Importance Of Operational Resilience And Its Links To Consumer Duty
Operational Resilience was introduced by the FCA in partnership with the Bank of England and PRA with the rules being in force from 31 March 2022. The aim of the framework is to improve the operational resilience within the financial services industry and gives firms a transitional period of 3 years to develop their framework.
While the rules don’t directly apply to all FCA authorised firms, there are certainly lessons to be learned from the framework and rationale that sits behind the rules. Let’s consider the FCA’s rather unwanted but entirely warranted Christmas present to TSB Bank Plc (TSB) which demonstrates the harm that can be caused through Operational Resilience failings.
Since being acquired by Spanish bank Sabadell, TSB had been planning to migrate their IT systems onto its newly built Proteo4UK platform by the end of 2017. However, the migration programme experienced delays from the outset and fell behind project timings.
Over the weekend of 20 – 22 April 2018, TSB undertook the colossal migration to the new IT system. Following ‘go live’ of the system on 22 April 2018, significant issues arose which meant customers were unable to access their accounts. Data breaches occurred, digital banking platforms failed, and branch technology failed leading to issues with payment and debit card transactions.
These issues caused a tidal wave of customers trying to utilise telephone banking services which in turn became completely overloaded and resulted in long wait times, abandoned calls and technical issues with the overloaded telephony system. Customers turned to the branch network which resulted in long queues in busy branches where the IT systems were running slowly due to the ongoing IT issues.
TSB did not get back to BAU until 10 December 2018. Between 22 April 2018 and 7 April 2019, TSB received 225,492 complaints from customers (c4.3% of its customer base at the time of the migration). TSB paid a total of £32,705,762 in redress during that period and had extensive media coverage, regulatory involvement and parliamentary interest.
On 20th December 2022, the FCA and the PRA fined TSB Bank Plc (TSB) a total of £48,650,000 for operational risk management and governance failings. The FCA’s final notice can be found here and the associated press release is here.
While most firms are probably more confident in their ability to deal with operational challenges following the Covid-19 pandemic, it is important not to be complacent and overly reliant on this experience. Understanding your important business services and impact tolerances is not just an operational resilience requirement, but links heavily to the prevention of foreseeable harm under the Consumer Duty. So even if you are not directly covered by the operational resilience rules, you will be hard pressed to not gain benefits from following the framework of resilience measures. We will be developing a dedicated Resource Page on our website to support firms with operational resilience.