Having business continuity arrangements in place is a long-established FCA regulatory requirement and the rapid onset of coronavirus presents a new conundrum for firms. Specifically, how to plan for something where the range of potential outcomes is so diverse.
Many firms have a documented business continuity plan in place and regular testing of this plan should also be commonplace. In addition, operational resilience (the ability to prevent, adapt, respond to, recover and learn from operational disruptions), of which business continuity is a key component, is a regulatory ‘hot topic’.
In July 2019, the FCA published its findings following a review of business continuity arrangements at certain financial institutions. The regulator found that although firms often take steps to build resilience to prevent events from occurring, they are less adept at anticipating events that will occur and in carrying out proper planning and testing.
So, where does coronavirus fit into this? When considering business continuity risk, which in turn drives continuity planning and testing, a common approach is to consider specific events in terms of probability of occurrence and impact, should the event occur. Neither of these can be anticipated with certainty at present regarding coronavirus.
One of the FCA’s recommendations from July 2019 is for firms to create and develop ‘playbooks’ that cover different potential scenarios with multiple impacts. In the context of coronavirus, this could range from minimal or no impact, through to having a significant proportion of staff members off sick and then finally, to a worst case scenario of mass fatalities/incapacitation and/or emergency measures that could restrict the movement of individuals in order to prevent the spread of the virus.
Firms should therefore elect to test their BCP arrangements, in the event of disruptions caused by coronavirus. For example:
- Has scenario testing regarding the possible disruption been conducted?
- Are senior management appropriately engaged with this initiative?
- For the relevant scenarios, is there a protocol for ensuring the successful enactment of continuity planning? Who are the key individuals responsible for this, and are they suitably senior/knowledgeable? Do staff members know what to do?
- Has key person risk been assessed?
- Is working from home a possibility for all staff members?
- Is it possible to set up conferencing facilities from home?
- What are the operational resilience plans of key service providers?
- What are the plans for communicating the enacted continuity planning to concerned parties, including clients and service providers?
- Could business operations continue in the absence of (certain) IT services?
- Is there an up-to-date phone directory that includes staff members and service providers?
Firms might also wish to take this opportunity to perform a wider review of the effectiveness of their operational resilience arrangements, including business continuity.
Robert Quinn Consulting
Robert Quinn Consulting is a boutique compliance consulting firm providing high-touch, high-value excellence to help firms build their business in a pragmatic and commercial way. We are fluent in most U.S. and European regulations and provide integrated compliance advice in a thoughtful way that our competitors do not.
We view ourselves as a partner in your business and as trusted advisor, we excel at going the extra mile to provide you with exceptional customer service. Our solutions are designed with your best interests in mind. With 10 years under our belt, our long-term clients and competitors alike will tell you, “Robert Quinn Consulting punches far above their weight.”
FCA Compliance (UK)
Let us help you efficiently manage your FCA authorisation and ongoing obligations with experienced consultants.
NFA / CFTC Compliance (UK)
We specialise in integrating your derivatives and commodities business into your European controls and procedures.
Senior Managers & Certification Regime (SMCR)
Let us help you save time and map out your firm’s key individuals and responsibilities under SMCR.
We can host your FCA regulated business and undertake your FCA and European obligations efficiently.
With ten years’ experience we can expertly translate all aspects of your SEC registration and ongoing U.S. obligations.
Compliance Training (UK)
Mitigate risk to your firm with our compliance training to become knowledgeable about U.S. and European regulation.