In July the Bank of England and the Financial Conduct Authority (FCA) jointly released a discussion paper on operational resilience. The paper highlighted the risks posed by cyber attacks and other disruptive operational incidents, and the financial system’s increasing reliance on technology and data. The paper urges firms to focus on how their response to disruptions impacts the end user and points towards greater accountability for decision makers.
The paper shows a clear move away from talking about systems and technology and towards a focus on decision making, holding people accountable, and the customer (namely, the business service or process that is being impacted and how that translates in real terms to the customer).
Boards and senior teams are being asked to define an impact tolerance for the firm, rather than individual systems, that lays out specific time periods for tolerable outages, percentages of customers impacted etc. Basically, firms are being told that things WILL go wrong, stating that firms must “plan...for disruptive events as well as seeking to prevent them”. Clearly, more systemic firms will continue to draw the highest levels of scrutiny, but the aim is clear - focus on the impact to the customer, and what decisions you need to make according to your impact tolerance threshold.
This forces people to a) be accountable for determining tolerable disruption - something that eschews the traditional approach to system uptime, and b) make tangible decisions when things breach those tolerable limits.
To find out more about how you can use Cutover to improve resilience in your organization, read our Resiliency, Response and Recovery Use Case.
So if you were responsible for both of those things, or at least partly responsible, what would you want at your disposal? Facts, data, intelligence, demonstrable evidence - or as close as you could get. Something that records what you did and when you did it so that you could play it back later on and learn from what happened.
The FCA article recognizes that enterprise resilience requires more accountability for people and is not a purely systemic process. Despite the views held by some that people in the workplace will become obsolete in the not-too-distant future, the reality is that most major firms continue to depend upon people and will for a long time. It also recognizes that although new technologies enable greater resilience, firms still need to plan for failure and mitigate risks when disasters do occur.
At Cutover we believe that there will ALWAYS be a need for people when it comes to change and resilience in enterprises. Rather than seeking to replace key people, Cutover provides them with the data they need when they need it to ensure successful change and resilience activities and recover quickly when something does go wrong.
To see how Cutover could benefit your organization's resilience activities, download our new white paper Work Orchestration & Observability Become Critical for Operational Resilience in Financial Services by former FCA CIO and Special Advisor to the Treasury Committee Gareth Lewis.