Today sees a quiet, unmarked, unremarkable deadline for a huge number of businesses. It may be unnoticed, but it is a huge signpost for our collective futures. Tomorrow the clock starts on making sure we embed the seed change that keeps our customers resilient. So what is it all about?
March 31st is the deadline for compliance with the next generation of iterative improvements in resilience, with increasing familiarity, the UK leading the way. As is becoming the norm financial services are the early adopters with manufacturing, health care and supply chain just a hairs breath away in catching up with this new 'high watermark'
So let's look beyond that, and horizon scan, to see how this is likely to effect the rest of us wherever we are today. Europe are already drafting legislation for regulated entities. The US is running several government consultations in preparing a lean business approach and Asia has already released frameworks - everyone considers this just good business practice. If that is so, what is the essence? What’s the breeze?
Well, the last decade has seen several high customer impacts, high news coverage incidents, massive toxic social media commentary as consumers have suffered. It's not just been unfortunate for those key fortune companies that have had their imperfections exposed. Our increasing 'just in time' economies have developed intolerances to these impacts that have had wider repercussions in wider respective industry markets. These bigger ripples in the economic pond have become a social media surfers real 'anti-cranker'.
Governments, institutional industry bodies and regulators have come together like actuaries to surgically review a number of common causes that look to have similar symptoms to each acute crisis.
Whilst they don't always flow in the same direction there are some common pathways – including a lack of resilience in important customer facing services, a disbelief and unpreparedness that 'what if' really will happen, together with an over dependency on critical service providers.
2021 saw the introduction of demands to make sure processes were identified and made resilient. The need to address certain failures rather than opinionated risk. The ability to be able to survive and continue in the event of the loss of a crucial supplier.
No mean feat for any business and that's why there is a two-stage approach to getting this right. Phase One ends tonight, the need to identify all those elements that are in scope which could hurt your customers. Phase Two starts tomorrow with a year plus to ensure everything you have identified has remediation to make it fully resilient. Word like 'Plausible Scenarios', 'Validated Scenario Testing' and 'Business Wide Resilience' are already dropping into new business board room dictionary.
If you are in the vanguard of health care, manufacturing and financial services you will know this already. Your challenge is now to identify the component parts over the next few years and find alternative operating methods which will provide your Boards and Regulators with comfort. There is a need to do this simply, swiftly, deftly and simply. Combining this with elements like Crisis Management, Incident Control and Cyber Security have supercharged response whilst lowering resource needs. So what about everyone else?
Sitting here writing this in the Channel Islands today, with our significant financial services industry, our local regulators in Jersey and Guernsey are already poised to follow this lead. So are many other jurisdictions both onshore and off. The list is growing.
If that's not you today, well thats ok, but stay informed. Keep a weather eye on the horizon. These things are coming and sooner than we expect as we see industry bodies, associations and institute's join the language. Why? It is just good business practice.
Angus Preston is a specialist consultant in security and intelligence, cyber management control. He writes and briefs regularly for Armstrong Resilience on emerging practices and business intelligence. Angus is a former Director of Intelligence Services with over thirty years' experience in covert coordination.
Comentários