In March 2022, the Prudential Regulation Authority’s (PRA) Operational Resiliency Rules came into force. The rules, which impact UK banks, building societies, and financial services firms, mandate that they embed resilience within their operations. Organisations
are instructed to adapt systems and processes to ensure they have service continuity in the event of an incident, return to normal as soon as it’s over, and learn and evolve from the experience.
In practice, this means that banks must understand the different risks to their operations and put in place systems to mitigate them. These risks can range from the miscalculation of business rates to issues with cloud services, data security, and third-party
relationships. As the UK faces faces ongoing economic uncertainty, resilience will be more important than ever. So, after one year of these rules coming into effect, how can technology help firms get to grips with risks and create an effective contingency
Dealing with disruption
While technological innovation is often channelled towards customer-facing solutions, the implementation of technology in the back office can make operations more resilient and efficient. Advanced analytics and enhanced decision-making are fundamental to understanding
and managing risk. Indeed, EY’s Global Board Risk Survey 2021 found that 71% of risk management leaders at organisations that are highly effective at risk management use technology and data effectively.
Operational resiliency also depends on agility and speed of execution. Banks must be able to quickly identify issues, uncover the information required to correct them, and apply remedies to ensure minimal disruption to staff and customers. For the majority
of banks, a shift towards back-office efficiency is a move to the cloud; research from EY found that four fifths (80%) of UK banks see cloud migration as a source of agility. With their processes and data in the cloud, they have the visibility and capabilities
to deal with disruption.
Protection through processes
When it comes to specific solutions to boost resilience, a business process management (BPM) platform is the first port of call for many banks. A BPM platform keeps strategy and operations aligned, offering an overall view of processes, requirements, and PRA
compliance frameworks. It also enables organisations to act on this information, creating, managing, and analysing end-to-end processes. This facilitates continuous process improvement, by which banks can learn from mistakes and improve resilience.
Process and task mining helps managers discover how systems and people are performing. They can analyse processes and simulate scenarios to discover weaknesses and resolve deviations. Sometimes, “the problem exists between chair and keyboard” with human error
leading to issues. According to Verizon’s 2022 Data Breach Investigations Report, 82% of breaches involved some form of human involvement. Other times, the process landscape itself is convoluted or compromised, which can lead to problems when it is placed
under stress. Legacy processes can be especially vulnerable.
Beyond resilience, a BPM platform can unlock considerable economic potential through enhanced efficiency. The ability to model environments means that banks can continually optimise their operations, with considerable cost savings. For example, research from
Forrester Consulting Group found that ARIS could deliver $7.9 million of total benefits over three years. This means a return on investment of up to 457% when using it to improve risk and compliance management processes.
To make the most of process analysis and management, when it comes to operational resiliency, the financial sector must first tackle legacy issues. Many banks and financial services firms have organisational and technological siloes, as well as inflexible on-premise
systems, which make it difficult to leverage data across their organisation. The World Retail Banking Report 2022 found that 95% of executives think outdated legacy systems prevent them from optimising data and growing effectively. Crucially, this means banks
also lack the visibility and flexibility they need to ensure their operations are resilient.
An Iintegration platform enables banks to break down these data siloes. Process-related data held in the cloud and on- premises can be captured and used as a single source of truth for a BPM platform or analytics solutions to draw from. As with any potential
“garbage in, garbage out” scenario, process mining is only as effective as the data it uses.
Financial institutions are understandably unwilling to migrate some systems, such as core banking modules, to the cloud. In these instances, hybrid cloud integration is the answer. A single flexible platform can bring together disparate systems, applications,
and data. This represents the best of both worlds, enabling banks to effectively leverage best-in-class cloud applications alongside secure core systems. Siloes are a thing of the past, so banks can monitor their operations in real-time. And with systems like
these, they can also use microservices to improve efficiency and resilience.
Resilience is non-negotiable
There’s a reason operational resilience is such a focus for banks. They are institutions held to the highest standards—robust risk-management and security, as well as regulatory compliance, is non-negotiable. To maintain the trust of stakeholders, they must
take a proactive approach to resilience, getting to grips with their processes and data and breaking down siloes through integration.
While investment in these areas may not be as flashy as a new application or improved website UI for customers, process management and integration create a halo of benefits. There are real savings to be made, alongside real threats to be avoided.