The situation presented, challenges
and opportunities
Perenna are in the process of applying for a UK banking licence.
Firms that want to become banks in the UK must be authorised by the PRA and FCA.
To achieve this a firm needs to be well governed with solid foundations and be operationally
resilient and ready to carry out the regulated activities applied for at the time of their
authorisation. This entails having reliable and scalable processes across all relevant areas including
technology, information security and third-party management delivering resilience.
In the first quarter of 2021, the regulators also issued their policy statements on Operational
Resilience. These require banks and other relevant institutions to prevent disruption to systems
occurring to the extent practicable; adapt systems and processes to continue to provide services
and functions in the event of an incident; return to normal running promptly when a disruption is
over; and to learn and evolve from both incidents and near misses.
Strategic direction and
recommended approach
To build a robust policy framework, processes and systems to meet business and regulatory
requirements and tight deadlines across a number of areas.
Xcina Consulting conducted multiple workstreams for this new applicant to the UK banking
sector assisting them in meeting their regulatory as well as business requirements, as part of the
process of building a resilient organisation and robust processes and systems which can be
trusted. Perenna wanted to set high internal standards to ensure they will be resilient when they
attain their licence and start interacting with customers.
How we arrived at the solution
Xcina Consulting designed, planned and executed a programme of work to support Perenna in
meeting the regulators’ latest operational resilience requirements as well as establish an effective
Business Continuity Management System aligned to the ISO22301 international standard.
The principal workstreams covered:
- Establishing the firm’s Information Security Management System (aligned to the
ISO27001 standard).
- Setting up its IT Service Management System aligned to the ITIL and ISO20000 standards.
- Delivering its Outsourcing and Third-Party Management framework in line with PRA, European
Banking Association (EBA) and business requirements.
- Conducting a full Business Impact Analysis across all business functions with the teams
at Perenna.
- Documenting the Business Continuity Policy and Strategy.
- Documenting relevant Business Continuity Plans.
- Identifying and mapping the Important Business Services to be managed within their
established impact tolerances.
- Carrying out Due Diligence on critical third-party providers.
Xcina acted as an extension of the Perenna team and supported them with documenting their
strategy for the above.
The value created and benefits to the
business in terms of improvements rolled out
and the impact of them (business growth
and position in the sector)
All of the above workstreams were completed within the agreed timescales as well as within
budget and fully met and exceeded Perenna’s expectations. The work with Perenna was very
collaborative, prompting interesting debates about how best to meet and exceed regulatory
expectations. There was clearly an interest from Colin and the team in finding the best solutions
rather than just leaving it to Xcina – it was and remains a very close working relationship. We felt
part of the team, immersed in the business and not like an outsider.
Some of the work we undertook centred around new and evolving regulations, and one of the
advantages of a new firm is that they can start with those standards, there was no adaptation or
remediation work to get to the new standards, so the process was very efficient. The work that
Perenna has done will put it in a strong position with its peers.
Case Studies >>
Podcasts >>
News and Blogs >>
Thought Leadership >>
