Introducing OpRes: Reimagine Operational Resilience in Financial Services
Published by Ben Saunders - OpRes Founder
Roughly an 8-minute read
Welcome to our first ever blog on the OpRes website!
Over the course of this editorial, we will cover the key influences behind us launching OpRes, whilst providing you with some early insights into how our proposition is uniquely positioned to help financial services firms optimise their operational resilience in real-time. We hope you enjoy the read and look forward to sharing more insights with you over the coming months.
The Digital Agenda and Regulatory Backdrop in Banking and Financial Services
Digital transformation has been at the forefront of financial services firms’ strategies for the last decade. Whilst the socioeconomic impact of Covid-19 and Brexit are further accelerating many organisations own digital agendas. Whether this is through the closure of traditional bricks and mortar branches and the digitisation of key business service lines and products. Or the migration of their workforces to an entirely remote-only model. Whilst many firms are embracing the opportunity to innovate and revolutionize how their business serves customers, many are sitting in an uneasy position between a digital-first future, and their heritage systems of years gone by.
FinTech entrants, established competitors and a constantly evolving regulatory landscape are introducing new and more complex challenges on a global scale. To offset these challenges, many firms are adopting the public cloud and outsourced services to establish new and differentiated product offerings. This is introducing further complexity, to customer critical business service lines which have previously been hosted and operated within many firms’ own technology estates and privately owned data centers.
Whereas the use of public cloud services was slowly growing traction ~5 years ago. Today, many of the world's leading financial institutions now have multi-cloud agendas, cloud-first strategies and consume critical business services through Software as a Service (SaaS) models. Invariably, these SaaS propositions are often hosted in a small subset of leading Cloud Service Providers (CSP’s), such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). All of whom provide financial institutions with dynamic, scalable, and cost-efficient compute resources through both Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) offerings.
Against the backdrop of public cloud adoption, the financial services industry has been under a high degree of scrutiny from regulators following a number of high-profile service outages across the Globe. As far back as October 2019, a Treasury Select Committee in the United Kingdom highlighted that the current level of financial services IT failures was unacceptable and that regulators must act to enforce the financial services sector as a whole, to optimise the operational resilience of their business service lines. In response to these challenges, the Bank of England (BoE) the Financial Conduct Authority (FCA), and Prudential Regulatory Authority (PRA) published a discussion paper covering the subject of operational resilience and impact tolerances to important business service lines. Subsequently inviting feedback from financial institutions across the United Kingdom.
Almost in parallel, the FCA issued a set of guidelines to firms looking to outsource their important business services to the public cloud and other 3rd party suppliers. These were further reinforced upon recommendations published by the European Banking Authority (EBA) who drafted a set of suggestions to help firms identify risks when outsourcing to the cloud.
Indeed, it is important to highlight that many firms operate on a global level. Often trading across different regions, countries, institutions, entities and brands to deliver their products to customers. This brings additional complexity when similar guidelines around the outsourcing of business services to 3rd party suppliers and operational resilience have been issued by the likes of the Monetary Authority of Singapore (MAS), The Hong Kong Monetary Authority and multiple regulatory bodies in the United States of America such as the Financial Industry Regulatory Authority (FINRA) and the Office of The Comptroller (OCC) to name but a few.
Many firms will see regulation as a hindrance to innovation. However, as far back as 2017, I was stressing the importance of practices such as DevSecOps, compliance as code, and the RegTech movement as forces of good to help in addressing regulatory challenges, whilst accelerating digital transformation. Regulation alone can drive firms to think differently about how they address operational resilience. However, the financial services industry and the firms within it have a massive role to play themselves. In short, nobody wants to experience outages and no single organisation, wants to see themselves plastered across the media as a result of a technology service disruption.
In order for established leaders to maintain their market share; build stronger relationships with customers, both existing & new and deliver innovative products, operational resilience needs to be woven into the fabric of their everyday operations. It needs to be a Top 5 agenda item for both business and technology leaders and it requires constant investment and focus. By contrast, the 2008 financial crisis bought with it a raft of changes that financial institutions had to adopt in order to demonstrate financial resilience. These changes came at a significant effort and cost. For firms, demonstrating an understanding of their operational resilience gaps and fundamentally achieving their respective improvements in service availability should be comparatively cheaper.
These investments will bring new opportunities for firms and their customers. Whilst the incremental technical, procedural and people changes being introduced will no doubt enable businesses to deliver changes in a more agile and fluid nature, whilst remaining compliant with regulatory demands. It is based on the challenges above and the opportunities that firms are facing that we are building OpRes. In short, our aim is to enable financial institutions to reimagine how they tackle operational resilience.
Introducing OpRes and Our Call to Action
Whilst the evolution of our proposition has been born out of the regulatory challenges highlighted above. It is our collective experiences garnered from years of working across financial services that were the main catalyst for starting OpRes.
Our leadership team has operated across retail, business, commercial, and investment banking propositions delivering “run the bank” and “change the bank” initiatives across the World. Whilst we also have deep-rooted experiences working across the London Insurance markets, with a proven track record of helping those respective industries reimagine how they engage with their customers through the digitisation of their products and services.
For many years we’ve witnessed firsthand a pattern where financial institutions would often outsource the delivery of development, testing, release, and information technology delivery roles to global service integrators. Whilst for areas such as risk management and business resilience, there would often be a tendency to gravitate towards the “Big 4”. Or in some instances, boutique providers that specialise in these domains.
The onset of mass public cloud adoption in financial services and the shift to more modern, DevOps-oriented delivery models has resulted in my firms aiming to in-source their software and platform engineering resources. This move creates an inherent and deeper understanding of the systems, products, and business services that are provided by each institution and the people that operate them. Namely, their own people.
Arguably, as firms adopt greater levels of automation across their IT estates, this will release valuable people hours to support the execution of regulatory aligned tasks. Over time, we may well see a lesser reliance on outsourced risk and assurance services across regulated industries. As a direct consequence of a firm's internal skills and knowledge acquirement, when building and operating key business services themselves.
With that in mind, our target at OpRes is to build an intuitive and flexible platform that supports firms as they embark on a journey of transforming their business for the digital age. Whilst at the heart of our proposition, we want to remove friction from regulatory reporting and compliance procedures by making the relationships between technology, business services, and customer journeys more tightly correlated. In doing so, we believe that this will allow organisations to cross-reference multiple data sources in real-time, remove subjectivity from their resilience posture and become more evidence-based in the choices they make.
Our combination of artificial intelligence, machine learning, data & analytics, and workflow automation provides firms with an integrated, self-service SaaS capability that allows them to identify operational resilience gaps and track remediation efforts across hundreds, if not thousands of business services. We are aiming to make Operational Resilience reporting more efficient, less time-consuming yet oriented around our customers, customer.
Over the next few blogs, we will start to unpack our functional architecture and break down our unique value proposition. Whilst explaining how OpRes is being built with a specific focus on addressing heightened regulatory focus around:
Operational resilience to critical business service lines.
Concentration risks with a smaller subset of cloud service providers.
More granular understanding and reporting of dependencies across 3rd & 4th party suppliers.
On the 29th of March, the FCA published their finalised rules on Operational Resilience. You can read that announcement here. However, we are hoping to be very busy ourselves in the coming months helping customers tackle these requirements head-on.
Thanks for reading and stay tuned for more news and insights over the coming months. Remember you can follow us on LinkedIn and Twitter (We aren’t quite Instagram ready just yet). Whilst we will be sharing announcements around our Alpha release in the coming weeks. So please do subscribe to our Newsletter.
Thanks again, Ben