Specifically in relation to the financial services sector, Operational Resilience is the ability of firms, financial market infrastructures and the financial sector as a whole to prevent, adapt and respond to, recover and learn from operational disruption.

In today's ever-evolving business landscape, building operational resilience is paramount for organisations to withstand unexpected disruptions, adapt to changing circumstances, and maintain essential functions. Whether the challenges stem from natural disasters, cyber threats, economic volatility, supply chain disruptions, regulatory changes, or global health crises, operational resilience minimises downtime, financial losses, and reputational damage. It ensures business continuity and enhances an organisation's competitive edge.

We've outlined our six key considerations crucial for establishing operational resilience within your organisation…


1. Think Strategic Goals & Outcomes

A firm's approach to operational resilience should be closely linked to its vision and strategic goals strategy for several key reasons…

First, aligning operational resilience with the company's vision and strategic goals ensures that resilience efforts are not just reactive measures to crises, but are proactively integrated into the company's long-term goals and objectives. In software development, this is often termed ‘shifting left’ or in other words, building resilience into the design of an operation, function, or business capability. This integration helps in prioritising resources and investments in resilience in areas that are most crucial to the company's strategic objectives. It also ensures the focus on operational resilience is driven top down, from the Board, Leadership team though to all operational team members.

Secondly when resilience capabilities are aligned with the firm's vision, it enhances the company's ability to adapt and evolve in the face of changing market conditions and unforeseen disruptions. This alignment also promotes a culture of resilience throughout the organisation, ensuring that all levels of the company understand and contribute to resilience goals, which in turn supports the overall strategic direction of the firm.

In essence, linking operational resilience to vision and strategy is fundamental for sustainable growth, competitive advantage, and long-term success in an increasingly complex and uncertain business environment.


2. Identify Plausible Threats & Risks

We have our vision and strategic goals. So, we know where the ship is heading but have we taken time to identify the plausible threats and risks which could veer us off course?

Identify and assess all plausible risks and vulnerabilities that could impact your operations. This includes natural disasters, cyber threats, supply chain disruptions, regulatory changes, or global health crises. Once these risks are identified, it is crucial to develop a comprehensive risk management strategy.

To develop a comprehensive risk management strategy, start by prioritising identified risks based on their potential impact and likelihood. Then, implement a combination of preventive measures and contingency plans. To remain resilient in the face of evolving threats, regularly review and update your strategy, fostering agility and adaptability for the long-term sustainability of your organisation.


3. Business Impact - Important Business Services

Understanding the important business services, critical functions and processes within your organisation is the foundational step in building resilience. To achieve this, conducting a comprehensive business impact analysis is essential because it provides a clear understanding of how downtime or disruptions in key areas would impact your business operations, financial stability, reputation, and customer relationships. This analysis also helps with prioritising resilience efforts, allocating resources efficiently, and developing tailored strategies to mitigate risks.


4. Business-Aligned Technology

With technology moving at rapid pace, the operational resilience of an organisation can be undermined quickly by vulnerabilities in its use and management of technology. It’s important that organisations establish clear alignment between its strategy, business objectives, important business services and the supporting technology. Impact tolerances should be identified to ensure there is appropriate understanding of the current and expected levels of resilience e.g. how long could we last before there is significant harm to us or our customers because of a service / technology not being available?

Using this approach, business leaders can take more effective risk based and commercially driven decisions on where and how to invest in technology. Every pound or dollar spent should therefore support agreed business objectives or support risk reduction.


5. Understanding Your Supply Chain

We now rely on third parties and suppliers more than ever. They are a critical component in our delivery capability. Supply chain resilience is a critical consideration in building operational resilience because it directly impacts an organisation's ability to maintain consistent business operations. In an interconnected global economy, disruptions can occur at any point along the supply chain. Ensuring the resilience of the supply chain involves assessing and mitigating risks, creating continuity plans, and optimising processes to adapt to unforeseen challenges. A resilient supply chain not only helps an organisation withstand disruptions like natural disasters, geopolitical shifts, or pandemics, but it also safeguards against financial losses, maintains customer trust, and supports overall business continuity.


6. Employee Resilience

Your employees play a vital role in establishing a resilient organisation but also supporting in recovery during disruptions. Resilient organisations are built upon the foundations of resilient individuals and in turn, resilient teams. Take time to invest in activities which support the growth and development of your colleagues to become more resilient. Establish safe environments and practices which allow individuals and teams within your organisation to build ‘muscle memory’. Additionally, fostering a culture of resilience and awareness, where employees are aware of their roles and responsibilities during disruptions, promotes early detection of issues which reduces the overall potential impact.

Contact us today to discover how our Crisis & Business Continuity Management service enhances your operational resilience by immersing key personnel in role-play scenarios, empowering them to effectively respond to security incidents and safeguard critical systems against potential threats.



While these are essential considerations, keep in mind that operational resilience is an ongoing process. It requires constant monitoring, assessment, and adaptation to address emerging threats and challenges effectively.

It is the responsibility of each individual organisation to consider how operational resilience applies to their business and the customers they serve - there isn’t a one size fits all approach.

By investing in operational resilience, organisations can secure the trust and confidence of investors, customers, and employees, positioning themselves for long-term sustainability and success in a rapidly changing world.


If you are looking for additional support or guidance in this area, please reach out to our knowledgeable team.

Subscribe to our quarterly newsletter 



Also see...

Change Portfolio Governance: Is Your Change Portfolio Really 'Green'?

If you're a change leader with responsibility for change portfolio management, Head of Internal Audit (HOIA), Chief Risk...

Regulatory Oversight, PRA ‘Dear CEO’ Letters – IT Change and Outsourcing

If you're a Head of Internal Audit (HOIA), Chief Risk Officer (CRO), Board member (incl. Non-executive Director), Audit ...

DORA Explained & How to Ensure Compliance

On 27 December 2022, the Digital Operational Resilience ACT (DORA) was published in the Official Journal of the EU. The ...