Operational resilience is critical for ensuring that financial firms can prevent, respond to, and recover from disruptions – such as cyber-attacks or failures at third party providers – to protect consumers, market integrity, and financial stability. Strengthening resilience is a shared challenge. It calls for collaboration between firms and regulators, better sharing of insights across the sector, and continuous investment from firms over time.

Our technology, resilience and cyber team hosted a webinar marking 1 year since our operational resilience rules came into force. We shared findings from our review of firms’ operational resilience, and discussed our recently published incident and third party reporting requirements, which come into force in March 2027. 

What we covered:

• Practical insights from the first year of operational resilience rules, so you can benchmark your approach and quickly spot gaps.

• Examples of good practice and sector wide themes we have seen in firms’ self-assessments, and how this can guide your priorities.

• A breakdown of the recently published reporting frameworks for incidents and third parties. Learn what's changing, when and why it matters for you.

• Awareness of how reporting data will support more consistent incident management and help you strengthen resilience internally.

• Understanding how your feedback shaped the final rules and what support is available during the implementation period.

• Hear directly from FCA and PRA representatives on our coordinated cross authority approach.

• A chance to ask questions and get clarity on the issues that matter most to you.

This webinar is aimed at senior representatives working on operational resilience as well as incident management and third party risk managers within regulated firms. Trade associations, consultancies advising firms, etc., are also welcome to attend. 

Captions and transcript are auto-generated.

Useful links:

• PS26/2: Operational incident and third party reporting | FCA

• FG26/3: Operational Incident Reporting - finalised guidance

• FG26/4: Material Third Party Reporting - finalised guidance

• Operational resilience: insights and observations one year on | FCA

• Cyber Coordination Group insights 2025 | FCA

• 2025 CBEST thematic

• Effective practices: Cyber response and recovery capabilities

Speakers: