What robust plans do financial firms currently have which can deliver critical services, regardless to the cause of disruptions? 

Whether the disruption is caused by cyber attacks, IT system outages, third-party supplier failure or even natural hazards, financial firms must be able to absorb and adapt from shocks and disruptions, rather than contribute to them.

Our client a major British bank, manages its affairs locally, with its own management team who are responsible for its performance. The bank was developing capabilities to improve operation resilience (OR) and embedding them into the organisation to address the regulatory requirements.

Wavestone developed an in-house OR maturity model, undertook an initial assessment, and established an on-going reviewing process for the organisation.

Wavestone’s services delivered the project in 3 stages

Wavestone developed a 5-level OR maturity model using our proven framework based on objective criteria and supporting evidence. It was specifically customised for our client to cover eleven key themes and had a tailored scoring mechanism. This provided our client with an ability to view their current maturity for each theme and set incremental objectives during ongoing assessments to achieve their target state.

Wavestone then independently assessed the bank’s current level of OR maturity by evaluating the evidence against the criteria in each theme in the model. We then scored each criterion based on the information provided (such as evidence missing / not met, type of evidence submitted). This gave our client a snapshot of their starting resilience position and the specific gaps and actions to be addressed to increase their maturity.

Wavestone developed a roadmap, governance, and reporting structure for our client to undertake their own future maturity assessments. This would enable the bank to continually improve their resilience through periodic assessments and also evolve their maturity model to support ongoing BoE/FCA regulatory requirements.

How we helped our client

Initially, the team agreed to develop an OR assessment model with 3 maturity levels. Our client subsequently requested a 5-level model that was more adapted to their need. Wavestone consultants’ agile way of working iterated additional maturity levels tailored to Our client’s specific terminology. This included additional aspects based on their ambitions and covered adjacent regulations (such as ICAAP).

Wavestone also faced a stakeholder availability challenge during the engagement, particularly for the maturity assessment. We pre-identified both theme owners and also deputies to work with. An initial workshop was then run to clarify any questions and gage where the stakeholders perceived the bank was in its maturity. We then requested evidence to pre-score each theme prior to review meetings to reduce the time required.

Results and key success factors

Wavestone developed pragmatic and unambiguous maturity levels, criteria, and evidence, that considered key regulations and industry best practice.

Our client was able to utilise a best practice maturity model that was tailored to their needs. It would help both materially improve their resilience and exceed their compliance with the PRA/FCA 2025 requirements. Our assessment also provided them with an objective, evidence based, independent view of where their current resilience was, with a clear roadmap of what was required to achieve their target.