Identified OCiR shortcomings and shared challenges
Following the 2008 financial crisis, regulators have increasingly mandated that financial institutions should demonstrate robust contingency plans for sustained operations during potential recovery or resolution phases, ensuring the protection of retail clients, critical functions and the broader economic landscape. This drive resulted in the emergence of operational continuity in resolution (OCiR) regulation. This blog examines the degree to which firms have demonstrated effective implementation of OCiR having worked with several clients to support their OCiR adoption.
Background
Operational continuity in resolution OCiR is a Prudential Regulation Authority (PRA) requirement. Supervisory statement SS4/21 sets out the expectations for banks, building societies and investment firms to ensure the operational continuity of critical services are provided to customers to facilitate recovery actions, resolution and related restructuring.
Implementation of this regulation is mandatory for firms that, within the past 36 months, falls within one of three criteria:
-
The firm’s average total assets reported under chapters 7 and 9 of the BoE Rulebook exceed £10bn.
-
The firm’s average safe custody assets reported per SUP 16.14 of the FCA Handbook exceed £10bn.
-
The average sight deposits reported or would’ve been reported under the ITS on supervisory reporting are greater than £350m.
Executives have accountability, under the Senior Managers’ and Certification regime, to ensure provision for OCiR and ongoing compliance against the following pillars:
- Structure, scope and definitions*
- Service mapping
- Service continuity
- Contract management
- Management and governance
- Financial resilience
*Structure, scope and definitions provides context on the firm in question.
Identifying common pillar specific gaps
In assisting various financial institutions with regulation adherence, Be UK has identified common areas where further attention is often needed to ensure robust compliance.
Service mapping
The PRA expects firms to showcase how their operational arrangements for critical services aid recovery and resolution through a service catalogue. While many firms have effectively mapped services, they often use static platforms like Excel, risking data integrity due to manual updates and poor version control. Adopting dynamic platforms can ensure accurate data and immediate access to detailed information when regulators inquire.
Contract management
Firms need to review existing contracts to ensure that resolution-resilient terms for critical services, whether intra-group, intra-entity, or non-group providers are added. If contracts omit this protection, firms should develop a remediation plan detailing steps, responsibilities, and timelines. A robust substitutability approach to materiality assessments if a supplier refused to adopt the language should also be included.
Service continuity
Firms must ensure the continuity of critical services during restructuring events, regardless of differing stress scenarios. Yet, many exhibit inadequate playbook coverage lacking provisions, communications, steps, and testing scenarios for recovery and resolution. Firms should be prepared, as regulators may request this information for immediate presentation.
Management and governance
Firms should have appropriate forums to ensure OCiR’s delivery, response to stress scenarios, consistent firm-wide OCiR understanding, and retention of key staff. Confusion around OCiR often abounds, especially during recovery and resolution roleplays and testing. Governance is frequently absorbed into broader committees, diminishing OCiR’s significance. It’s crucial for firms to bolster OCiR education and establish a specialised forum to address its concerns.
Financial resilience
The PRA mandates firms to maintain sufficient financial resources for stress resilience, considering charging structures, operational assets for critical services, risks, early warning indicators (EWIs), appropriate liquidity and critical provisions. While many firms make good progress in this area, they should be prepared for regulatory requests for clear evidence substantiating the calculation and provision of liquidity, charging structures, operational assets, risks, and EWIs. This is often unclear.
Closing thoughts
Firms will often have many initiatives to consider and cost implications to balance when undertaking regulatory improvements. They should not risk regulator scrutiny through lack of addressing their OCiR gaps, many of which are easily identifiable and rectifiable.
For firms that are currently implementing OCiR SS4/21 Be UK have a proven health check tool which is typically executed in four to six weeks and provides insight into where OCiR delivery is on track and where there is risk to delivery.
Please attend our OCIR webinar soon.
About the authors
George is a manager in the retail and commercial banking practice at Be | Shaping the Future UK. George has delivered projects for UK and European banks, UK wealth managers, asset managers and professional services firms from front to back office.
Marie is an experienced consultant in the retail and commercial banking practice at Be | Shaping the Future UK. Marie has worked on a variety of large-scale regulatory and transformation change projects across financial services and the legal and technology industries.
