Author: Chris Goodeve-Ballard
How long does an average New Year’s Resolution last? 1 day, 1 week, a fortnight, a whole month, six months, a year? Frankly, I don’t have a clue.
There is probably some humongously expensive, government (taxpayer (i.e. you and me)) funded research, carried out at some august seat of learning by some tweedy, dusty old chap with a beard and leather patches on the elbows of his jacket that will uselessly inform us that the answer is 3.27843 weeks. He also smokes a pipe, but you didn’t really need to know that.
This is vaguely interesting but totally useless information for which I am sure you are endlessly grateful. You will also be delighted with the value you have received for the £0.0004 of your tax that paid for it.
GOOD NEWS.
For precisely £0.00, I can inform you that, courtesy of the PRA, the FCA and the EU, you are about to make a New Year’s Resolution that will (or should) last you for many years to come.
Operational Resilience becomes a whole lot more real on 17th January (EU - DORA) and 31st March (PRA & FCA).
By this time, you should have installed the building blocks and be set up to carry out annual reviews of the exercise. Firms that are ahead of the curve will already have made this BAU and be steaming ahead.
So, what’s with the New Year’s Resolution I hear you all ask? That is providing you haven’t gone back to your post-Christmas nap.
Well, the Resolution in question is that you will test, test again, vary your testing, carry out further tests and then for good measure, carry on testing (sadly a film that was not made at Pinewood Studios starring Hattie Jacques and Kenneth Williams).
Robust and increasingly sophisticated testing is something you will now need to do not only to keep regulators happy but because it’s simply a good idea. For the DORA side this will involve threat led penetration testing of your systems. In an increasingly digitally dodgy world, this is a must and you would be negligent not to be commissioning these tests from any of the many firms that specialise in this area. You should also be considering the types of test described by the UK regulators.
From the PRA and FCA aspect, you should be looking at scenarios that will take you up to and beyond how you handle a breach of your Impact Tolerances. Fortunately, the regulators understand that you could be hit by issues way beyond your control. Their interest is to see how you handle these. Regular testing, not just of the Incident Management Team and Important Business Service owners but also their deputies and in large firms, the deputies’ deputies, provides a level of confidence and muscle memory that will improve the ongoing resilience of the business and in extremis, prevent it from failing altogether.
This isn’t just testing; this is M&S testing - valuable training at many levels within the firm. Budgets will have already been set for 2025 but that is no excuse. If your testing budget is slim, call it training and have a word with HR. They should be on board as testing is far more interesting than Performance Reviews and they also control the training budget.
Aldbury International is able to help with this testing. We do this through the lens of experience. It is not theoretical to us but applying what we have seen and done over our last century’s worth of being at the pointy bit of the sharp end.
Call us on 020 3475 2953 to discuss how we can help you keep this most important of New Year’s Resolution.
Comments