The ability for a firm to respond, recover and adapt to major disruptions inthe most efficient and effective way possible is key to ensuring continuity of critical services and functions.

• For the Firm: Operational resilience strengthens the firm’s market position, ensures business continuity, protects against financial losses, and supports sustainable growth. It also fosters a culture of innovation and agility, enabling the firm to navigate the complexities of the modern business landscape more effectively.

• For Customers: Customers benefit from uninterrupted access to products and services, which is crucial for their satisfaction and loyalty. In times of crisis, the firm’s ability to maintain operations can be critical for customers depending on those services, enhancing customer trust and confidence in the firm.

Lets provide some real examples where operational resiliency failed and the impact to both the business and customers;

British Airways (2017): British Airways suffered a massive global IT failure, reportedly caused by a power surge that led to worldwide flight cancellations, affecting 75,000 passengers. The failure was linked to the airline’s cost-cutting measures and outsourcing of IT jobs, which raised questions about its operational resilience and crisis management strategies.

Robinhood (2020): The trading app experienced multiple outages during periods of high trading volume and market volatility, notably in March 2020. These outages prevented users from accessing their accounts and executing trades, leading to significant customer backlash and regulatory scrutiny. The incidents underscored the need for robust operational infrastructure capable of handling spikes in demand.

COVID-19 Pandemic Exposing Operational Vulnerabilities: The pandemic exposed operational vulnerabilities in firms’ financial crime systems and controls, showing how unexpected global events can test the resilience of organizations. Companies that failed to adapt to remote work, reconfigured physical workspaces, and revised logistics faced significant challenges, impacting their operations and customer service

These examples illustrate the critical importance of operational resilience across different aspects of business operations, including IT infrastructure, data security, risk management, and corporate governance. Companies that neglect these areas can suffer from financial losses, reputational damage, regulatory penalties, and loss of customer trust.

Now, as a big fan of quick wins, what are the key steps that firms could implement in a short space of time while rolling out a more comprehensive operational resilience plan?

Below I’ve listed some initiatives that all firms not just financial services should consider if they are determined to strengthen their operational resilient capabilities:

1. Implement Cybersecurity Hygiene PracticesConduct a quick cybersecurity assessment. Implement basic cybersecurity measures.
2. Develop a Crisis Communication PlanIdentify key stakeholders and communication channels. Draft template communications for various scenarios.
3. Establish a Business Continuity Plan (BCP) Lite VersionIdentify critical business functions and processes. Develop simple plans for continuity or quick restoration.
4. Conduct a Mini Risk AssessmentIdentify the top five risks. Develop immediate mitigation strategies.
5. Leverage Cloud Services for Critical ApplicationsIdentify critical applications and data. Migrate to cloud services for enhanced resilience.
6. Initiate Quick Training Sessions on Operational ResilienceDevelop and conduct short training modules. Schedule mandatory sessions for all employees.
7. Set Up an Emergency Response TeamSelect a cross-functional team. Provide basic training and responsibilities.
8. Quick IT Infrastructure AuditPerform a rapid review of IT infrastructure. Address critical issues with quick fixes or updates.
9. Review and Update Vendor Risk ManagementAssess resilience and risk posture of key suppliers. Develop contingency plans or identify alternatives.
10. Establish a Simple Monitoring and Alert SystemSet up basic monitoring of critical systems. Implement alert mechanisms for potential disruptions.
11. Enhance Disaster Recovery PlansRapid DR Assessment: Assess current DR capabilities to identify gaps or vulnerabilities.Update DR Plans: Ensure DR plans are current, reflecting the firm’s operational and technological landscape.Implement Testing and Drills: Conduct straightforward DR drills to improve preparedness and identify plan weaknesses.Adopt Cloud-Based Backups: Utilize cloud services for scalable, secure backup solutions.Update Communication Plans: Revise DR communication protocols for clarity and efficiency during a disaster.Coordinate with Vendors: Ensure key vendors and partners have compatible and effective DR plans.

Implementing Quick Wins:

• Prioritize: Start with the initiatives that can be implemented the fastest and have the highest impact on operational resilience.
• Allocate Resources: Assign dedicated teams or individuals to each quick win initiative, ensuring they have the necessary resources.
• Engage Stakeholders: Keep key stakeholders informed about the initiatives, securing their support and involvement where necessary.
• Monitor and Adjust: Regularly review the progress and effectiveness of these quick wins, making adjustments as needed to ensure their success.

By implementing these quick wins, firms can significantly enhance their operational resilience infrastructure in a short period, laying a strong foundation for more comprehensive resilience strategies in the future.