Operational Resilience

Regulatory Wrap Episode 50: Wrap of the Year – the Top Compliance Stories of 2024

In Regulatory Wrap for the week to December 13, Jennie Clarke and Rob Mason recount the most notable developments over the course of 2024.

Operational Resilience within financial services

A seismic outage for TSB Bank led to fines of £48 million for operational risk management and governance failures in 2022. Upon acquisition, the bank attempted to transfer its data between systems over the course of three years. And while the data transfer was successful, the system switch led to severe in-branch errors, with many customers also locked out of their online accounts.

Article

Computer Security Day: The role of leadership in protecting data

This Computer Security Day, it is important to recognize that strong leadership drives effective cybersecurity and ensures regulatory compliance.

Regulatory Wrap Episode #47: Learning from the CrowdStrike Outage

In Regulatory Wrap for the week to November 8, Jennie Clarke explores regulatory stances on operational resilience, especially in light of the CrowdStrike incident in July.

What does the CrowdStrike outage teach us about operational resilience?

The historic IT outage that affected 8.5 million Microsoft Windows devices is a cautionary tale about the need for stringent operational resilience testing and planning, especially as regulatory expectations continue to rise.

Getting priorities straight – Key takeaways from the SEC’s 2025 Examination Priorities

The SEC’s 2025 Examination Priorities continue trends seen throughout 2024. However, in line with developing interest areas, there is an increased weight placed on topics like AI and operational resilience.

Non-financial risks

For some compliance officers, risks are like heavy and dark clouds waiting to rain on the business. While some risks may never occur, it’s their responsibility to ensure you pack-a-mac, and put a plan together if the rain comes down.

Article

Stand the resilience test – OSFI adds to the operational resilience conversation

In line with measures other regulators have taken, OSFI released its final Guideline E-21 on operational risk and resilience, which outlines expectations for firms to prepare for and respond to disruptive events that could affect business operations.

Now you see it, now you don’t – How to overcome the compliance risks of ephemeral messages to meet DOJ guidance

The Department of Justice (DOJ) has made it clear that it expects organizations to have plans in place to manage the increased use of disappearing messages. We explore the compliance implications of ephemeral messaging and set out five key steps to both mitigate risk and meet DOJ obligations.

Down, not out – What happens when service providers go dark?

The recent CrowdStrike outage affecting over 8.5 million Microsoft Windows devices and causing worldwide disruption has raised questions around how firms can ensure their operational resilience can withstand critical service providers ‘going dark’.

SUPPORT 24 Hour