Skip to content


  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page

The Senior Managers and Certification Regime: are you resilient?

The December 2019 extension of the Senior Managers and Certification Regime (SMCR) is looming. From then, the regulation will apply to Financial Conduct Authority (FCA) solo-regulated companies, pushing them to put a renewed focus on operational and cyber resilience. In fact, the Bank of England makes it clear that the regulation will hold senior managers accountable for resilience. So, what can you do to prepare your firm for SMCR and the increasing regulatory focus on operational resilience?

Get the basics of cyber resilience right

Cyber-attacks generally exploit weak processes and human vulnerabilities. To prevent this, we need to get the basics right. Following the National Cyber Security Centre’s Cyber Essentials and training staff to be your strongest defence will provide a solid foundation.

Demonstrate your defences

CBEST is a security exercise mandated by the Bank of England. It’s focused on the more sophisticated and persistent attacks on critical systems and essential services. By conducting CBEST testing, organisations replicate the evolving threat landscape and ensure continued resilience to attacks. It’s so effective that we’re working with some clients to run CBEST tests as a hygiene practice on top of the regulatory requirement.

We help protect your organisation's most important assets against cyber threats

Find out more

Be prepared

As a management team, you’ll want to run simulations to understand your preparedness. We’ve been working with over 15 global financial services firms, including NEX Group, to simulate cyber-attacks, data breaches and security weaknesses in the supply chain. This creates a much clearer understanding of how crisis procedures will work in practice and the potential impact on customers and the wider economy.

Manage the risk

Understand the cyber security risks facing your organisation and establish robust and pragmatic governance, and the associated management systems, to address and reduce the impact of those risks.

While not caused by a malicious attack, TSB’s £100 million loss caused by IT operational issues in 2017 highlighted the need to be able to respond quickly and effectively to adverse events. It’s often difficult to predict the cause of an outage but the skill with which a firm responds, including communication with customers and regulators, can make an enormous difference to the impact of the outage.

Overall, cyber and operational resilience represent a competitive opportunity for established financial services organisations and new entrants. As the UK adapts to an uncertain future, operational resilience is also vital to maintaining trust with your customers and the regulators.

Contact the authors

Contact the financial services team


By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.