When does this need to be done by?
As outlined in our initial piece on Operational Resilience, the deadline for firms to meet the requirements is 31 March 2022. By that date, firms must not only have identified important business services, but also determined impact tolerances, conducted scenario-testing and documented their self-assessment. This means that they should aim to have identified their business services much earlier, in order to allow time to meet these other obligations.
With effect from 31 March 2022, both the FCA and PRA will require firms to review important business services, at the minimum, once a year (or whenever there is a material change to their business or the market in which they operate). This is required to ensure any emerging vulnerabilities are not overlooked. Firms only need to review their existing identification against changes to their business or operating model over the year (and the process is expected to be straightforward where there have been no material changes).