Re-cap: Operational Resilience Forum

Author: FinTech North · March 1, 2023

On Thursday 23^rd of February, FinTech North welcomed over 45 delegates from the Northern FinTech community to RSM’s state of the art offices in central Manchester for our Operational Resilience Forum, delivered in partnership with AccessPay and NCC Group Software Resilience.

Our first standalone event of the year covered operational resilience from a number of different perspectives, navigated how to mitigate risk for FinTechs and financial services organisations, highlighted the importance of having robust strategies to cope with any threats, and more, in an interactive and insightful l morning in sunny Manchester.

We were delighted to host a room full of industry professionals and operational resilience experts.

We’d like to say a huge thank-you to our speakers for sharing their expertise and for providing some high-level insight and views. A thank-you also to our amazing sponsors, AccessPay and NCC Group Software Resilience for making the event happen!

FinTech North have produced a write-up for you to re-cap on what was covered during the event.

We kicked the event off with Neil Pickles, Partner in Financial Services Risk Assurance at RSM, who welcomed delegates to their Manchester office, briefly shared a quick introduction and background to RSM before passing over to Joe Roche, Engagement Manager at FinTech North.

Joe welcomed delegates to the event, before briefly introducing FinTech North, our objectives, our impact in the sector and upcoming events. He then highlighted our FinTech marketplace, built in partnership with NayaOne, and encouraged delegates to fill in our Community Survey for 2023.

This flowed into our first speaker of the morning, Wayne Scott, Regulatory Compliance Solutions Lead at NCC Group Software Resilience.

Wayne began his keynote by introducing the importance of mitigating against supplier failure, service deterioration and concentration risk. He exemplified this by discussing the ship that blocked the Suez Canal, highlighting the importance of stressed exit plans that need to cover every eventuality. In the case of the ship, the worst-case scenario happened, and ended up accumulating billions of pounds in damages and missed trade.

Wayne outlined how to carry out and implement demonstrably successful stressed exit plans, which is to ‘establish legal right to access and use business critical information’ and to understand the importance of ‘knowledge transfer’ and ‘scenario testing’.

“You have to mitigate against your own failure.”

Wayne then shared what NCC Group Software Resilience has seen from several of their clients:

• Continued focus on cyber-security.
• Assumption that new regulation requires a new solution.
• Every FI recognises that they don’t have the necessary TPRM skillset in house – leads to a hiring spree.
• Failure to assign ownership of supplier failure, service deterioration and concentration risk at the highest level and outside of cyber
• Costly investigation and discovery process.
• FIs approaching regulatory for advice on SSEP.

And what NCC Group Software Resilience expects to see in the future:

• Cloud interchangeability
• Regulations to apply to the cloud providers and other critical third parties
• Standardisation of deployment processes
• Move away from “sticky” processes for FinTechs.
• Some suppliers will need to change how they deploy, deliver and update software.

Wayne then graciously passed over to our next keynote speaker, Martin Kisby, Director of Risk and Compliance at Equiniti – an organisation that Wayne told attendees are an ethical service provider and can certainly provide successful stressed exit plans.

Martin Kisby, Director of Risk and Compliance at Equiniti began with a background of the operational resilience landscape during Covid. Whilst acknowledging that it was unprecedented times, he shared that “Operational resilience plans weren’t good enough; the recovery plans didn’t work, the infrastructure wasn’t working and there wasn’t enough protection given to suppliers and consumers.”.

Martin accentuated the idea that Covid, naturally, has introduced a new way of working – the option to work from home is now generally considered the standard in most business practices, but with that, brings on board more risks to an organisation’s operational resilience.

“Can we have 200 people working from home? Do we have the infrastructure to deal with that?” 

Martin continued and discussed Equiniti’s Operational Resilience programme; a practical way of implementing Operational Resilience and meeting customer and regulatory requirements by improving resilience across the whole key supply chain of financial regulated processes.

He likened the idea of understanding a carriage engine to understanding operational resilience. ‘You need to know each key element of the engine works to ensure it runs smoothly. Know your component parts and do everything you can to keep the engine running smoothly – which will create a smooth drive for everyone!”

“Know where you are in the criticality of your Clients as a supplier to ensure that your plans are reflective and meet their operational needs.”

Martin then closed his keynote by noting some policy statement actions from the FCA.

