Business resilience is the ability an organisation has to quickly adapt to disruptions while, maintaining continuous business operations and safeguarding people, assets and overall brand equity.
The challenge to build and maintain resilience differs geographically and by industry, both of which factors can have
a significant impact. However, fundamental questions around business resilience apply to most businesses, regardless of sector and region.
The boards of all regulated businesses are required to ask various questions of themselves each year, particularly in relation to ensuring good corporate governance. The crisis has radically altered the risk environment in which all businesses operate and which all boards must consider.
The impact is such that the questions typically considered by boards have changed. Consider some of these matters and how the pre-crisis questions need to change, given the new lens though which the world should now be considered.
- Do we have a BCP plan and do we have a Disaster Recovery Suite? Are we able to switch to an operating model where all colleagues can operate remotely?
- Has the board reviewed the latest Financial Resources Requirement (FRR)? Is the board comfortable that the FRR surplus is sufficient and how is it trending?
- Do we have Professional Indemnity (PI) insurance? Do we have Business Interruption (BI) insurance and do we understand the terms?
- Do we have appropriate persons in our prescribed positions? Is the Compliance Officer able to carry out his/her role effectively whilst unable to physically visit client offices?
- Do we have the appropriate level of information security within the business? Do we have the appropriate level of information security regardless of whether colleagues are working from within an office environment or from their homes?
In addition to these changed questions, there are some key areas that require a complete rethink.
- What are our top risks? These will have changed so an urgent review of the risk register and mitigating actions will be required.
- How does the crisis impact our operating model? COVID-19 has created an imperative for companies to reconfigure their operations and an opportunity to transform them.
Boards also need to consider how to satisfy their regulators that their key concerns have been effectively mitigated.
- Demonstrable ability to provide continuous service to customers
- Ongoing financial health
- Ability to continue to fulfil regulatory obligations, such as compliance testing
It is extremely unlikely that a pandemic of similar or more dangerous nature will not recur. Now is the time to heed these lessons and ensure that we have the ability, and resilience, to adapt much more quickly. Now is the time to build future resilience. Doing nothing, given this practice run, would be tantamount to a failure to discharge duties, with the consequent risks that entails.
We recommend 3 immediate changes required in most businesses:
- Businesses must understand the potential impact of this risk and the way in which it connects with operations means that a complete review of your risk register and mitigation plans needs to be undertaken by the board as soon as possible. Now, more than ever, board members need to be able to think in an adaptable manner.
- Contingency planning will need to sit at the very centre of the business to be discussed at board level and involve an overhaul of operating models. This cannot remain a typically formulaic, bureaucratic box-ticking exercise which is invisible at the strategic level.
- Part of the shift to a more digital model has been forced upon most businesses. Now is the time to maintain the pace of change and implementation of a suitable risk management platform is a good example which would allow remote operation in the normal course of business.
Aspida has been supporting clients throughout this crisis and continues to advise and support businesses as they work to shore up their defences and build their resilience. We are happy to give impartial, confidential guidance and support to boards at this time as they consider the issue of business resilience and work to build a more robust base for the future.