Guy Warren, CEO at ITRS
It has been more than eighteen months since the Financial Conduct Authority’s (FCA) operational resilience regulations came into force. In that time, we have seen the authority impose substantial penalties for organisations’ failure to meet requirements, in some instances fines of up to £50 million have been levied due to failings. Fines of this size not only highlight just how seriously the regulator is taking this matter but also reveal that the era of bare minimum compliance is now over. Indeed, such penalties show that simply ticking the box when it comes to operational resilience is no longer enough.
A key aspect of operational resilience is knowing at any given point what it’s like to be in a customer’s shoes. Operational resilience requires firms to ensure their systems are always optimised, and that customers can access services at any time. So, to be truly operationally resilient, firms need to adopt a customer-first mentality at all times in order to know what it’s truly like to be on the front line.
Increasing regulation
Operational resilience is an increasingly regulatory concern. According to the FCA, “operational disruptions can cause wide-reaching harm to consumers and pose a risk to market integrity, threaten the viability of firms and cause instability in the financial system … it is critically important for firms to understand the services they provide and invest in their resilience.”
It was this understanding that resulted in the FCA’s regulatory framework on operational resilience coming into force in March 2022. A similar recognition that “ICT incidents and a lack of operational resilience have the possibility to jeopardise the soundness of the entire financial system” saw the publication of the EU’s Digital Operational Resilience Act (DORA) later that year. And, while it may currently only offer supervisory guidance on the subject, it’s only a matter of time before the US introduces regulations too. Firms must therefore guarantee operational resilience on a global scale or risk being on the wrong side of their respective regional regulators.
Most recently, the introduction by the FCA of new rules for financial services firms has further emphasised its desire to protect customers. Effectively an extension of the operational resistance regulations, the Consumer Duty sets higher and clearer standards of consumer protection across financial services and requires firms to put their customers’ needs first – at all times.
Real user monitoring
The main objective of operational resilience is to identify potential problems in a firm’s IT systems and services before they occur, and to develop a plan to either mitigate their impact or to allow the firm to quickly recover with little or no disruption to the customer experience.
Monitoring is key to this. The right performance monitoring practices can both ensure regulatory compliance, and lead to better end-user experiences. It’s important to monitor the steps that make up a customer’s transaction journey, for instance, all of which can be susceptible to failures that can affect satisfaction. Monitoring critical workflows such as logins, balance checks, deposits and money transfers, can offer a firm assurance that everything is working as expected. From the customer’s perspective, the transactional journey is seamless.
To truly understand the view from the front line, however, firms need to collect data from users in real time. Without this, they will be unable to develop the models of behaviour they need to devise procedures for mitigating and recovering from the effects of any incidents that might arise. By harnessing actual users’ experience of a firm’s website, a Real User Monitoring (RUM) solution can quantify the performance of that site’s performance, from wherever it’s accessed. By gaining and analysing important metrics from a local perspective, a firm can then mitigate and recover from incidents that might be affecting a particular user or group of users.
Customer-first mentality
The recent introduction of increasingly stringent – and punitive – regulation means financial services firms must take every step to ensure operational resilience across their IT systems.
Monitoring the performance of these systems is crucial in helping to predict and mitigate IT failures before they occur. But achieving the necessary higher standard of consumer protection and satisfaction requires more than this. Firms must see their systems and services as their customers do. And it’s not just companies in the financial services sector that need to adopt this approach. As all services become digitally native, businesses across sectors must be sure that a customer-first mentality is always present.
With operational resilience more important than ever, firms today must monitor the performance of their local sites and services from a user’s perspective. Only by taking a view from the front line will firms truly be on the front foot when it comes to giving consumers the best service possible.
