Introduction
As firms operating in the UK approach – and move past – the 31 March 2025 regulatory deadline, an opportunity emerges to reflect on progress to date and consider what comes next for their firm amidst the landscape of international Operational Resilience regulations.
Following the publication of the Basel Committee on Banking Supervision’s (BCBS) guidelines for Operational Resilience and the Bank of England’s SS1/21 supervisory statement, firms headquartered (and those with significant operations) in the UK established Operational Resilience Programmes to achieve compliance and meet deadlines.
As other international jurisdictions introduce their own Operational Resilience requirements, firms with global operations face a choice: mobilise compliance-focused, local programmes or establish a forward-looking global framework and operating model for Operational Resilience.
International resilience-related regulations have a common purpose: to develop resilient financial services sectors focused on preserving firm safety and soundness, maintaining market stability and avoiding intolerable impacts to customers and clients. There are local nuances and specific requirements across the global landscape, but these primary objectives are consistent.
So it is that, in a context of constrained resources and industry-wide focus on efficiency and productivity, the global approach makes sense for firms.
A globally-consistent Operational Resilience operating model requires an “outcome-focused” approach as a means to address the variety of regulatory requirements, and embed consistency and standardisation.
We have identified eight areas that will set an organisation up for success, whilst enabling flexibility to respond to new and emerging Operational Resilience regulations.
As we noted in our 2022 article, firms that continually review their programme are those that are best able to sustain momentum and keep Operational Resilience ‘living and breathing’.5
31 March 2025 will be a moment to recognise the distance covered to date. It also presents an opportunity for reflection as the implementation period ends and firms seek to embed Operational Resilience into business as usual.
If you’d like to discuss any of the topics covered in this article, please get in touch with the team below.
___________________________________________________________
References:
1. ‘Risk and resilience: bringing risk management and resilience closer together’, Deloitte (February 2025)
2. The services a firm provides which, if disrupted, could pose a risk to a firm’s safety and soundness or the financial stability of the UK.
‘Operational resilience: Impact tolerances for important business services - Supervisory Statement SS1/21’ ,PRA (March 2022)
3. 'Resilience Dividends’, Deloitte (November 2024)
4. ‘Moving toward true organizational resilience’, Deloitte (January 2023)
5. ‘Next steps in building operational resilience in financial services firms’, Deloitte (June 2022)