Warranty & Insurance Provider

The Challenge

Working with the client for several years, Teed already provides support with business continuity (BC), IT disaster recovery (DR) and cybersecurity response activities and exercises. With the imminent arrival of the Financial Conduct Authority’s PS21/3 Building Operational Resilience rules and guidance, the client needed our support to help satisfy these.

The term “operational resilience” is defined by the regulators, Financial Conduct Authority (FCA), as “the ability of firms, financial market infrastructures and the financial sector to prevent, adapt and respond to, and recover and learn from operational disruption”. To meet the criteria “firms must have identified their important business services, set impact tolerances for the maximum tolerable disruption and carried out mapping and testing to a level of sophistication necessary to do so. Firms must also have identified any vulnerabilities in their operational resilience.”

Teed was asked to support our client’s third party risk management (TPRM) analysis, planning and exercising activities for critical suppliers. It was important that this activity was integrated effectively into existing and future BC, DR and incident management capabilities. As Teed was already working with the client on these we could extend the support to the TPRM element ensuring that the learning was incorporated and not lost.

The Solution

Four key suppliers were chosen for a pilot study where we developed an effective method and was subsequently rolled out to the next tranche of eight suppliers.

A straightforward approach captured information from previous projects, studies and events which saved time and effort for the client. Teed’s consultant facilitated discussions with procurement and business representatives to obtain any outstanding data through a Supplier BC Analysis, clarifying areas for four specific elements:

1.     Understand the supplier’s services and risks

2.     Perform a business impact analysis (BIA)

3.     Consider alternative contingencies and suppliers

4.     Capture information in relation to BC and exit planning (stressed and planned exits)

The output highlighted what now needed to be actioned or investigated further, for example, Teed supported the client in reviewing existing DR SLA documents from the, mostly, technical suppliers to really understand by reading between the lines what the client would be exposed to in terms of achievable recovery capabilities and potential disruptions; these then were mapped against what was in place and what would be required in practice. The additional questioning by Teed’s consultant enabled the reality to be understood by the client, over and above the assurances.

BC exit plans were produced detailing services, BC/exit strategies, tasks/guidance, responsibilities, and other relevant information. Subsequently, tabletop exercises were designed and facilitated by Teed for critical suppliers to support the client in meeting this operational resilience requirement.

Teed documented the findings of the TPRM operational resilience project, summarising key findings, recommendations and next steps. A TPRM BC Actions document outlined the recommended pre-incident actions identified for each supplier to help mitigate risk and ensure BC/exit strategies/plans will work in practice.

Tabletop exercises followed for critical suppliers, supported by Teed, which were required to fulfil this element of operational resilience.

The Result

With Teed’s specialist skills and experience, our consultant was able to work with the client to satisfy the regulatory deadline for Operational Resilience. Alongside, the client now has a better understanding of how to control supplier risks by taking forward actions to improve resilience.

It is far more beneficial to involve the right people to ensure relevant response and recovery processes are thought through and agreed, maximising time and efficiency in the event of a disruption to services.