• Identification of important business services
• Tolerances
• Mapping and scenario testing
• Exercises
• Communications Strategies

We then heard from Deborah Gillespie, Head of People at xDesign, who discussed operational resilience from a people perspective and the benefits of a values-based approach.

Deborah discussed the success of a values-based approach at xDesign, which has led to a 7% retention rate compared to a 23% industry average, consistent hiring through a ‘digital skills shortage’ and an NPS score of over 85%. She then shared ways in which you can implement this same approach in your organisation:

Care:

• Investment and development of team managers.
• Measure and prioritise retention.
• Have a wellbeing strategy and talk about mental health.
• Remote working.
• A culture of feedback.

Collaborate:

• Building an effective resourcing capability.
• Work hard together to avoid diluting the culture.
• Understand the impact of the full employee lifecycle.
• Always celebrate success.

Challenge:

• Diversity, equity, and inclusion.
• Regular learning from failure sessions.
• Regular reviewing of policies and contractual documentation.
• Partnering with clients who share our ethos.

Next up was Elly Savill, Senior Policy and Innovation Advisor at the City of London Corporation. Based in Guidhall, the City of London Corporation is the governing body of the Square Mile – London’s financial district – dedicated to a vibrant and thriving City, supporting a diverse and sustainable London within a globally-successful UK.

The corporation aims to contribute to a flourishing society, support a thriving economy and shape outstanding environments. The strategy is organised around four quadrants of activity, including:

• Attract – Attract capital, firms’ talent, and exports.
• Retain – Retain volume of capital, firms, talent and exports.
• Nurture Innovation – To offer the products and services that best serve the global market.
• Reduce frictions in the business environment and by increasing market access.

Elly then introduced the Cyber Innovation Challenge, which sits in the ‘Nurture Innovation’ quadrant of activity. The City of London Corporation, in partnership with the City of London Police are launching the second Cyber Innovation Challenge to advance the development of innovative tech solutions in the face of evolving digital threats. More information on this can be found here.

Our final speaker was Tom Livock, Head of Enterprise Sales at AccessPay. Tom joined us to discuss corporate-to-bank connectivity and how it can remove the risk of internal fraud and error.

He firstly outlined the most common methods to make payments/collections to banks, including Open Banking, outsourcing to a third-party provider and BACS software. He prompted the audience to share which method they utilised the most – which saw a variety of answers.

Regardless of this response, Tom shared that online banking isn’t always secure. In particular, efficiency, security and human error can lead to some problems that will affect your organisation’s operational resilience.

Tom walked us through the typically drawn-out process of making payments, before covering how to replace bank portals, cut out the middlemen and become more operationally resilient. Embedded corporate banking removes bank portals and subsequently removes more of the room for error. Fraud detection controls can also be implemented to improve operational resilience further.

We closed the event with an interactive panel discussion, chaired by Stefan Haase, Director of Whitecap Consulting and featured; Wayne Scott, Regulatory Compliance Solutions Lead, NCC Group Software Resilience; Deborah Gillespie, Head of People at xDesign; Tom Livock, Head of Enterprise Sales, AccessPay, Martin Kisby, Director of Risk and Compliance at Equiniti and Ruth Belchetz, Financial Crime Consultant at FinTrail.

The panel covered themes such as the cloud, supply chain resilience, scenario testing work from home, risk, the FCA, applications and processes and a cyber-security and financial crime perspective.

We also welcomed some great questions from the audience, including:

What are the difficulties you’ve faced when implementing a values-based approach whilst still hitting targets?

“Make sure you have a comprehensive on-boarding program and that new employees are adding value. Organic growth is important – you don’t want anything to be forced.” – Deborah Gillespie, Head of People, xDesign:

How did you go from ‘reactive’ to ‘proactive’ with compliance teams and the FCA, instead of waiting for something to happen?

“Lay it out simply, if you don’t do this right, you’ll be fined millions. I think it’s about maintain an open culture and continuing to talk.” – Ruth Belchetz, Financial Crime Consultant, Fintrail:

“Just never shut up about it! Regulators are listening, government are listening. Be a champion and keep on talking about it – you are right. If they’re not listening – I love saying I told you so.” – Wayne Scott, Regulatory Compliance Solutions Lead, NCC Group Software Resilience

Joe Roche then brought the event to a close; thanking the speakers for sharing their expertise and thanked the delegates for attending, before highlighting our upcoming events and a final push on our Community Survey 2023.

The Operational Resilience Forum was hosted in partnership with AccessPay and NCC Group Software Resilience.