What's new

P2.T7.20.15 Building the operational resilience of a financial institution

Nicole Seaman

Chief Admin Officer
Staff member
Thread starter #1
Learning objectives: Describe operational resilience and describe threats and challenges to the operational resilience of a financial institution. Explain recommended principles, including tools and metrics, for maintaining strong operational resilience at financial institutions. Describe potential consequences of business disruptions, including potential systemic risk impacts. Define impact tolerance; explain best practices and potential benefits for establishing the impact tolerance for a firm or a business process.


20.15.1. According to the Bank of England's Prudential Regulation Authority (PRA), "In view of the potentially severe consequences of poor operational resilience, the supervisory authorities believe operational resilience is a key issue on which boards and senior management should focus". (Section 4.1. of Building the UK financial sector’s operational resilience).

In regard to operational resilience, each of the following statements is true EXCEPT which is false?

a. Operational resilience refers to the firm's ability to prevent, respond, recover from, and learn from any operational disruptions that interfere with the continuous delivery of business services (aka, service continuity) to its customers
b. Operational resilience is important because operational disruptions are likely to cause harm to consumers (i.e., availability of existing services or supply of new services) and/or market participants (e.g., access to data)
c. Challenges to building operational resilience include technical innovation, changing behaviors (e.g. faster transactions), keeping pace (e.g., skills gap), environment (e.g., cost pressures), and system complexity (third parties)
d. Operational resilience requires the board and senior managers to prioritize a comprehensive focus on the firm's systems and processes in a systems-based approach with the dual aspiration to reach zero defects in each process and to prevent any single system from becoming the weakest link

20.15.2. Which of the following statements is TRUE in regard to impact tolerance?

a. Impact tolerance refers to the risk of loss from inadequate or failed processes, people or systems or from external events
b. The key drawback of impact tolerances is their irrelevance to outsourced (third-party) service providers who cannot be directly controlled
c. Impact tolerances describe a firm's tolerance for disruption by referencing specific boundaries with quantitative metrics under an assumption that disruption to a particular service will occur
d. Because the set of impact tolerances is identical to the firm's risk appetite, for regulatory purposes the firm's risk appetite statement is an acceptable substitute for its impact tolerance statement

20.15.3. According to the Bank of England's Prudential Regulation Authority (PRA), each of the following is a true statement about building operational resilience at financial institutions EXCEPT which is false?

a. Scenario testing is important because it introduces proportionality: impact tolerances breaches are likely to be acceptable only for the most severe, but plausible, scenarios
b. The Financial Market Infrastructure (FMI) is a four-step framework that financial institutions can deploy; its components are Preparation, Recovery, Communication, and Governance
c. While risk appetites and recovery time objectives (RTO) tend to express desired outcome(s) to be achieved with high probability, impact tolerances specify upper limits that are breached only in extreme scenarios
d. Although all firms should consider two essential aspects (i.e., definition of the firm's business services and their prioritization in order to ensure the resilience of the most important), the application of operational resilience techniques will vary by firm size; e.g., large firms have many important services, but very small firms have perhaps only one important service

Answers here:
Last edited by a moderator: