Header background

Three priorities for driving operational resilience in financial services in the U.K. using PRA SS1/21

Operational resilience has become a key goal in the financial services industry, especially in the U.K. with regulations such as PRA SS1/21. That’s because over the past several years, financial services firms have become more innovative in their use of technology. Digital trends such as open banking and embedded payments and their supporting cloud-native technology stacks have driven this resourcefulness.

However, these trends bring a level of complexity that can quickly overwhelm even the savviest of teams. 67% of CIOs in financial services say their environment’s complexity is too great for humans to manage.

For financial services firms in the U.K., the issue is particularly pressing because of regulatory concerns, such as PRA SS1/21. These regulations place demands on providers to meet key requirements to ensure the operational resilience and availability of critical financial services.

The three most pertinent requirements are the need for tracking impact tolerances, business service mapping, and testing critical services.

Operational resilience priority 1: Tracking impact tolerances

Regulations such as PRA SS1/21 demand a standardized approach to logging and reporting service interruptions. One approach to standardization from regulators and the industry has been using “impact tolerances” to track downtime. An impact tolerance sets a maximum threshold for service interruption, including the following:

  • Maximum length of time for service interruption
  • Maximum volume of disrupted transactions
  • Maximum value of disrupted transactions

To ensure that teams don’t exceed their impact tolerances, financial services firms need to find ways to log the performance of their services in real time. Observability solutions such as Dynatrace can help organizations do this by automatically noting and logging service disruptions as they happen. By defining impact tolerances as service-level objectives (SLOs), teams can then track their performance relative to the threshold.

The best way to avoid falling behind on impact tolerances is to act early using automated warnings. With an automatic observability platform, teams can receive alerts when the system has burned through the impact tolerance. As a result, teams can act well before reaching the threshold.

Operational resilience priority 2: Business service mapping

Regulations like PRA SS1/21 also require financial services firms to identify team members and resources they need to deliver their services. With this chain of responsibility, they can map out the degree to which team members and resources must be committed to guarantee they don’t exceed their impact tolerances.

Application mapping and visualization technologies such as Dynatrace SmartScape® can help with this task dramatically. Dynatrace automatically generates an interactive map of their applications and services, which visualizes the relationship between components, giving a clear view of all the dependencies among them.

Financial services firms can then marry this application map with the information they have on who “owns” each component. By combining this with their workflow management tools, team members can receive automatic notifications when an item they’re responsible for causes disruption. Critically, this allows financial services firms to plan ahead in terms of allocating people and resources throughout their stack to minimize the risk of operational disruption.

Operational resilience priority 3: Testing critical systems

Once financial services firms have established their impact tolerances and assembled a business service map, regulations like PRA SS1/21 require them to test the performance of their applications. As part of this, teams must routinely test their ability to remain within impact tolerances in severe but plausible disruption scenarios and drill their recovery and response arrangements to ensure they are effective.

The Dynatrace platform supports this effort by enabling teams to conduct synthetic monitoring and testing, which simulates the significant but plausible scenarios that financial services firms should be testing for. Testing using synthetic monitoring enables firms to fine-tune the parameters of individual tests. This fine-tuning means they can have permutations that account for every eventuality, leaving no stone unturned in identifying how their systems will behave in different scenarios.

Additionally, financial services firms can use a unified observability platform such as Dynatrace to obtain code-level detail from their tests. This detail enables DevOps and security teams to gain precise information on aspects of their applications that need to be hardened to boost operational resiliency.

An investment in SS1/21 compliance

Whilst it may initially seem cumbersome, the efforts that financial services providers invest in complying with regulations surrounding operational resilience, such as SS1/21, can pay dividends. Using a unified observability platform to accelerate and automate this compliance will have a significant impact on their ability to deliver seamless digital experiences, carving out a lasting competitive advantage.