Tuesday 29 June 2021

Operational resilience: how much to learn from Covid-19?

One of the questions in the mind of many CROs, COOs and NEDs is how much the industry has learnt from the response to Covid-19.  Crescendo Advisors survey of insurers’ lessons learnt highlighted that the industry has learnt a fair amount.  We have written a separate article about five practical lessons for the implementation of operation resilience for financial services (https://www.crescendo-erm.com/operational-resilience). 

But is there more to learn? To what extent can the industry claim ‘mission accomplished’ because continuity of service has been maintained during Covid-19? These are important questions, and the answer will shape the resources available to implement operational resilience.  

To consider these questions, think about the two main features of the challenge that Covid-19 represents for financial services:  

·       it was not characterised by a failure of IT system(s) but by a challenge of access to offices; and 

·       it was a generalised issue.

If you think of these two features, you can easily develop a grid of operational resilience threats – see below with some examples:

Type of failure vs. scope of failure

IT systems failure

Other business failure


Customer applications unavailable

Transformation project fails


Cloud operators fail








Covid-19 represents only one of various types of operational resilience threat for financial services.  It also hints that a different response might be needed to mitigate customer detriment such as remote access to IT systems in the case of Covid-19 and quickly restoring IT systems that have failed. 

So Covid-19 has allowed a good amount of testing of vulnerabilities.  Some of the lessons learnt, e.g. investing in crisis management, are likely to be transferable across the categories in the table.  However, maintaining an appropriate degree of resilience will require a wider consideration of the potential threats and responses.

Crescendo Advisors (www.crescendo-erm.com) is a boutique risk management consultancy.  We would be happy to discuss our findings from the Covid-19 lessons survey.  We can also support your efforts to both learn lessons from Covid-19 using the tools we developed and implement the regulatory requirements for operational resilience.

No comments:

Post a Comment