4
The relationship between operational resilience and Business Continuity Planning (BCP)
4.1
The PRA requires a bank to ‘have in place adequate contingency and business continuity plans aimed at ensuring that in the case of a severe business disruption the firm is able to operate on an ongoing basis and that any losses are limited’.[10] Similarly, an insurer is required to ‘take reasonable steps to ensure continuity and regularity in the performance of its activities, including the development of contingency plans’.[11] These requirements and the PRA’s operational resilience policy contribute to firms’ response and recovery capabilities.
Footnotes
- 10. CRR Firms – Internal Capital Adequacy Assessment 10.2.
- 11. Rule 2.6 in the Solvency II Firms – Conditions Governing Business Part of the PRA Rulebook.
- 31/03/2022
4.2
BCP policies and the PRA’s operational resilience policy are closely linked. However, the PRA’s operational resilience policy focuses on a firm’s ability to deliver its important business services rather than single points of failure. The PRA considers both policies together when supervising firms. For example, when assessing whether banks are meeting the PRA’s expectations in SS21/15 ‘Internal governance’,[12] the PRA considers if banks’:
- recovery priorities for their operations[13] prioritise the delivery of important business services within impact tolerances;
- allocation of resources and communications planning for business continuity planning focuses on the delivery of important business services; and
- tests of business continuity plans complement the testing of disruption scenarios and relate to impact tolerances.
Footnotes
- 12. April 2017: https://www.bankofengland.co.uk/prudential-regulation/publication/2015/internal-governance-ss.
- 13. Paragraph 2.1(b), SS21/15.
- 31/03/2022