One of the questions in the mind of many CROs, COOs and NEDs is how much the industry has learnt from the response to Covid-19. Crescendo Advisors survey of insurers’ lessons learnt highlighted that the industry has learnt a fair amount. We have written a separate article about five practical lessons for the implementation of operation resilience for financial services (https://www.crescendo-erm.com/operational-resilience).
But is there more to learn? To what extent can the industry claim
‘mission accomplished’ because continuity of service has been maintained during
Covid-19? These are important questions, and the answer will shape the
resources available to implement operational resilience.
To consider these questions, think about the two main features of the challenge that Covid-19 represents for financial services:
· it was not characterised by a failure of IT system(s) but by a challenge of access to offices; and
· it was a generalised issue.
If you think of these two features, you can easily develop a
grid of operational resilience threats – see below with some examples:
|
Type
of failure vs. scope of failure |
IT systems failure |
Other business failure |
|
Idiosyncratic |
Customer applications unavailable |
Transformation project fails |
|
Generalised |
Cloud operators fail |
Covid-19 |
So Covid-19 has allowed a good amount of testing of
vulnerabilities. Some of the lessons learnt,
e.g. investing in crisis management, are likely to be transferable across the categories
in the table. However, maintaining an
appropriate degree of resilience will require a wider consideration of the
potential threats and responses.
Crescendo Advisors (www.crescendo-erm.com) is a boutique risk management consultancy. We would be happy to discuss our findings from the Covid-19 lessons survey. We can also support your efforts to both learn lessons from Covid-19 using the tools we developed and implement the regulatory requirements for operational resilience.
