Operational Resilience

Minimise operational disruptions to your organisation.

Our experienced industry practitioners provide exceptional consulting services to enable clear understanding of regulatory requirements and delivery. Coupled with innovative cutting-edge solutions to mature firms operational resilience providing board and stakeholder confidence.

The operating environment for financial firms has changed significantly in recent years. Advancements in technology create both opportunities and vulnerabilities. The sophistication of cyber threats will continue to increase. Systems will fail. Outsourcing to vendors and third-party supplies will provide efficiencies and reduce costs, but also create concentration and supply chain risks.

In this challenging landscape, having a clear understanding of how to minimise the impact of a disruption to your external stakeholders and the broader economy, and knowing where your organisation’s vulnerabilities lie will help you recover effectively and minimise customer harm.

We help organisations to face the future with confidence by: understanding the service most important to deliver through the lens of customers, firm, and market; helping to map these IBS’s end-to-end and identify vulnerabilities[1]; and establishing impact tolerance and testing against these to identify the circumstances in which impact tolerances cannot be met meaning customers, the firm and/or market will be significantly impacted. We are uniquely positioned to understand the root cause of impact tolerances being exceeded and support in the creation of solutions to address these, through our deep expertise across the key disciplines of technology, business, cyber and third-party resilience.

Continually improving resilience and building ‘resilience by design’ into key processes and systems is crucial. We help by establishing strategy, embedding resilience into existing governance, developing robust target operating models driving cross-discipline collaboration, and increasing the effectiveness of risk management, operational processes and controls.


December 22, 2023

2024 Top Risks in the Financial Services Industry

Protiviti and NC State University’s ERM Initiative have been conducting our Top Risks Survey for the past 12 years. This journey began just as financial markets around the world were starting their long, slow recovery from the global financial crisis, and has since covered the worst global pandemic in 100 years as well as near record-low interest rates followed...

Our Operational Resilience services

Protiviti’s Operational Resilience consulting includes:
Pro Document Consent

Operational Resilience Implementation

Development and delivery of operational resilience programmes to meet regulatory requirements/good practice customised to your business leveraging our industry leading framework while collaborating with you to embed a programme sustainable for the future of your business.

Pro Building office

Operational Resilience Process Mapping

Enhancing the maturity of process mapping and vulnerability assessments to identify and understand weaknesses in resilience. Developing solutions to implement and mature technology, business, cyber and third-party resilience. Leveraging tooling to digitise the process and create digital twin environments.

Pro Legal Briefcase

Operational Resilience Scenario Testing

Developing a scenario testing strategy, scenario library (based on severity and plausibility) and executing scenario tests increasing in maturity and complexity to align with your testing ambitions and need to demonstrate ability to operate within impact tolerance by 31 March 2025, at the latest.

Pro Rightmark Square

Operational Resilience Monitoring and Reporting

Extracting, collating, and interpreting a plethora of operational resilience data across your business delivering a meaningful monitoring dashboard and management information report to drive appropriate actions and investment decisions.

Pro Digital Hightech

Outsourcing /Third Party Resilience

Developing outsourcing strategies to address known challenges, working with you to understand regulatory requirements and sharing insights into industry good practice to develop and embed robust third-party risk management frameworks to address resilience risk.

Pro Document Stack

Business Resilience

Embedding comprehensive business continuity planning process that supports the recovery, resumption, and maintenance of all aspects of the business. Also working with you to deliver incident and crisis management training.

Pro Location Globe

Technology Resilience

Helping with the most difficult technology risk challenges, e.g. data architecture, cloud strategy, data centers and identity and access management. Understanding vulnerabilities and helping to develop strategies and implement solutions to address these.

Pro Tools Gear

Cyber Resilience

Leading cyber resilience practice which helps with challenges such as NIST framework and ISO 27001 implementation, penetration testing and PCI compliance.


The Protiviti advantage

Operational Resilience experts at Protiviti help organisations demonstrate, enhance and improve their resilience

Operational Resilience experts at Protiviti help organisations demonstrate, enhance and improve their resilience.

We help organisations demonstrate and improve resilience, building on existing business continuity management activities, IT disaster recovery and cybersecurity incident response. Our experts bring a breadth of knowledge across the four domain areas of operational resilience: business, technology, cyber and third-party.

  • Business Resilience: We help build and enhance existing business continuity programmes to more closely align to evolving best practice under resilience.
  • Technology Resilience: We help our clients most difficult technology risk challenges, such as data architecture, cloud strategy, data centers and identity and access management.
  • Cyber Resilience: We offer a leading cyber resilience practice and help with challenges such as NIST framework and ISO 27001 implementation, penetration testing and PCI compliance.
  • Third-Party Resilience: We help our clients manage supplier oversight challenges such as strategy and framework design, assessment operations, implementation solutions and remediation efforts.

We work with and report to executive leaders and the board to address and assist organisations with:

  • Current State Assessment & Setup
  • Important Business Service and Process Formalisation
  • Impact Tolerance Development
  • Front-to-back Mapping
  • Scenario Testing and Simulation Exercise Development
  • programme Implementation
  • Mature Foundational Elements
  • Independent Assurance of programme Delivery
  • Second or Third Line Support
  • Development and Strengthen Existing Internal Audit Plan
  • Cybersecurity programme
  • BCP Support & Review
  • Technology Strategy Review and Enhancement

Our operational resilience expertise is complimented by strong, active relationships with our clients and regulators. Our team continues to work closely with trade associations, including Global Financial Markets Associations (AFME, ASIFMA and SIFMA), of which we have co-authored publications with both SIFMA – Quantum Dawn V and Quantum Dawn VI – and AFME – Cloud Risk and Resiliency.

Operational Resilience experts at Protiviti help organisations demonstrate, enhance and improve their resilience


Bernadine is a Managing Director within our Financial Services Industry (FSI) Regulatory practice in the UK. Prior to joining Protiviti ten years ago, Bernadine was a Director in KPMG’s Regulatory Services practice. A chartered accountant by training, Bernadine has over ...
Laura Moore
Laura Moore is a Managing Director in Protiviti UK.

Premium associate memberships

Protiviti is a Premium Associate Member of SIFMA, AFME and ASIFMA, collectively part of the Global Financial Markets Association (GFMA). Protiviti actively engages with the associations, committees and working groups, sharing insights and expertise on crucial industry developments, speaking at conferences an events, and contributing to advocacy efforts for effective and resilience capital markets. Our membership allows us to contribute our deep understanding of the continued evolving and competitive financial services industry landscape.

Case Studies

Client Challenge

A regulatory agency informed a global banking institution that it must reform its second line of defence and embed operational resilience across the organisation. The immediate need was to challenge, improve and document the second-line target operating model for the newly created resilience risk function.

The bank also required support and new insights to manage the target operating model rollout and deliver a communications strategy and internal and external engagement model.


Protiviti undertook the challenge by developing a project plan with workstreams and sub-workstreams, providing and experienced project management office (PMO) consultant to lead the team, recruiting its Operational Resilience Global Command Centre to provide regular briefings on regulatory expectations and peer insights to build into project strategy, and providing a clear handover highlighting potential roadblocks for future milestones and making remediation strategy.

Value Delivered

Protiviti developed a robust target operating model for the newly formed resilience risk function. The project team improved PMO and outputs meeting global transformation standards and methodology. Protiviti crafted a communications strategy and actively led outreach activities to maintain employee engagement and group buy-in. An engagement model was delivered for internal and external stakeholders in line with organisational redesign principles and an understanding of gaps and areas for improvement was collected in a risk and control library to manage resilience risk.

Client Challenge

The EU arm of a large global asset management firm was struggling to meet the needs of a rapidly evolving business landscape with maintaining the grasp of key technology risks.

The firm recognised that the evolving technology landscape and emerging threats required a reevaluation of strategy and approach within the second line technology risk function. Management sought a capable partner to review and enhance their technology risk framework and operating model.


The firm asked Protiviti to review and design a new strategy to support future needs. Actions include working with the client’s first, second and third lines of defence to understand their business and how technology risk needed to respond, defining a strategic model and outlining a new risk operating model, and boosting the performance and design of technology risk governance, risk analysis, stakeholder engagement, control compliance, cybersecurity, risk tooling and other relevant areas of involvement.


Protiviti helped the client design a future target operating for technology risk and articulated its vision across the organisation. Efforts resulted in a clearly defined operating model with clear responsibilities for risk and control management. Production of a central suite of reports gave all stakeholders timely risk and control information and reduced the risk of duplicated efforts. Full integration of IT risk management and operational risk management enabled the business to effectively evaluate all technology risks impacting functions and business processes.


A global financial institution was given a regulatory mandate to address operational resilience. Driven by the first line, it would assess planned initiatives against leading practises and enhance plans where necessary.

It would help draft regulatory responses, develop a go-forward strategy for the first line, including criticality framework, resilience operating model and testing approach, and work with the second line to develop metrics to monitor resilience and challenge first-line efforts.


A Protiviti team embedded across the delivery workstreams, partnered with the client to align combined efforts with leading practises and expectations from a global set of regulators and to conduct the following operations – perform a current state assessment of operational resilience efforts, benchmarking against regulatory expectations and leading practises and create a go-forward plan that accounted for work efforts to date and organisational/system limitations to address resilience concern.

Value Delivered

Protiviti helped create a global resilience strategy and operating model to align the client organisation with the pending demands of regulators. Guiding principles, frameworks and industry and regulatory insights were provided, allowing for the advancement of resilience efforts and enhanced board and management reporting. A framework was created to address and validated the organisation’s critical business services, and a customised strategy and approach were developed for resilience capability testing.