What ‘Good’ Looks Like in Operational Resilience and Wind-Down Planning
In the evolving regulatory landscape, the Financial Conduct Authority’s (FCA) latest Business Plan has made it clear: credible operational resilience and wind-down strategies are not just regulatory checkboxes, but essential pillars for sustainable business in the payments and e-money sector. The Payments Association and Ocorian Roundtable recently brought together industry leaders to explore what ‘good’ looks like in these areas, drawing on recent multi-firm reviews, evolving expectations, and practical experience supporting clients.
Operational Resilience: Beyond Surviving Catastrophe
Operational resilience is more than the ability to withstand and respond to catastrophic events. It’s about building strength, efficiency, and superior customer experiences into the fabric of the business. Good operational resilience means:
Holistic Risk Management: Firms must map their dependencies, including those on large third-party providers, and understand how to insulate themselves from ‘bad actors’ and external shocks.
Multidimensional Compliance: Regulatory requirements are complex, and effective resilience demands a multidimensional approach. Leveraging RegTech solutions can help manage this complexity and enhance controls within the operational resilience framework.
Cultural Buy-In: Involving a wide range of stakeholders from the outset leads to better buy-in, a broader capture of risks, and efficiency gains. Aligning operational resilience with wind-down planning and enterprise-wide risk management (as well as ICARAs for hybrid firms) creates synergies and strengthens the overall framework.
Proactive and Pre-emptive Response: Focusing on ‘Important Business Services’ with well thought-out impact tolerance and clearly mapped dependencies enables firms to develop timely, proactive responses to stress events. This approach supports meaningful recovery planning, leading to more stable operations and faster responses to unpredictable factors.
Industry-Wide Benefits: The concept of ‘herd immunity’ applies—industry-wide resilience increases as more firms improve their own resilience. Lessons learned from incidents (such as those impacting CrowdStrike and AWS) should be considered and implemented across the sector.
Communication Planning: This is often overlooked, yet robust communication planning is crucial for managing operational incidents and is a regulatory requirement.
Wind-Down Planning: A Living, Strategic Process
Wind-down planning is not a one-off exercise. It must be a live, regularly maintained process that evolves with the business:
Stakeholder Engagement: Bringing all stakeholders on the journey is essential, even though planning for wind-down may not be attractive. Broad involvement supports buy-in and ensures comprehensive planning.
Link to Operational Resilience: Wind-down planning is the logical extension of operational resilience. If resilience cannot be achieved, a robust wind-down plan enables an appropriate, timely, controlled response.
Focus on Recovery, Not Just Resolution: Good wind-down planning is about survival, not just closure. It involves hard decisions and may reshape the firm’s future for renewed success. Embedding early warning indicators and triggers, and considering which recovery options are available under stress (which may differ from business-as-usual), and even the sequencing or potential reusability of recovery options, are key.
Scenario Planning and Efficiency: Leveraging operational resilience scenarios within wind-down planning creates efficiencies and ensures plans are realistic and actionable.
The Regulator’s Perspective
The FCA is eager to ensure that operational resilience and wind-down plans are not just theoretical, but stand up in practice. This means firms must be able to evidence their approach, demonstrate that plans are embedded and regularly tested, and show that they can respond effectively to both continuity and resolution scenarios.
Final thoughts
‘Good’ in operational resilience and wind-down planning is characterized by a proactive, integrated, and dynamic approach. It requires cultural buy-in, multidimensional compliance, and a commitment to continuous improvement. By embedding these principles, firms not only meet regulatory expectations but also build stronger, more sustainable businesses that can thrive in an unpredictable world.
How can Ocorian support you?
We understand the challenges you face. Navigating an increasingly complex regulatory landscape is becoming harder than ever, with legacy technologies, stretched teams and competing priorities distracting you from what really matters.
Our team – a unique blend of industry professionals and ex-regulators – cuts through complexity, offering tailored solutions that unlock new value. With our finger on the pulse, we understand where regulators are focusing now, where they’re likely to focus in the future, and what will stand up to scrutiny in the long term.
We’re not just about filling out forms and ticking boxes. As 'people-people,' we love to get to know our clients and their ambitions. Whether you are a start-up, a multinational or somewhere in the middle, our job is to make sure you get things right.
With our deep expertise, we translate complex regulations into proportionate and pragmatic strategies that keep you compliant and foster sustainable growth. We keep you on the right side of regulatory change and compliance, and your business on track.
Peace of mind. Reduced risk. Problem solved.
If you would like to discuss how we can help you, please do contact us or speak to the team directly:
Related Items
View all
