error
Subscriptions are not available for this site while you are logged into your current account.
close
Skip to main content
Submit RFP

      The regulatory landscape for operational resilience has evolved into a truly global imperative. What began with the UK's groundbreaking regulatory framework has now expanded across Europe, North America, Asia-Pacific, and beyond. Financial institutions operating across multiple jurisdictions are grappling with an increasingly complex web of requirements – each with distinct terminologies, timelines, and expectations, yet all driving toward remarkably consistent outcomes.

      simran-singh
      Simran Singh

      Director - Operational Resilience, KPMG in the UK

      KPMG in the UK

      The challenge: Diverse regulations, common purpose

      While regulatory terminology varies significantly across jurisdictions – the underlying regulatory objectives remain strikingly aligned. Regulators worldwide are focused on:

      • End-to-end service delivery resilience

        Mapping complete value chains to understand dependencies and potential points of failure across the entire service delivery ecosystem.

      • Rigorous testing and response capabilities

        Ensuring firms can demonstrate their ability to respond to and recover from severe disruptions through comprehensive scenario testing and validated recovery plans.

      • Enhanced third-party risk management

        Maturing operational risk capabilities with intensified focus on third-party dependencies, particularly critical technology providers and concentrated service arrangements.

      • Mitigating systemic risk

        Protecting customers from harm while safeguarding financial stability and maintaining market integrity during operational disruptions.

      • Senior management accountability

        Embedding governance structures that ensure executive-level ownership, investment, and oversight of operational resilience capabilities.

      This convergence of regulatory intent, despite divergent approaches, creates both a challenge and an opportunity for global institutions.

      The strategic imperative: From compliance burden to competitive advantage

      Forward-thinking institutions are recognising that operational resilience represents far more than a regulatory compliance exercise – it is a strategic imperative that directly impacts five critical business outcomes:

      • Customer centricity

        Maintaining service availability and quality during disruptions strengthens customer trust and loyalty in an increasingly competitive marketplace.

      • Resilient service delivery

        Building robust operational capabilities ensures business continuity and protects revenue streams during adverse scenarios.

      • Response and recovery excellence

        Developing sophisticated incident management and recovery capabilities minimises financial impact and accelerates return to normal operations.

      • Global brand and reputation

        Demonstrating operational reliability enhances market credibility and differentiates firms in a landscape where operational failures receive significant public scrutiny.

      • Competitive advantage

        Organisations that embed resilience into their operating models can pursue growth opportunities with confidence, knowing their infrastructure can support expansion and innovation.

      Yet despite this clear strategic value, many organisations are undermining their own success through fragmented implementation approaches.

      The pitfall of fragmented implementation

      Many global firms are falling into a costly trap: establishing separate operational resilience programmes for each jurisdiction in which they operate – effectively creating five, six, or even more parallel programmes within a single organisation. This fragmented approach creates significant challenges:

      person_search

      Resource inefficiency

      Duplicating efforts across multiple programmes diverts limited specialised resources and inflates implementation costs.

      psychology

      Operational complexity

      Managing disparate frameworks, methodologies, and governance structures across jurisdictions creates unnecessary complexity and coordination burden.

      airline_stops

      Inconsistent outcomes

      Different interpretations and implementation approaches can result in capability gaps and uneven resilience across the organisation.

      analytics

      Missed strategic value

      Viewing operational resilience purely through a compliance lens prevents organisations from realising its full strategic potential.

      The solution: Building an enduring integrated resilience capability

      Rather than pursuing jurisdiction-specific compliance programmes, leading institutions are developing integrated operational resilience capabilities designed to serve their entire global footprint. This integrated resilience approach delivers multiple benefits:

      • Regulatory efficiency

        A well-architected global capability can flex to meet jurisdictional nuances while maintaining a consistent core framework. By mapping requirements across regulations and identifying common elements, firms can build once and deploy across multiple markets, adjusting for local variations without rebuilding foundations.

      • Common operating language

        A consistent group-wide service taxonomy provides the foundational language for operational resilience across the organisation. This shared taxonomy enables firms to identify and classify critical services consistently across jurisdictions, map dependencies at a global level, and establish coherent governance frameworks that work across the entire enterprise.

      • Sustainable operating model

        An integrated approach embeds operational resilience into business-as-usual operations rather than treating it as a compliance project. This creates enduring capabilities that evolve with the business and remain effective beyond initial regulatory deadlines.

      • Holistic risk management

        Viewing resilience through a global lens enables organisations to identify cross-border dependencies, concentration risks, and systemic vulnerabilities that jurisdiction-specific programmes might overlook.

      • Strategic business enablement

        When operational resilience is embedded as a core capability rather than a compliance overlay, it becomes an enabler of business strategy – supporting expansion into new markets, adoption of emerging technologies, and pursuit of transformative initiatives with confidence.

      Key considerations for building an integrated global operational resilience capability

      Organisations embarking on this journey should focus on several critical elements:

      • Harmonised frameworks with local flexibility

        Develop core methodologies, taxonomies, and governance structures that can accommodate jurisdictional variations without requiring fundamental redesign. This includes establishing common definitions for critical services while allowing for local terminology mapping.

      • Centralised oversight with distributed execution

        Create governance structures that provide global visibility and consistent standards while empowering regional teams to execute within local contexts and regulatory expectations.

      • Technology-enabled integration

        Leverage technology platforms that provide unified data management, scenario analysis, and reporting capabilities across jurisdictions while accommodating local regulatory reporting requirements.

      • Proactive regulatory engagement

        Engage with regulators across jurisdictions to demonstrate how integrated approaches satisfy local requirements while delivering superior resilience outcomes compared to siloed programmes.

      • Continuous capability maturation

        Build learning and improvement mechanisms that capture insights from incidents, tests, and regulatory interactions across all jurisdictions to continuously strengthen global resilience.

      The path forward

      The proliferation of operational resilience regulations represents a watershed moment for global financial institutions. Those that view this landscape as a series of compliance hurdles to clear will find themselves trapped in perpetual catch-up mode, struggling to resource fragmented programmes while missing the strategic value integrated resilience can deliver.

      By contrast, organisations that embrace operational resilience as a strategic imperative – building integrated, enduring capabilities that serve both regulatory requirements and business objectives – will emerge as industry leaders. They will demonstrate to regulators, customers, and stakeholders alike that their operational foundations are robust enough to withstand disruption while remaining agile enough to seize opportunities.

      The choice is clear: fragmented compliance or integrated resilience. The institutions that choose wisely will not only meet regulatory expectations across jurisdictions but will transform operational resilience from a regulatory burden into a genuine competitive advantage.

      KPMG's operational resilience specialists work with global financial institutions to design and implement integrated resilience capabilities that satisfy multi-jurisdictional regulatory requirements while delivering strategic business value. Ready to transform your approach? Connect with KPMG's experts to develop a global integrated resilience strategy that works across borders and drives competitive advantage.

      Our advisory insights

      Something went wrong

      Oops!! Something went wrong, please try again
      MTD TEST

      Get in touch

      Discover why organisations across the UK trust KPMG to make the difference and how we can help you to do the same.

      Contact us