Disaster Recovery Journal Summer 2023

ent processes and tools. This results in departmental silos producing inconsistent reporting and decision-making. To solve this, organizations are estab lishing cross-functional steering commit

(DORA), the UK’s “PS7/21 outsourcing and third-party risk management” as well as “DP3/22 Operational resilience: Critical third parties to the UK financial sector,” and Australia’s “CPS 230 Operational Risk Management”

Most of these regulations have a common requirement: firms must be able to map their critical business services and interrogate all processes, assets, and resources that support those services, both within the company and throughout its supply chain. This holistic approach demands a comprehensive, integrated plat form that allows organizations to view their data and analyses through a single lens. The Time is Now for Operational Resilience Updating or overhauling a company’s operational resilience program can seem daunting – but it’s been proven time and again that a well-functioning resilience program is the best insurance against finan cial and reputational loss. Events, like the recent Silicon Valley Bank collapse, may suggest many risks are unpredictable, but the root causes and lack of adequate risk management are there if we look. Firms can be proactive and must focus on what they are empowered to do now. By stream lining teams and processes, reprioritizing investments based on vulnerabilities, and finding properly tailored technology, firms will be better prepared to weather the dis ruptions of the future. v

Most of these regulations have a common requirement: firms must be able to map their critical business services and interrogate all processes, assets, and resources that support those services, both within the company and throughout its supply chain. “

tees, bringing together leaders from operational resilience, business con tinuity and disaster recov ery, cybersecurity, and third-party risk manage ment to align comple mentary programs, teams, data, and metrics. In addi tion to ensuring consis tency and streamlining processes, breaking down these silos also increases transparency, knowledge, and alignment across the firm. Of course, these col laboration programs require strong leadership (with some bringing in a chief resilience officer) as well as a significant change in the company’s culture and approach to risk and resilience. These leaders are best situated to provide key insights and analysis for executive teams to consider when

(including third-party risk management). This is set ting in motion a change to best practice methodolo gies around supply chain resilience, with even those unaffected by the regula tions looking to align with requirements. Supply chain disrup tions and consequent impacts are particularly hard to manage due to the amount of time that it can take to onboard and offboard firms and then rebuild the resources to satisfy the requirements of all process and service owners. This is exacer bated when battling ven dor-based cybersecurity breaches, which are only on the rise as attackers recognize the value that they bring in access points to a wide range of firms. To combat this effectively,

Kate Needham-Bennett is a resilience specialist based in the UK, working with organizations worldwide and exploring how they might develop their risk and resilience programs with Fusion Risk Management.

making critical company decisions around matters which involve digital transforma tion, geographic expansion, or third-party initiatives. Increase Focus on Third-Party Risk Management Organizations must also sharpen their focus on their third-party risk exposures as they pertain to important or critical busi ness services. Resilience teams are work ing with third-party management teams to better assess potential supply chain vul nerabilities and understand the risk pro files of their critical third parties. There has been a recent plethora of regu lation around critical third-party providers to the financial services sector, such as the EU’s Digital Operational Resilience Act

it has never been more necessary for cyber, resilience, and third-party teams to work in conjunction. Think Globally, Act Locally With the rise in regulatory scrutiny, firms are being challenged with a new obstacle: the increasing complexity of run ning one holistic program that complies with all global regulations. The stakes can be high in terms of fines; the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) issued their first fine (of £48 million/$58 million) against the lack of operational resilience measures to TSB Bank in December 2022. The operational, legal, and reputational stakes can be even higher to remediate, costing millions to even billions. “

To date, she has been working as a practitioner in finan cial services firms setting up programs for M&A resilience onboarding, crisis management, and operational resilience to meet the evolving regulations. Needham-Bennett is now focusing on how technology can help make resilience easier, quicker, and more affordable for others, leaving them room to focus on innovations.

As chief resilience innovation officer, Steve Richardson has more than 15 years of experience in the risk and resilience indus try and is an original architect of the Fusion Framework® System™. Through leadership

roles in sales, services, and product management as well as his focus on customer success, Richardson brings a diverse set of skills and experience to Fusion’s customer community. He also leads strategic engagements for cus tomers across industries with specific expertise in financial services and banking. Richardson is a regular presenter at customer and industry events and works closely with industry analysts and strategic partners to establish Fusion as a market leader.

18 DISASTER RECOVERY JOURNAL | SUMMER 2023