COO Magazine Q3 2024

SMF24 Perspective: The COO’s regulatory obligation

Martha Fee
Armstrong Wolfe Advisor
Former SMF24 as COO EMEA & APAC, Northern Trust Asset Management

The aftermath of COVID-19 has emphasized the criticality of operational resilience in navigating the complexities of today’s world.

As regulatory expectations in the UK align with industry efforts, firms are urged to embed resilience into their DNA, from the boardroom to the front lines, to meet the March 31st 2025 deadline.

The overarching principle of operational resilience acknowledges the inevitability of disruptions and underscores the need for proactive preparedness and adaptive measures to safeguard critical business services.

Key principles of an operational resilience framework include board and senior management ownership, identification of critical services, setting impact tolerances, and continuous review and improvement. It’s essential to leverage existing frameworks such as Third-Party Risk Management, Change Management, and Business Continuity Planning to integrate operational resilience effectively.

It is clear from UK regulations that the COO and/or CIO with the SMF24 regulated function are accountable for the operational resilience approach, firms’ policy standards, and operational models. Equally, executives who own important business services and associated revenues are responsible for addressing vulnerabilities that could breach impact tolerances, necessitating a cohesive approach to governance and oversight.

However, assessing the effectiveness of operational resilience frameworks can be a challenge. Metrics such as program status, tolerance breaches, and vulnerability resolution are invaluable in tracking progress and enhancing resilience.

Drawing from my experience, I would advocate for a structured approach to metrics tracking, focusing on program status, tolerance breaches, and vulnerability resolution.

UK firms have until March 2025 and need to ensure items are being tracked and completed. Consider the following when developing metrics. Tolerance breaches are reportable to the regulator.

Have you had any, and how many have you reported?

Have important business services remained within their impact tolerance?

Have you had any near misses?

Vulnerability tracking and resolution are crucial. What lessons have you learned and incorporated to enhance your firm’s resilience?

These draw upon my own experience as a COO and SMF 24 leveraged when creating structured metrics dashboards, which may resonate with others in the field.

This article is taken from our iCOOC Industry Paper on Operational Resilience. If you would like a copy of this Industry Paper please contact Will Parry, Head of Research and Interim Lead at Armstrong Wolfe.

Back

Also in this edition...

COO Interview: Brian O’Neill

COO, TTO & Global Head, Group Transformation - Standard Chartered.

Brian is the Chief Operating Officer for Transformation, Technology & Operations, and from May 2024, he is also the Global Head, Group Transformation.

Read Article

Understanding DORA

Operational Resilience in the Financial Sector

The implementation of DORA signifies a significant international effort in the area of operational resilience.

Read Article

Managing Operational Risks with Advanced AI: Insights from Behavox

In today’s financial landscape, operational risks are a persistent challenge, threatening the stability, reputation, and legal standing of organisations.

Read Article

The COO: Driving sustainable change

Over the past few years, companies across every industry have made sustainability commitments ranging from diversity targets through to transitioning their business to net zero.

Read Article

A perspective from Armstrong Wolfe's COO

Piers has over 30 years of industry experience before joining Armstrong Wolfe as its COO. He is the former Global COO Markets, BNY Mellon, was global co-head of listed derivatives and clearing at Deutsche Bank.

Read Article

A sell side perspective: Ask a philosopher about your data

Financial institutions are more sophisticated than ever, from the products they provide, the regulatory environments they swim in and the fortitude of their internal infrastructures.

Read Article

SMF24 Perspective: The COO’s regulatory obligation

The aftermath of COVID-19 has emphasized the criticality of operational resilience in navigating the complexities of today’s world.

Read Article

Operational resilience in the face of climate change

There is no denying that we are feeling the effects of climate change but have you assessed the risks to your operations and are you making the adaptation measures required?

Read Article

Operational Resilience: Prioritizing Customer Trust in Times of Disruption

In today’s interconnected and fast-paced global economy, disruptions are inevitable. Whether due to cyber-attacks, natural disasters, pandemics, or supply chain failures, businesses must be prepared to navigate these challenges.

Read Article

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.