The Financial Conduct Authority (FCA) will soon issue new regulations on operational resilience and The Pensions Regulator (TPR) is sure to head in the same direction. Not least because the COVID-19 crisis is focusing attention on the pensions industry’s ability to withstand operational shocks.
But how can pension firms prepare for operational resilience regulations?
The FCA will focus on firms’ ability to operate Important Business Services (IBS), setting impact tolerances for these services and running simulations to test preparedness. What qualifies as an IBS, however, isn’t necessarily what’s critical for a firm but what’s critical for customers, other market participants and financial resilience.
Pension providers should explore five issues as they assess whether a business function is an IBS and establish service tolerances:
The regulators will expect firms to be able to demonstrate a clear understanding of their IBSs, backed by rigorous analysis and data to set tolerances. Many IT and operational areas are used to asking themselves questions about which of their services are important. Where they might have less experience is using data to inform their choices. For example, using complaints data to drive investment in service improvements that matter to customers or using management statistics to identify trends in outages.
Firms will need to map IBSs and then understand sub-services, individual systems and IT components and teams that provide support. But doing so will be daunting and it will be difficult to set realistic tolerances that reflect industry best practice without specialist support.
Firms must start activities to deliver on the regulator’s operational resilience expectations now. In our experience, there are five key areas that drive operational resilience:
A suitable testing regime will provide evidence about whether resilience arrangements will effectively enable the firm to remain within its impact tolerances. The regulators have set a clear expectation that impact tolerances and test outputs will be part of their reviews of firms, so and should be ‘available on request’.
Regulators will expect to see well developed recovery plans covering a wide range of organisational activities, including:
For many firms, this reflects their current operational practices. For some, it will be a step up in terms of maturity and capability.
Regulators are expected to issue new policy statements in Q4 2020 with compliance expected from Q1 2021. While the final form of operational resilience regulations is unknown, pension providers should start to act now. A carefully planned set of improvements will be less painful than playing catch-up when new regulations come into force.