The Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) recently introduced strict rules on operational resilience. One particular large general insurer approached us to interpret the rules, turn them into practical business requirements and implement the changes – all within constrained resources. The company had to overcome these challenges and comply by the deadline, or risk facing action by the regulators.
We partnered with the insurer to perform a regulatory decomposition
First, our experts looked at each rule to see whether it was relevant to the business, before deciding what changes were necessary to achieve compliance. Based on this, we drafted a set of business requirements and a new project structure to strengthen operational resilience. This enabled the insurer to achieve compliance, while minimising business risk and the impact on its workforce. Next, our experts created and implemented key evidencing artefacts that demonstrate compliance. For example, the insurer had to identify its ‘important business services’ – those that have a significant impact on clients and the broader financial industry – and show how they could cope with disruption. Our success came from taking the time required to understand the client’s needs, and designing a bespoke solution.
Set up for the long-term
The insurer met the compliance deadline, but that was just the start. The company is boosting its operational resilience, by pinpointing and addressing potential risks and weaknesses. Because we carefully transferred knowledge and capabilities, the insurer can manage its operational resilience independently in the future.