Powered by high quality data
 

Powered by high quality data Local supplier data validation coupled with one of the largest global audit & assessment providers

Collaboration through communities
 

Collaborative communities Connecting buyers and suppliers across bespoke industry and geographical communities

Information at your fingertips
 

Information at your fingertips Access to accurate, up-to-date and verified supplier data and risk awareness for informed decisions

Hellios build bridges across supply chains
Supporting SMEs
 

Supporting SMEs Helping to support equal opportunities, value and development for small and local businesses

How compliant are your suppliers with legislation, regulation and corporate governance requirements? What unknown supply chain risks could cause operational and reputational impacts?

More

How is compliance with bribery and corruption legislation being effectively managed within your supply chain? Is your business exposed to potential legal action or reputational risk?

More

Slavery, servitude, forced labour and human trafficking, or ‘Modern Slavery’, is a growing global issue and exists in many industries in every region in the world.

More

The General Data Protection Regulation (GDPR) is the new EU regulation that will replace the 1998 Data Protection Act (DPA), coming into effect on 25thMay 2018. The UK Information Commissioner, Elizabeth Denham, has called it ‘the biggest change to data

More

How do suppliers comply with your CSR policies across labour standards, ethical sourcing, equality and diversity, SMEs, use of natural resources or conflict minerals?

More

How easy is it to access high quality, accurate and up-to-date information on suppliers? Is information instantly available online in a single system capable of alerting any key changes?

More

Improving operational resilience through collaboration Philip Foster, Managing Director, Hellios Information

9 May 2019

Following the publication of the Discussion Paper by the Bank of England and FCA last Summer, Operational Resilience continues to be a growing topic for all regulated Financial Institutions, and the challenge for Building Societies is no exception. There appears to have been some growth in the number of specific posts created for Operational Resilience over the past twelve months, indicating perhaps that FIs are recognising a need to take an holistic and business services-orientated approach, rather than the traditional approach of focusing on systems and processes.

Most recognise the complexity in the multiple challenges faced to ensuring operational resilience, and whilst managing these challenges within one’s own organisation is one thing, managing the same challenges in third parties is altogether another; let alone fourth parties and beyond.  The growth in technology and digital services has almost certainly compounded the issue, especially when one considers the sheer number of fintech start-ups in the past few years alone, upon which many FIs are relying to provide key services to their customers.

The successful management of third parties is being recognised as one of the most critical components of managing operational resilience, but for this to be truly robust FIs need to gain the same holistic insight into their third parties that they require within their own organisations, and there lies a challenge.  What information is needed about the third party to ensure the business service is operationally resilient?  How does one go about finding out this information and will third parties actually provide the information requested, particularly if to do so may be seen as a commercial risk to their business?  How is the information kept updated on a continual basis throughout the period the third party is being used?

The extent of the challenge can be illustrated in data collected from around 3,000 third parties to a group of almost 20 FIs, large and small.  Of those that provide services that need to be recovered in less than 2 hours, 90% have a Business Continuity Plan (leaving 1 in 10 that do not) and 30% are reliant on fourth parties.  Of those that do have a BCP, 88% test the plan at least every 12 months but only 24% test at least every 6 months.  On a slightly more positive note, 87% have a requirement in their policies to notify their customers of any incidents that impact the services provided.  It would appear from this and other data collected that there is still much more to do to ensure all third parties are operationally resilient.

One thing is for sure; all FIs are facing the same challenges to a greater or lesser extent.  It might be argued however that the smallest of regulated firms face a greater challenge as a result of their fewer resources and lower overall leverage over their third parties.  And this presents an opportunity; for FIs to collaborate in a common approach to having the insight they need into their third parties, leveraging a collective power whilst making things much simpler for their third parties at the same time, by allowing them to provide information once that can then be shared.

It can be argued that there is no competitive advantage of each FI managing this problem alone, and that collaborating with peers to pool knowledge and expertise, whilst perhaps gaining a greater and more consistent insight into third parties, can only be a good thing.

Linked In Twitter
We use cookies to help improve this website. Accept and close Find out more