Operational Resilience Should Be Motivated By Efficiency, Not Fines
The clock has struck midnight for the FCA’s operational resilience (OR) deadline – financial firms are now unavoidably required to remain within the right impact tolerances as close to March 31st, 2022, as possible, and no later than March 31st, 2025, or else they’ll face the wrath of the regulator.
While this compliance-based sword of Damocles is undoubtedly a powerful motivating force, it’s not necessarily one that encourages firms to see OR as more than a nuisance or threat – a chore to be carried out economically and begrudgingly for fear of substantial fines.
To put it another way: when acting purely on the basis of compliance, OR can feel motivated more by ‘stick’ than ‘carrot’.
Compare this to the project of achieving operational efficiency: a far more attractive proposition which animates many efforts to achieve cloud and digital transformation. We regularly work with clients who have spent seven- and eight-figure sums to proactively improve their efficiency, despite the challenges of outlay, implementation, and governance that such schemes invariably face.
At a glance, resilience and efficiency might seem like opposing poles in the quest for operational improvements, as grim-faced OR regulators demand audits, inquiries, and costly remediation plans – in stark contrast to the sunlit uplands we tend to associate with efficient practices capable of enabling business growth. In reality, however, OR and efficiency often go hand-in-hand – good resilience practices can improve efficiency, while moves towards greater efficiency can equally contribute to OR goals.
The dual benefits of an automated CMDB
The role played by a robust CMDB is a prime example of how resilience and efficiency are two sides of the same coin. CMDBs are databases that provide visibility over the different parts of your business processes; business applications and infrastructure, and the connections between them – including the various people, facilities, and technologies involved in each business process, not to mention the underlying cloud and legacy infrastructure underpinning it all.
Obviously, these tools – especially when automated to provide accurate, up-to-date information – can therefore play a big role in enhancing an organisation’s resilience: this level of visibility allows you to work out how a disruption to one part of the organisation might impact another – enhancing your ability to prevent, adapt to, and recover from operational disruptions.
CMDBs aren’t the be-all and end-all for OR, of course – like any tool, they require strong processes and governance – but it’s easy to see how well they fit into the landscape of resilience.
Crucially, however, CMDBs also have implications for the more obviously rewarding project of improved efficiency.
Gaining comprehensive visibility over your organisation’s infrastructure doesn’t just highlight vulnerabilities – it’s also an equally useful way to make better business decisions, spot opportunities for streamlining processes, and identify areas that would benefit from automation.
As such, while a robust CMDB might be an example of a tool acquired for the potentially unexciting reasons of compliance and business continuity, it also acts as a powerful springboard for new levels of efficiency and (by extension) growth.
Reporting, auditing, and ticketing
The subject of automation brings us to another example of the overlaps between OR practices and efficiency goals.
In the context of enterprise service management (ESM) platforms like ServiceNow, nobody needs to be persuaded that automation and artificial intelligence have huge utility – whether by eliminating tickets and allowing human workers to focus on more important issues or by quickly deploying applications without fear of human error. Obviously, these examples denote significant cost savings – but the same embrace of automation also has the potential to improve resilience.
We’ve leveraged automation in this context by, for example, using virtual agents to guide staff through potentially tricky compliance tasks, providing real-time reporting in ways that improve governance, and drive compliance audits through ServiceNow – helping organisations to manage the expectations of regulators. In other words, automation can sharpen up reporting and auditing to keep those all-important compliance standards up to scratch, while simultaneously enacting a host of cost-reducing measures.
The point, here, is that efficiency and resilience shouldn’t be seen as the ‘carrot and stick’ of operational improvement – they can be deeply entwined and mutually beneficial.
As such, achieving resilience shouldn’t be perceived as a banal exercise in regulatory box-ticking, but as an opportunity to improve processes, systems, and technology. Moves like automation are a case in point, allowing organisations to reduce costs, stimulate growth, and remain robust and compliant in a single gesture.
About the author: Adrian Overall is CEO of CloudStratex.