Rethinking resilience: It’s simply good practice, not a regulatory compliance exercise

COLUMN – OLAF RANSOME | Resilience. What does it mean in the post-trade world? Is it important?
Through a series of six column contributions with PostTrade 360° this year, banking operations veteran Olaf Ransome will be digging into the topic – to help us understand its meaning under changing rules, and get adequately prepared. Join him to get there … starting right here.

In a series of six column contributions with PostTrade 360° throughout 2024, banking operations veteran Olaf Ransome digs into the topic of operational resilience – to help us understand its meaning under changing rules, and get adequately prepared. Find his articles listed here.

A definition is always a good place to start. The Oxford English Dictionary is helpful:

Advertisement

resilience, n.
The quality or fact of being able to recover quickly or easily from, or resist being affected by, a misfortune, shock, illness, etc.; robustness…

A real-life example is easy to imagine for me. I am a fan of Liverpool FC. This season (23/24), as of Jan 3^rd, they have won 24 of their 45 points from losing positions. They have a great ability to recover from “misfortune”, or in other words, things not going according to plan. 

We all know that in any business, like with Jürgen Klopp’s teams, a) we need to have a plan, b) failing to plan is planning to fail and c) the plan never survives the first contact with the enemy. 

Inspiration for this series of articles is function of three things. First, the desire to talk about resilience as a principle of how to run operations day-to-day rather than a thing we do to get a tick in the regulatory box. Secondly, because over the 2023 Christmas break, as I was sitting on a ski-lift my goddaughter was telling me about all the work she was doing on policies at a new FMI, and I had to tell her that without breaking that down to procedures and checklists, that work was not that helpful for running the business. Policies get you a tick in regulatory and statutory boxes. Thirdly, because some great friends of mine coined a phrase that I think captures the essence of what a well-run operational set-up in a financial institution (FI) translates to in terms of how days go: “Reassuringly Boring”.

“Reassuringly Boring” means that even if the day did not go according to plan, Plan A as it were, whatever else happened, you had a “back-up” plan for it and were able to execute that plan. You recovered quickly and finished the operational day as you normally would. In German we have a wonderfully rich term for this: Tagfertig. Loosely: the day’s work is done.  I’ll have dubbed this: “Reassuringly Boring, the regular Ops day law^[1]”.

The animal kingdom can help us here. We all know about the “elephant in the room” challenge. We all know something needs addressing, but we just don’t do that. Then when things do go wrong, we are apt to talk about “Black Swans”, i.e. something totally unexpected. This makes it too easy; we know things will go wrong. Even just asking somebody in the operations area of a financial institution: “What are the 10 most likely things to wrong each day?” is a good start. Actually, rather than being Black Swans they are Grey Rhinos; known quantities and something we are likely to encounter. 

Our regulators understand this. The Basel Committee on Banking Supervision, the BCBS, has laid out some Principles for Operational Resilience (POR) and the revised Principles for the Sound Management of Operational Risk (PSMOR). Their latest report on progress in those areas is worth a read. I’ll dig deeper on those in a future report. For now, let’s accept that the ante is being upped and we should (in the terms of Monty Python) “expect the Spanish inquisition”. 

Right now, FIs may not have to do anything specific around resilience, but they can choose to. I would make the case that being proactive is a good investment. I named my firm 3C Advisory. The 3Cs are Control, Capacity and Cost. If you have good control, you have capacity and can reduce costs. 

My number one recommendation to anybody working in day-to-day operations at an FI is to ask them a series of questions:
1. “Do you know what is normal for your business?” Volumes, transaction sizes, exceptions and the like.
2. “How would you know in real-time whether things are normal today or not?”
3. “Do you have the capabilities to manage your business on both a normal day and an exceptional day?”

Capabilities are a function of processes, people and tools^[2]. Process brings me back to my ski-lift conversation with my goddaughter. In an FI, policies are the highly visible thing. All over the intranet, probably with some HR-driven annual “I have read the policy” tick-the-box exercise. A policy is about what should be done. Right now, down at the coalface, a policy document is about as useful as a chocolate teapot. What matters right now is how to do it and if it has been done. Doing that well requires breaking that what down to procedures and checklists. You need both those things.

On any one day, you have well trained staff on the job; they know what to do and get it done. Whilst your team may know where it is up to, the organisation should not be left to guess whether progress is according to plan. Or the team may be in several places. To mark and measure progress through the day you need a checklist, which is ticked off as things are done. “As they are done”; I have caught many an outsourcing team just doing an end-of-day eyeball like check: “Team, have we done everything?”, “Yes boss!” 

The procedure is there for when you need help at step #17. It needs to cover two dimensions: Plan A of what to do when things are normal, and Plans B & C describing what to do when things don’t go according to plan. With that done well, you should be able to jump from checklist to procedure at the click of a mouse button. I preach this, because there is a “reliability trap”; as you tune your operations, if you have done things well, there will be fewer outages and longer time gaps between them. I would bet some of my money that when you have a problem, 95 percent of the time, two things will be true: first, the person with the problem is not the same person who had the problem the last time, and second, nobody will remember how you solved the problem the last time. 

We also need to talk about the people aspect. Years back, as teenager, finances forced me to work part-time at McDonald’s. Those folks are brilliant at process. They have a strict process for everything. They train each process and support it with the right tools, so they are not affected by staff rotation and turnover. I would argue that things in FIs are often, though not always, more complex than making a Big Mac and based on that, I would offer the view that your procedures need to be sufficiently detailed and easy to follow that a competent Ops person, i.e. with some experience, could follow the procedure and get the many steps during the day.

For those with an interest in good stories, or those who like to hear that Goldman Sachs staff are mortal, I recommend this read from a previous post of mine. An early lesson which shaped my thinking.

In future posts, I’ll share some thoughts on design as it relates to the operational tools in FIs and also do a deeper dive into the resilience regs. 

Referring to himself as The Bankers’ Plumber, Olaf Ransome is founder of 3C Advisory LLC – drawing on decades of senior operational experience from large banks. To connect, find his LinkedIn page here.

^[1] I am indebted to two great friends for helping me shape this idea; Nick Orchard, my colleague for a number of years at Credit Suisse where we set up the CLS business for FX settlement, and Alan Butterworth, who was our Relationship Manager at CLS. When my friends talked on the phone they would use this term to affectionately describe a day that worked out exactly as planned, with no surprises.

^[2] Or systems. I prefer tools.