In a recent blog, the UK’s FCA strikes a frank and open tone: operational resilience is not a box-ticking exercise. This is a message that has been sent before, and we hear it again in this blog issued on 15th April 2025.

Operational resilience is business critical. The FCA’s blog Operational Resilience: Beyond Regulatory Raincoats, is a call to rethink risk, recovery and responsibility in the face of mounting geopolitical, technological and systemic stressors.

What is new?

While the UK’s operational resilience rules came into force in 2022, this blog marks a shift in how the regulator will now assess firms.

Firms should note the following areas:

Focus on real-world results:

Firms should be able to demonstrate that their resilience frameworks work under realistic stress, not just theory. This requires collaboration across a firm and externally where third parties are involved.

Put planning first:

Incidents are inevitable, what matters is how firms prepare, respond, learn and communicate. Raising awareness across the business enables firm to respond better.

Clarity about required actions:

There is a clear emphasis on actionable recovery, challenging firms to prove that their response plans would actually work in a crisis.

Make cultural changes:

Operational resilience needs to be seen as a strategic and cultural pillar that should shape decision making within a firm. Firms’ resilience strategy needs to be communicated and understood. People do not just respond, but understand why, and consider how their actions might impact your clients.

Why is this crucial? 

To find out more about identified weaknesses and practical steps. Click here: