top of page
Behavor_white2.png
Search

Operational Resilience Fails Without Understanding Human Risk

  • davidjamesgrosse
  • Apr 8, 2025
  • 2 min read

Updated: Dec 29, 2025

๐‘๐ž๐ฉ๐ž๐š๐ญ ๐š๐Ÿ๐ญ๐ž๐ซ ๐ฆ๐ž โ€“ โ€œ๐ข๐Ÿ ๐ˆ ๐ก๐š๐ฏ๐งโ€™๐ญ ๐ฉ๐ซ๐ข๐จ๐ซ๐ข๐ญ๐ข๐ณ๐ž๐ ๐š๐ง ๐ฎ๐ง๐๐ž๐ซ๐ฌ๐ญ๐š๐ง๐๐ข๐ง๐  ๐จ๐Ÿ ๐ก๐ฎ๐ฆ๐š๐ง ๐ซ๐ข๐ฌ๐ค ๐š๐ง๐ ๐›๐ž๐ก๐š๐ฏ๐ข๐จ๐ฎ๐ซ๐š๐ฅ ๐๐ซ๐ข๐ฏ๐ž๐ซ๐ฌ ๐ข๐ง ๐ฆ๐ฒ ๐จ๐ซ๐ ๐š๐ง๐ข๐ณ๐š๐ญ๐ข๐จ๐ง ๐ข๐ญ ๐ฐ๐ข๐ฅ๐ฅ ๐ง๐จ๐ญ ๐›๐ž ๐จ๐ฉ๐ž๐ซ๐š๐ญ๐ข๐จ๐ง๐š๐ฅ๐ฅ๐ฒ ๐ซ๐ž๐ฌ๐ข๐ฅ๐ข๐ž๐ง๐ญโ€


In 11 days time the final PRA and FCA requirements on Operational Resilience come into force (for financial services firms).

Doubtless everyone has now dotted their Iโ€™s & crossed their Tโ€™s, on their important business services, impact tolerances and the myriad of technical, process & governance obligations.


But is there the danger that this could lead to the โ€œillusion-of-resilienceโ€ or โ€œresilience-theatreโ€?


Tackling the technical risks that arise from cyber, technology & key third parties is of the utmost importance, but without (also) addressing the human factor it is a 2 legged stool โ€“ likely to be wobbly when you sit on it.


I was reminded of these imperatives over the last 2 days as I attended the 1LoD Culture & Conduct deep dive.


The excellent opening debate covered what Financial Services can learn from other highly regulated industries. Whether Aircraft Safety, the UK Met Police or Nuclear Accidents it was clear that when an incident happened there was always a human element entwined within the root causes.


Prior thoughts on the lessons from nuclear accidents and Fukushima here:



And on the difference between proximate and ultimate causation here:



As I was (once again) pondering why key behavioural risks take a back seat, as everyone clambers for the comforting balm of technical solutions, a new survey popped into my feed from KPMG USA on Risk & Resilience.



This majored on the usual risk & resilience levers โ€“ but it did note (in passing) that โ€œtwo-thirds to nearly three-quarters (of firms) - face moderate to strong barriers in effectively managing riskโ€.


These barriers included performing duplicative efforts (71%), cultural resistance (66%) & lack of awareness and communication (72%).


These obstacles are not technical they are behavioural.


๐‘๐ž๐ฉ๐ž๐š๐ญ ๐š๐Ÿ๐ญ๐ž๐ซ ๐ฆ๐ž โ€“ โ€œ๐ข๐Ÿ ๐ˆ ๐ก๐š๐ฏ๐งโ€™๐ญ ๐ฉ๐ซ๐ข๐จ๐ซ๐ข๐ญ๐ข๐ณ๐ž๐ ๐š๐ง ๐ฎ๐ง๐๐ž๐ซ๐ฌ๐ญ๐š๐ง๐๐ข๐ง๐  ๐จ๐Ÿ ๐ก๐ฎ๐ฆ๐š๐ง ๐ซ๐ข๐ฌ๐ค ๐š๐ง๐ ๐›๐ž๐ก๐š๐ฏ๐ข๐จ๐ฎ๐ซ๐š๐ฅ ๐๐ซ๐ข๐ฏ๐ž๐ซ๐ฌ ๐ข๐ง ๐ฆ๐ฒ ๐จ๐ซ๐ ๐š๐ง๐ข๐ณ๐š๐ญ๐ข๐จ๐ง ๐ข๐ญ ๐ฐ๐ข๐ฅ๐ฅ ๐ง๐จ๐ญ ๐›๐ž ๐จ๐ฉ๐ž๐ซ๐š๐ญ๐ข๐จ๐ง๐š๐ฅ๐ฅ๐ฒ ๐ซ๐ž๐ฌ๐ข๐ฅ๐ข๐ž๐ง๐ญโ€*




ย 
ย 
ย 

Comments

bottom of page