Prudential Regulation Authority Rulebook

2.1

The role of firms’ boards and senior management is central to the PRA’s operational resilience policy. Boards are accountable for, and should approve, the identification of their firm’s important business services, impact tolerances, and self-assessment.

2.2

The ability of firms to deliver their important business services within their impact tolerances depends upon appropriate reporting and accountability to be in place throughout the firm. Where limitations are identified, leadership from the firms’ board and senior management is essential to prioritise the investment and cultural change required to improve operational resilience.

2.3

The PRA considers whether firms are delivering the outcome of operational resilience when assessing the adequacy of a firm’s arrangements to deliver other expectations of boards. When the PRA considers its expectations for boards in its operational resilience policy and elsewhere in its regulatory framework, it considers, for example, if boards:

• have appropriate management information available to inform decisions which have consequences for operational resilience;
• have adequate knowledge, skills, and experience in order to provide constructive challenge to senior management and meet their oversight responsibilities in relation to operational resilience; and
• articulate and maintain a culture of risk awareness and ethical behaviour for the entire organisation, which influences the firm’s operational resilience.

2.4

The Chief Operations Senior Management Function (SMF) 24, where it applies, includes responsibility for the firm’s operational resilience. The PRA’s operational resilience policy provides further detail to firms on this responsibility.