Operational Resilience for Financial Services: What Regulators Now Expect

FCA and PRA operational resilience policy has been fully effective since March 2025. Every FCA and PRA-regulated firm must now have mapped its important business services, set impact tolerances, and demonstrated through scenario testing that it can remain within those tolerances. This guide walks through the complete operational resilience framework.

Published May 2026·Business & Finance·Operational Resilience FCA PRA Financial Services

What the FCA and PRA Operational Resilience Policy Requires

The FCA and PRA jointly published their operational resilience policy in March 2021, with full implementation required by March 2025. For FCA and PRA-regulated firms — banks, insurers, investment managers, payment firms, and in-scope market infrastructure — the policy requires: identification of important business services, setting of impact tolerances for each service, mapping of the resources and third-party dependencies that support each service, scenario testing to demonstrate the firm can remain within impact tolerances, and an annual self-assessment of operational resilience capability.

This is a different regulatory framework from ISO 22301 business continuity management — although the two complement each other. ISO 22301 focuses on the management system for business continuity. FCA/PRA operational resilience policy focuses specifically on customer and market outcomes: can the firm deliver its important business services within tolerances that protect consumers and market stability, even during severe but plausible disruption?

Access the complete guide

All 17 pages — practical implementation guidance, checklists and templates. Free, instant access.

No spam. No sales calls. AjaCertX will email you a copy for reference.

Guide unlocked ✓

A copy has been sent to your email for reference.

Building your operational resilience programme?

Financial services resilience specialists. Programme assessment within 48 hours.

Get a Proposal →WhatsApp

About AjaCertX

AjaCertX is a specialist compliance, certification and assurance partner serving financial services organisations globally. Our Resilience and Continuity practice delivers operational resilience programme design, ISO 22301 implementation, and FCA/PRA operational resilience self-assessment support.