One of the ways in which regulators assess their performance is by measuring whether consumers get the products and services they need and want from firms they can trust. Principle 6 (of the Principles for Business) and the subsequent 6 Treating Customers Fairly Outcomes explicitly call out the obligation to pay due regard to our customer’s needs and for products and services to perform as reasonably expected.
Yet things can and do go wrong – and regulators remain concerned that Financial Institutions are not doing enough to identify where this might happen or to remedy weaknesses in their businesses which allow this to happen.
This course explores the FCA and PRA proposals, explains the requirements and considers how we in firms can deliver a more resilient operational framework to deliver on what our customers and clients expect.
|Date||28 January 2022|
|Time||09:00 – 13:00 UK Time|
|Price||GBP 300 (excl. VAT)|
During this training we will discuss:
Understand the regulatory drivers and priorities
Recognise the milestones and timelines to full compliance
Consider the factors you should promote to build an inclusive operational resilience framework that staff can buy into
Provide a foundation for your in-house strategies
Understand the criteria by which you can identify important business services
Recognise common risks and disruptors to operational stability
Session 1: Introduction – the regulatory position
FCA and PRA positions – risks to regulatory objectives
Where we are now and how we got here
Looking forward to March 31 2022 – what are the expectations and timelines
Key milestones and practical validation requirements
Rules or guidance – specific firm applicability
Case Studies: Issues at British Airways, O2, TSB Bank, HSBC (customised to client)
Session 2: Governance & Strategy
Messaging – more than “Everyday Business Continuity”
Prevent, Adapt, Respond, Recover, Learn
SM24 responsibilities and broader SMCR integration
Roles for all leaders, line of sight to senior management
Leadership in a hostile cyber environment
Session 3: Building an effective and compliant operational resilience program
Identifying key business services
Single activities – not groups
Criteria for consistent assessment
Alignment with other business themes
Setting impact tolerances
Identifying Risks and Disruptors
Probability / Impact / Control Effectiveness
Value-based / Volume-based / Time-based
Quantifying the maximum tolerable level of disruption
Addressing both FCA and PRA concerns
Understanding upstream / downstream dependencies by identifying and documenting:
First Line – Monitoring / Surveillance
Second line – Testing
Scorecards / Dashboards – what, how, where
Stress testing / Scenario modelling
Annual review / Material change
Exercise – Breakout Rooms – Groups to discuss challenges and opportunities in building an effective program using templated handouts
Session 4: Holistic management considerations
Links to Business Continuity / Disaster Recovery
Front, middle and back office – connecting the lines to benefit consumers
What actually happens when business services are disrupted – roles and responsibilities
Communication plans – internal and external
Employees – engage, empower, evolve
Documenting effective self-assessment and lessons learned
Who should attend
PRA and FCA have differing application criteria though in the main, banks, building societies, PRA-designated investment firms, RIEs and ‘Enhanced’ SM&CR firms will have rules mandated. That said, the FCA’s expectation is that all firms will have properly tested contingency plans and it is considered likely that the rules will apply as guidance for Core SM&CR firms who are solo-regulated.
Relevant staff roles include Risk and Compliance, Operational Oversight and Management plus those in Business Continuity and Disaster Recovery who will have crossover responsibility for operational resilience.
Who is Steve Fairclough?
Steve began his financial services career in 1993 and has over 20 years practical training experience across a range of sectors and topics. He is a former Head of Education for HSBC covering the UK and Europe, responsible for regulatory and financial crime related compliance learning. His time at HSBC was during intense scrutiny from regulators and government functions during the bank’s Deferred Prosecution Agreement. Other roles include leading the Monitoring and Testing programme for a UK Wealth Manager, and Senior Vice President responsible for Global Risk & Compliance training at a US-based bank. He also worked in the Insurance Firms division at the Financial Conduct Authority (in the FSA days) where he was the divisional expert for the rules and outcomes required under the Training & Competence handbook.
The HSBC role, along with five years at Barclays in their Private Clients and Wealth functions, has seen Steve work with retail, commercial, wholesale and private banking channels. Since leaving HSBC, Stephen has worked with the compliance, HR and operational teams of firms to enhance their regulatory understanding, as well as delivering content across private equity firms, investment houses, banks and wealth managers. He regularly delivers core programmes for TISA and the Investment Association.
Steve is a former member of the Investment Management Association Training & Education Committee and won the Thomson Reuters award for “Most Effective Compliance Training at a Regulated Firm” in 2010.
Price - 300
Duration - 5
CPDs - 5