With regulators increasing their scrutiny on financial services’ stability and ability to provide services to people, businesses and the wider economy, operational resilience has become a major focus area. But as COVID-19 proved, resilience alone is no longer enough to survive disruption; it was agile organisations who were best able to adapt to the uncertainty of the new normal.
Firms need both resilience and agility to survive. They must ingeniously combine agile and resilient ways of working into their operating model, and the way they adapt. This has been a challenge for decades, with organisations often hamstrung by a misguided belief that agility and resilience cannot work together. We believe the two to be complementary.
To thrive through a combination of managing resilient and agile responses to disruption, firms must:
Firms have used agile change management to respond to technology disruptions and changes in customer expectations, rather than to deal with unexpected shocks which imperil their operational resilience.
We believe that principles from the Agile Manifesto (a document outlining the value and principles for agile software development) such as ‘customer collaboration’ can help prepare for operational disruption if adopted to deliver resilience-enhancing initiatives. To do so, firms can:
Engage the customer (or key stakeholders) when capturing and implementing resilience regulatory requirements. This could mean bringing in second line compliance units to represent the regulator in agile ceremonies such as Sprint Review and Refinement. The second line units can provide feedback, help clarify requirements and add compliance objectives into the acceptance criteria.
Introduce roles such as Operational Resilience Champion to support the delivery of regulatory initiatives. This means tasking the resilience champion to shape and articulate the resilience vision. and set the resilience framework in which teams work. This is a similar role to the system architect, which is popular in some scaled agile frameworks (e.g. SAFe), and it is used to define a shared architectural vision.
Can old dogs learn ingenious new tricks?
New value stream (VS) operating models are becoming increasingly popular within financial services. They allow organisations to organise resources around the steps needed to deliver customer value. Examples for financial service firms may include ‘providing customers with access & management of their pension’.
This agile business design technique can be used to respond to regulatory requirements. For instance, following a recent FCA Consultation paper, firms will be asked to identify business services that, if disrupted, would cause most harm to their consumers or market integrity – referred to as Important Business Services (IBS). IBSs will be set to remain within agreed impact tolerance. Examples may include ‘administration of pension with a tolerance of 12h’.
To identify IBSs, firms should take similar steps as for VS, whilst following the guidance provided by the regulator on the matter. Organisations should:
Ultimately, firms can align VSs to their IBSs. For example, a VS aligned to an IBS could be described as: ‘providing customers with access to their pensions through the channel of their choice, with no disruption of more than 12h’. This way, organisations combine the business with the risk side, and align resources to address both innovation and resilience.
Firms have invested time and money into building operational risk management processes to help minimise disruption. The operational risk reporting pack is a staple of many board meetings. Yet, many of our clients report that they struggle to drive changes that successfully balance operational resilience with the need to adapt quickly.
We believe that risk management practices should be embedded within agile governance. Agile can meet the needs of risk management practices of regular planning, clearly defined roles and responsibility, adequate funding and appropriate resource allocation. Recognised agile frameworks have by nature well-defined roles, encourage bi-weekly planning at team level, and promote estimating capacity regularly to ensure appropriate resource allocation. To successfully embed risk management into agile governance organisations should:
Using agile to create resilient companies will be a challenge for senior leaders to master in order to manage disruption going forward. Doing so will not just enable them to respond to regulatory demands, but to adapt to future uncertainty and thrive in a fast-changing world.