Site Search

Loading Results

Operational Resilience

Overview

The scope and application for Gibraltar firms in respect of Operational Resilience are set out in the Gibraltar Financial Services (Operational Resilience) Regulations 2023.

If you are an insurer, bank, specific investment firm, electronic-money issuer, payment service provider, or (re)insurance intermediary with revenue from regulated intermediary business of £35m then these regulations apply to you. The regulations also apply to certain groups.

Overarching principle

The Operational Resilience Regulations require firms to identify important business services and set impact tolerances for these services.

Self-assessments

Firms are required to document a self-assessment of their compliance with the Operational Resilience Regulations.

Governance

It is expected that the Board’s and senior management are responsible and accountable for and should approve the identification of important business services, impact tolerances, and self-assessments.

Communications

Firms must develop communication strategies for both internal and external stakeholders as part of their planning for responding to operational disruptions.

Outsourcing to third parties

As always, firms that enter into outsourcing arrangements with third parties remain fully accountable for complying with their regulatory obligations.

Implementation timelines

By 13 July 2024, firms must have identified their important business services and set impact tolerances.

By 13 July 2026, firms are expected to have a prioritised plan which sets out how they will comply with the requirement to be able to remain within their impact tolerances within a reasonable time.

After 13 July 2026, firms should have sound, effective and comprehensive strategies, processes, and systems that enable them to address risks to their ability to remain within their impact tolerance for each important business service in the event of a severe but plausible disruption.

How PwC can help

Using our unrivalled experience with clients on the topic of operational resilience, and our work helping regulators to develop proportional and effective regulation, we are strongly placed to help our clients in the following ways:

Desk-based health check and readiness assessment

PwC can help by performing a review of the accountability framework put in place by firms, including the implementation plan and whether the firm is likely to be ready in a mature state by 13th July 2024.

Proactive assurance and maturity assessments over the design, implementation and operation of your framework, including using our Operational Resilience Maturity Assessment.

Designing and building an operational resilience framework and toolkit

This includes methodologies for identifying important business services and setting impact tolerances.

Project management

PwC can offer the support of a project management team to ensure that implementation plans are actioned on a timely and dedicated basis, ensuring that timelines are adhered to.

We can also work closely with the responsible individuals to ensure that the full suite of important business services are identified, mapped out, tolerances are set and ensure that the strategies, processes and systems are proportionate and robust to the firm.

Secondments

Where firms have limited on the ground teams available to move away from BAU activities, PwC can offer appropriate individuals on a temporary basis to ensure that implementation plans are achieved.

Regulatory support

Regulatory advice and consultation paper responses, sharing our own insights on the evolving policy documents and through discussions with regulators and other firms.

Internal Audit

PwC’s dedicated internal audit team can assist by providing independent and objective assurance to stakeholders that the requirements of the regulations and associated guidance notes have been achieved.

This can be achieved through the performance of a dedicated IA assignment or via other models which suit the firm (i.e. co-sourcing, or assisting the compliance function perform their activities).

Our track record and credentials

Through our dedicated teams in the UK:

  • PwC have been Invited to present oral evidence to the UK Treasury Select Committee for their inquiry into IT failures in 2019.

  • PwC are routinely selected by firms to conduct relevant Section 166 reviews for the UK PRA.

  • We have provided independent root cause analyses and post-incident reviews to Boards following major operational incidents including the majority of high profile failures in recent years.

  • Run Operational Resilience Exchanges, bringing firms of similar business models together to share learnings on their approaches to define business services.

  • We have supported the UK PRA in the development of Impact Tolerances in 2016.

Featured - 3 items

Rethink resilience

Four ways organisations can evolve for disruption

2023 Global Risk Survey

From threat to opportunity

Cyber Recovery

Bridging the gap between defense and recovery.

Contact us

Lalit Khatwani

Partner, PwC Gibraltar

Tel: 20066842 ext 308

Email

Jackielee Urrutia-Tinca

Director, PwC Gibraltar

Tel: 20066842 ext 317

Email
Follow us
About us About Gibraltar Offices Our people PwC in the community Corporate social responsibility Useful links Press Room
Industries Asset management Banking and capital markets E-business and the internet Financial services Insurance Other industries
Services Advisory Audit and assurance Business recovery services Financial reporting HR and payroll Tax Services Entity formation and administration
Opportunities Graduate training programme Summer internships Industry placement years whilst at university Working with us Experienced opportunities FAQs

© 2021 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.