It maintains focus on the prevention of consumer harm, it supports risk-based decision-making, and also then delivers clear accountabilities across all of our lines of defence.”

Defending a company in the financial services sector against disruption is of the utmost importance, affecting businesses and individuals around the world. With the new regulations in place, it is now the charge of companies to create operational resilience strategies that enable their businesses to come together behind a centralised framework and resource for understanding and mitigating risk.

For more, please visit archerIRM.com/operational-resilience

Promoted by Archer