Operational Resilience – Financial Services and Telecommunications
While cyber risk has taken much of the attention in the news, the UK government and regulators have been increasing their focus more generally on operational resilience and its impact on the economy
The government monitors critical national infrastructure (CNI) closely, and both finance and telecommunications are regarded as CNI. The Cabinet Office publishes a public summary of Sector Security and Resilience Plans annually. The report notes that overall the finance sector has made good progress in improving resilience to threats, and indicated that future resilience exercises will be necessary, particularly in financial services:
Over the next year, the Financial Authorities will deliver a comprehensive work programme to improve the resilience of the finance sector. We will ensure that we have the tools to deliver improved resilience, including drawing on the expertise of the National Cyber Security Centre and the Centre for the Protection of National Infrastructure.
We will help the sector improve their operational resilience, including through exercises involving industry. We will also continue to improve our collective incident response capability and work closely with our international partners to develop our understanding of evolving threats to the global financial system.
Source: Cabinet Office sector security and resilience plans (page 16)
As well as the recent focus on outsourcing, in particular the European Banking Association’s (EBA’s) final guidance on outsourcing agreements, there is a wider focus on concepts of business continuity and operational resilience. The Bank of England, Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) accelerated the discussion more formally with its discussion paper (July 2018) “Building the UK Financial Sector’s Operational Resilience”.
This paper identified a concept of operational resilience to bring this to the attention of boards and senior executives in regulated firms. The paper concludes that vital elements of key business services are being delivered in the financial services sector by companies operating outside the regulatory perimeter, often concentrated among a few major providers. Increasingly this concentration risk includes the use of key cloud providers, including Amazon Web Services and Microsoft Azure amongst others. The report was followed by a paper from UK Finance and EY “operational risk in financial services” and a second report from the CityUK and PWC “operational resilience in Financial Services – time to act”, which this note looks at in more detail.
Both of the reports require a business to address its operational risk within the context of more developed security frameworks. Whilst these are in large part driven by cyber security, the concern over a national over-dependency on a small number of viable vendors is common also.
In the telecommunications sector, a recent report (July 2019) by the Department for Digital, Culture, Media and Sport (DCMS), the UK telecoms supply chain review report (CP158), addresses similar issues around concentration risk and how in the telecommunications sector’s case concentration risk in the UK is principally focused on a handful of key vendors, particularly Ericsson, Huawei and Nokia, who supply the main UK mobile operators. News around Huawei’s restricted listing in relation to communications equipment supply by the US government because of fears over technology risk has been clearly documented. In financial services, the debate has continued with a joint report from TheCityUK and PwC, “Operational resilience in financial services: time to act”. This report draws on similar themes in a wider discussion on operational resilience
For more information please contact Mark Bailey on +44 (0)20 7427 6519 or at Mark.Bailey@crsblaw.com.
The Future of Property Careers
Join to our panel discussion and Q&A with industry leaders on the range of opportunities within the property and construction sector.
COVID-19 Vaccination – can an employer make it compulsory for employees?
We review what legal issues to take into account when considering to make vaccination compulsory as an employer.
Music to our ears? Well, perhaps not for Apple.
A feud first began when the music streaming giant, Spotify, filed a complaint against music streaming provide rand competitor, Apple Inc.
Linking ESG and Executive Pay
How does a business go about embedding a focus on strong ESG performance into the structures and culture of its organisation?
National Security and Investment Act granted Royal Assent
The Act establishes a new regime for the review of mergers, acquisitions and other transactions that could threaten national security.
Recent Trends In Firewall Legislation: BVI, Bermuda And Gibraltar
Charles Russell Speechlys advises Waverton on acquisition of Cornerstone Asset Management
Established in July 2010 and with offices in Edinburgh and Glasgow, Cornerstone offers wealth management and financial planning advice.
What do the new Debt Respite Scheme Regulations mean for Landlords and Tenants?
This will provide legal protection from creditors in the form of either a breathing space or a mental health crisis moratorium.
Charles Russell Speechlys promotes five to Partner
The promotions are effective 1 May 2021 and are accompanied by one Legal Director and 15 Senior Associate promotions.
Risk allocation in commercial leases: the High Court considers rent suspension, insurance and frustration arguments
Read our summary of the full judgement on the latest Covid arrears case.
Charles Russell Speechlys boosts private wealth offering with the hire of an international tax team
Robert Reymond will be joined at the firm by Leigh Nicoll, Emma Tyrrell and Oliver Cooper.
Proposed Takeover Code Amendments – Key Changes
The Consultation Paper has now been followed by a corresponding response paper which made certain modifications to the initial proposals.
Competition and Markets Authority announces review of the EU vertical agreements block exemption
The UK Competition and Markets Authority is reviewing the future application of the EU vertical agreements block exemption in the UK.
Playing Copycat – Why have M&S begun legal action against Aldi over Colin the Caterpillar?
M&S’s chocolate caterpillar was the first of its kind to land on our supermarket shelves, over 30 years ago.
Building Back Better: Future Gazing
What’s next for the hospitality industry post-pandemic?
Building Back Better: Re-examining your proposition
Why hospitality businesses should re-examine their proposition now
Building Back Better: Real Estate and Restructuring
How and why should hospitality businesses re-structure post pandemic?
Charles Russell Speechlys advises Fudco Partnership on sale to Exponent-backed Vibrant Foods
Fudco is a family-owned business selling South Asian ethnic foods in UK and Europe.
Charles Russell Speechlys advises Polar Technology on investment by BGF
Polar Technology Management Group is a holding company for engineering businesses operating at the leading edge of technology.