Operational resilience insights for insurance firms

We asked a sample of firms about our rules for strengthening operational resilience. Use our observations to review your firm’s approach.

Actions for insurance firms

Ensuring the UK insurance sector is operationally resilient is important for consumers, firms and financial markets. On 29 March 2021, with the Bank and the Prudential Regulation Authority (PRA), we published a shared policy statement on requirements to strengthen operational resilience in the financial services sector. 

Our rules and guidance came into force on 31 March 2022.

Now that this date has passed, if your firm is in scope you must have:

  • identified your important business services
  • set impact tolerances for the maximum tolerable disruption, and carried out mapping and testing to a level of sophistication necessary to do so
  • identified any vulnerabilities in your operational resilience

We encourage firms to review the observations below and consider how your own preparations have aligned with our observations.

We expect all in-scope firms to address any remaining gaps or shortcomings in their operational resilience frameworks, and meet all obligations under our rules, by 31 March 2025.

Firms that are in scope

Our rules and guidance apply to all Solvency II insurers. Insurance intermediaries may also be in scope where they meet the definition of an enhanced scope SM&CR firm. The observations from our review will therefore be relevant to both Solvency II firms and insurance intermediaries where they are in scope of the policy, and of interest more broadly to other firms in the sector.

These rules do not apply to EEA firms. This includes previously incoming EEA firms who have now entered the Temporary Permissions Regime (TPR) or Financial Services Contracts Regime (FSCR). We have also added provisions to the rules in our Handbook to clarify that overseas firms are not in scope.

If your firm is in scope, you should consider our observations and how they apply to your own activities. This will help you identify where there are gaps or weaknesses in your current approach, and to consider actions you may need to take.

Please note that these were our initial observations based on a small sample of firms. They did not constitute guidance or a summary of our rules. The full requirements are in PS21/3, SS1/21 and accompanying documents published on 29 March 2021.

Our sample of 47 firms

We requested information on a voluntary basis from a sample of 47 firms to assess how they had responded to our final operational resilience rules and guidance. This included insurers and intermediaries from the wholesale, retail and life insurance sectors.

For dual regulated firms, we reviewed and analysed this information in collaboration with the PRA.

We assessed the answers provided on these 3 criteria, taking into consideration the PRA’s and FCA’s statutory objectives:

  • the reasonableness of the important business services and impact tolerances selected
  • consideration of consumer harm differentiated by product type or distribution channel
  • consideration of consumer harm according to customer type or vulnerability

Key observations

Across the range of answers provided, we were able to identity key components that allowed us to form a view of the firms’ readiness for the upcoming rule changes.

Page updates

: Information changed To reflect that our rules and guidance came into force on 31 March 2022