Using a crisis simulation to strengthen operational resilience
Financial services regulators are taking a keen look at banks’ operational resilience in the face of different risks and threats. OneSavings Bank, a UK firm with a 150 year heritage, takes its responsibilities very seriously. We helped the bank improve its readiness to ensure it anticipates challenging circumstances and can navigate through them effectively.
- Planned and executed a high-octane two-day crisis simulation
- Secured participation from the full board of directors
- Recommended how to mature the bank’s operational resilience capabilities
Protecting against unknown crises
As providers of lending, banking services and payments, banks face an ever-rising number of hard-to-predict risks and threats as they operate in the digital marketplace. Chief among them are IT issues, such as application or system outages and failures, which could threaten business operations; problems with third parties, which often provide key processes and technologies; and data breaches, which can harm customers and subject banks to large fines and revenue loss. In addition, regulators such as the Prudential Regulation Association and Financial Conduct Authority are driving dialogue in the industry with a goal of creating a “step change” in the operational resilience of UK financial services firms and infrastructures.
“In our digitally connected world, disruption is bound to occur: It’s a question of when, not if,” says Sundeep Gupta, business transformation and operational resilience expert at PA. “Real-world simulations help banks strategise their response so that they can prepare for the worst, enabling them to continue operating successfully when crisis does strike.”
Evolving operational risk capabilities
“OneSavings Bank is on a growth trajectory which brings significant opportunities, but which also changes the risk profile,” says Gary Wayte, Head of Operational Risk and Resilience, OneSavings Bank. “One of the things that we recognise is the need to continually invest in the readiness of our senior management team to respond to an incident.”
“We called on PA after engaging with a number of consultancies. We were very impressed with PA’s commitment and industry expertise and the closeness they have with regulators", says Lee Robinson, Deputy Head of Operational Resilience, OneSavings Bank.
Designing a compelling real-life scenario
While many banks conduct crisis simulations, they’re often desktop sessions that seem divorced from the high-stakes challenges banks face in real-life. That’s why we take a different approach. We work with business leaders to understand their challenges, develop a crisis simulation collaboratively and then invest in a well-rounded simulation that brings these leaders’ worst fears to life.
Our diverse team – with expertise in operational resilience, cyber security, data privacy and incident management – designed the simulation. They structured an escalating crisis with key interventions, using simulated materials across social media, emails and TV and radio programming in creative ways to keep the pressure on key executives and test how they would respond.
“As the lead consultant on this simulation, I had a ringside view into how senior banking leaders think about the risks they face and how they respond to challenging events to protect their bank’s liquidity, customers and product portfolio,” says Samuel Ingrey. “Our delivery at OneSavings Bank has ensured that they are better prepared to protect customers in the event of a crisis.”
“One of the things that I think made the whole exercise a success was the real desire to understand our business,” says Gary Wayte, Head of Operational Risk and Resilience. “The exercises were very plausible, very realistic. What impressed me about PA was the planning they’d done in advance to ensure that whatever direction the exercise took, they were ready with a credible and challenging response.”
During Day one our team led senior operational leaders through an exercise and escalation that tested operational controls. During Day two, the team led a board-level group through another set of sequences, testing financial controls. The clients then participated in a “hot wash-up,” where they shared their individual perspectives on how their team responded and how they could improve their processes and response in the future.
The crisis scenario:
- Gave senior leaders a realistic scenario to test their response and their plans
- Used digital media to make the crisis feel real
- Gave bank leaders the opportunity to respond to a “live” TV crew
“The results from the exercise work were extremely positive, and it’s raised awareness of operational resilience across the organisation, which will help drive results,” says Gary Wayte. “Working with PA, we were able to evaluate our ability to respond both to operational and financial crises in the compressed time fashion we’d experience in real-life. We identified both strengths and challenges, which will enable us to enhance our capabilities in a focused manner.”