We kicked off by exploring why leading financial services firms are moving beyond simply ticking regulatory boxes. Instead, many are embedding resilience into their core strategies, making a compelling business case for long-term investment in this area.
Next, we examined the strategic considerations that can help shape and prioritise resilience programmes going forward. This opened a rich dialogue about how firms can evolve their approaches beyond the 31 March deadline.
A standout moment was our fireside chat with a regulatory subject matter expert, who shared invaluable insights into post-deadline expectations. The session wrapped up with a lively Q&A, where attendees raised some of their most pressing questions.
We also explored practical steps for shifting from framework development to real-world operational improvements, focusing on how to embed resilience into everyday business practices.
Overall, the seminar delivered timely, actionable insights and clear direction on where to focus next, particularly in the areas of resilience and supplier risk management.
As firms continue to deepen their resilience efforts, our work with clients has reinforced the importance of six focus areas. In the sections that follow, we explore each one in more detail.
Leading firms are building efficient operating models that embed the valuable progress made during the transition phase into day-to-day business operations.
Here's a summary of the characteristics of effective approaches we are observing leading firms adopting to optimise operating models and ways of working.
There is an increasing focus on managing the risks associated with third-party suppliers and outsourcing arrangements. Shifting from framework development to risk management.
Following March 2025, the emphasis shifts to maintaining tolerances, which necessitates refining metrics and reporting processes to effectively monitor and demonstrate operational resilience to both internal and external stakeholders.
Leading firms are focusing on several key areas to gather a broader range of metrics that support more effective monitoring of resilience.
The financial services sector has faced significant challenges over the past year, with failed technology upgrades and severe cyberattacks exposing ongoing vulnerabilities. Effective technology deployment and cyber risk management remain crucial for building resilience, highlighting the urgent need for strategic investment to prevent widening resilience gaps.
Leading firms through recent self-assessment submissions and ongoing board discussions are advocating for and securing the necessary investments. They recognise that sophisticated solutions and emerging technologies present opportunities to better predict, prevent, and respond effectively and cost-efficiently to disruptions. Coupled with the implementation of targeted cyber interventions to strengthen defences.
Based on insights from our work, leading firms are adopting some effective approaches to enhance their technology and cyber resilience.
At our recent operational resilience event, we posed the following questions to a key stakeholder from the regulator.
We all initially hoped to hear confirmation that we had conducted enough testing to reduce our efforts in this area. However, as the discussion progressed and we listened to the responses to various questions, as well as further testing-related conversations throughout the day, it became clear that the sense of testing fatigue we currently experience, stems mainly from a few key issues. These issues include the repeated use of the same testing technique (i.e., tabletop exercises), conducting tests in isolation across interrelated disciplines while requiring the same stakeholders to participate, and limited external participation.
So, how are leading firms overcoming this challenge and mitigating the risk of testing fatigue? We have observed some practical approaches.
Testing remains the most effective way to assess your response capabilities, and the more you invest in it, the greater assurance you will have that you can respond to disruptions and reduce the likelihood of breaching tolerances.
Ensuring there is a dedicated and well-funded remediation programme that targets critical vulnerabilities to enhance the resilience posture, complete with a clear path to resolution.
Building on the themes explored during the seminar, we continue to spotlight six core focus areas that have been consistently emerged through our work with leading firms across the industry. These areas remain central to helping organisations shift from regulatory compliance to building true operational capability.
We’re seeing a clear trend: forward-thinking organisations are doubling down on resilience, particularly in the six focus areas we covered during the session. Over the coming months, we’ll be hosting targeted webinars and working sessions to deep dive into each of these areas.
If you would like to explore how we can support your organisation, whether in one of the six focus areas or in other aspects of operational resilience, please don’t hesitate to get in touch.
For more information, please contact Keegan Gwendu or your usual Crowe contact.
Insights