Operational resilience - Q2 2022
Operational resilience - Q2 2022
Banks and insurers need to maintain their compliance with PS2/22 | CP21/21 - Operational Resilience and Operational Continuity in Resolution and the Statement of Policy | Operational resilience, March 2021.
Banks and insurers must also ensure their outsourcing and third party risk management is in line with SS2/21 Outsourcing and third party risk management as part of their operational resilience planning. Banks and insurers should also ensure that cyber risk and dependencies on third party service providers is adequately captured in their risk management and operational resilience planning.
The rules and guidance detailed in PS21/3 Building operational resilience also came into force on 31 March 2022. This requires that as soon as possible, and by no later than 31 March 2025, firms must have performed mapping and testing so that they are able to remain within impact tolerances for each important business service. Therefore, our recommendation is for regulated firms to undertake a review of their operational resilience in Q3 or Q4 of 2022.