What is Operational Resilience?

What is Operational Resilience?

How to define Operational Resilience? What are its pillars?

To discuss operational resilience, we must change our perspective. We no longer only look at the impacts on our organization; We also need to look at the impacts on the market and those that would directly affect our stakeholders.

‍

With the increasing number of IT breakdowns, natural disasters, or cyberattacks, operational resilience is increasingly an aspect that organizations need to consider.

By developing a strong operational resiliency culture and practices, organizations can prepare for the unexpected, minimize downtime, and recover quickly from crises.

In this article, we'll explore the fundamentals of operational resilience to help you implement it within your own organization.

‍

Definition of Operational Resilience

Operational resilience refers to an organization's ability to anticipate, prepare, respond to, and adapt to unforeseen situations that could disrupt its operations.

It should be remembered, however, that this definition refers more to a postulate than to a universal truth.

‍

Indeed, the definition of operational resilience is the subject of much debate due to the lack of a uniform definition. Depending on the regulations, the definition of operational resilience can vary, as requirements continually evolve over time.

Generally, operational resilience now forms part of a proactive approach that aims to protect the stability and health of the concerned parties, placing them at the center of the organization's resilience practices and processes.

‍

In practice, adopting an operational resilience approach involves implementing specific measures and strategies to anticipate and manage disruptions. This not only minimizes the negative impacts on operations but also ensures a quick and efficient recovery after an incident. Operational resilience represents a crucial investment to protect important and critical services, maintain customer trust, and enhance long-term competitiveness.

‍

Thus, whether to comply with various regulatory requirements or to ensure sound business practices, organizations have every interest in implementing an operational resilience process.

‍

In 2024, 64.8% of organizations report having an operational resilience program in place.

Source: Business Continuity Institute Report, Operational Resilience 2024

‍

Operational Resilience vs. Business Continuity

Although often confused, operational resilience and business continuity represent two distinct yet complementary approaches.

• ‍‍On one hand, business continuity focuses on maintaining priority activities during disruptions at a predefined acceptable capacity.
• On the other hand, operational resilience adopts a comprehensive perspective aimed at developing an organization's ability to anticipate, respond to, and adapt to these disruptions.

So while business continuity aims to ensure that operations continue despite an interruption, operational resilience focuses on agility and adaptability to not only survive, but thrive in a constantly changing environment.

‍

The importance of Operational Resilience

Operational resilience is crucial for developing your organization's ability to better absorb shocks and disruptions in a preventive rather than reactive manner.  

Nowadays, organizations rely on an increasing array of systems, technological tools, subcontractors, and partners to carry out their operations.

While this approach offers numerous advantages, it is not without risk, as each element introduces new potential threats.

Operational resilience is the safeguard for market integrity and the preservation of stakeholders' interests

‍

Reasons to Have an Operational Resilience Program

According to the BCI Operational Resilience Report (2024), the primary reason driving organizations to adopt an operational resilience program is compliance with requirements and laws.

The financial sector, especially in the United Kingdom, is a pioneer in developing operational resilience regulations. Indeed, following the 2008 financial crisis and later, as a result of the COVID-19 pandemic, governments have strongly regulated financial institutions to develop adaptability to crises.

As a result, organizations are increasingly encouraged, and even required, to implement operational resilience programs to protect themselves against future crises.

‍

Here are the popular reasons to have a resilience program:

• Regulatory requirements – 67.0 %
• For good practices purposes – 58.5 %
• Business and/or customer benefits – 31.1 %
• To prepare for new regulations 27.4 %

Source: BCI Operational Resilience Report 2024.

‍

Operational Resilience Regulations

Many regulations and laws in various countries directly or indirectly address aspects related to operational resilience, such as business continuity, crisis management, data protection, cybersecurity, and other related areas.

‍

One of the most important regulations governing operational resilience is the Digital Operational Resilience Act (DORA).

DORA, or the Digital Operational Resilience Act, is a European regulation designed to strengthen the resilience of financial entities against digital risks. Adopted by the European Union, this regulation applies to financial institutions such as banks, insurance companies, investment firms, as well as IT and communication service providers.

‍

Here are some of the most important regulations of operational resilience:

‍

Regulations on operational resilience in the UK and Europe

• The Prudential Regulation Authority (PRA) Supervisory Approach to Operational Resilience (source)
• The FCA Supervisory Approach to Operational Resilience (source)
• Ireland: Cross Industry Guidance on Operational Resilience (source)

Regulation on operational resilience in the United States

• Sound Practices to Strengthen Operational Resilience (source)

Regulation on operational resilience in Canada

• The Office of the Super Intendant of Financial Institutions (OSFI) Guidelines, (source)

‍

Regulations on operational resilience in Australia

• Prudential Standard CPS 230 standard, by the Australian Prudential Regulation Authority (APRA) (source)
• The Marketing integrity rules, by the Australian securities & investments Commission (source)

Regulations on operational resilience in the world

• Global: Basel Committee on Banking Supervision (BCBS) Principles for Operational Resilience, by the Basel Committee on Banking Supervision (source)
• Singapore: Paper on operational risk management and the management of outsourcing and third parties, by the Monetary Authority of Singapore (MAS) (source)
• Hong Kong: SPM Module OR-2 on operational resilience (source)

‍

The Challenges of Operational Resilience

Implementing operational resilience involves several challenges that organizations must face.

‍

Here are some of the main challenges of operational resilience:

• ‍Coordination and governance of all resilience activities‍
• Identification of the organization’s important services, including impact tolerances, dependency mapping, crown jewels, functional BIAs, etc.‍
• Threat assessment, which includes scenarios, evaluation, operational risk management, and supplier relationship management‍
• Planning of solutions and responses, including strategic crisis management, business continuity, cyber response, tactical plans, and other operational plans‍
• Testing and exercises with severe but plausible scenarios and incident management
• ‍Meeting conformity and regulations requirements

Need Support for Your Resilience Program?

Premier Continuum has been working in the field of business continuity and organizational resilience for over 25 years.

We offer consulting services in operational resilience, facilitated through ParaSolution, our resilience management software.

Let's schedule a meeting!