Risk Management Consulting
 
 
Xcina Case Study

Foreign Bank in UK seeks help with Operational Resilience

Strategic Partner Supporting Client with Business Continuity Assessment and Scenario Testing

The Challenge

The client is a foreign bank with a subsidiary in the UK. 

Highlights and key components of the engagement

Internal Audit requested an independent audit of the Bank’s compliance with PRA and FCA (PS21/3) operational resilience requirements.

 

Methodology and Approach

Our role was to conduct an independent audit focusing on the following aspects:

  • Governance & Oversight: Examining the effectiveness of governance and oversight mechanisms in place, including roles and responsibilities, policies, reporting lines, and escalation procedures.
  • Identification of Important Business Services: Assessing the Bank’s ability to identify and prioritise critical business services essential for maintaining operations and serving customers.
  • Identification and mapping of supporting resources: Review the Bank’s processes for mapping dependencies, including technology systems, third-party providers, and key personnel, to understand potential vulnerabilities.
  • Risk Assessment: Evaluating the Bank’s risk assessment process to identify potential threats, vulnerabilities, and scenarios that could disrupt operations.
  • Setting of Impact Tolerances process for Important Business Services.
  • Regulatory Compliance: Ensuring the Bank complies with the UK regulatory requirements.
  • Scenario Testing Strategy and Results. Review and assess documentation, coverage, lessons learnt, etc.
  • Self-assessment: Ensuring the Self-assessment contains adequate documented evidence to provide assurance to the Board on the Bank’s operational resilience readiness and to allow for sign-off.
  • Continuous Improvement: Reviewing processes for identification, monitoring, measuring, and improving operational resilience over time. This includes identified gaps, lessons learnt from past incidents and industry best practice.
  • Internal and external communication strategies.

 

Results and Outcome

We provided the client with a detailed audit report highlighting gaps and areas for improvement.  Our report enabled the client to implement an action plan to remediate the findings and strengthen its regulatory position.

 

What This Means for You

Whether you are at an early stage of your Cyber Resilience journey or looking for continuous improvement, Xcina delivers:

  • Independent benchmarking assessments against leading cyber resilience frameworks such as PS21/3, PS24/16, NIST, CAF, ISO27001, NIS2, DORA and TSA, identifying areas for improvement
  • Expert advice on complex security, resilience and certification issues and best practices
  • Pragmatic implementation assistance to help strengthen your security and resilience posture
  • A long-term partnership and ongoing assistance throughout your journey, not just a point-in-time assessment

To find out more about how we can assist you, please refer to our Regulatory Compliance Consulting Services and Solutions at https://xcinaconsulting.com/services/regulatory-compliance/

 

 

 

 

Industry and sector:

Financial

Solutions and service area:

Xcina’s objective:

To provide an independent audit of the bank's compliance with PRA and FCA (PS21/3) operational resilience requirements

We’d love to hear from you

We have a strong track record in providing risk advisory services with a focus on governance, regulatory compliance, conduct and culture, data protection, and third-party assurance. We help organisations successfully address governance, risk management and compliance challenges.

To discuss how the areas highlighted in this case study, or any other aspect of risk management, information governance or compliance impact your business, speak with our team, tell us what matters to you and find out how we can help you navigate complex issues to help you deliver long term value.

If you have any questions or comments, or if there’s anything you would like to see covered, please get in touch by emailing Xcina Consulting at info@xcinaconsulting.com. We’d love to hear from you.

Lindsey Domingo

Senior Director

Speak to me directly by Email, or
Telephone: +44 (0)203 745 7826

Lindsey Domingo

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>