Limited functionality available
Enhancing operational resilience in the UK Family Office sector
Operational Resilience is the ability to prevent, adapt, respond to, recover and learn from operational disruptions. Operational disruptions and the unavailability of important services have the potential to harm to those using those services.
It is the assumption that disruptions are a matter of ‘when’, and not ‘if’, that the regulators are focussing on, and FCA and PRA regulated Boards are sitting up and taking the incoming Operational Resilience regulations due at the end of this quarter very seriously. But is there anything for family offices to learn from these regulations?
This concept of operational resilience is not new and making sure family members are receiving key services as and when they need them is a top priority, and this is much wider that keeping the investment processes running smoothly. What would happen if the family office was not able fund any key purchases for 24 hours? Or communication channels (e.g. e-mail database) were down to prevent authorisation of payments? Are there alternative ways to provide the family with services and liquidity to respond to their needs? How quickly can these workarounds be put in place? Would it affect individual family members to differing levels?
The regulations have brought fresh thinking to operational resilience, starting with the concept of causing ‘intolerable harm’ – i.e. if the most important services cannot be provided for a period of time. The concept of a family member’s tolerance for lack of provision of key services will be well understood and keenly felt, but how advanced is the understanding of the level of tolerance differing by service or family member? What is required to provide that service? And critically - what are the alternative ways to provide that service if things go wrong?
Traditional continuity practices have tended to focus on how to recover individual resources the business uses, like IT systems or buildings. But the shift in thinking now starts with the service being provided, understanding what is critical to make that possible, and also understanding the various alternatives available to enable provision of that service. This paints a more holistic picture of operational resilience.
The operational resilience of the family office as a stand-alone entity is not in isolation however. The vast majority of family offices will outsource at least one key service (payroll, HR, finance, custodianship of investments), with many operating a much more complex model of outsourcing.
The question of resilience is therefore not just about the processes within the “four walls” of the family office. It is critical also to consider:
Whilst we would be the first to recognise that the majority of family offices are not required to comply with this regulation; this is one standard where a proactive approach to adapting those principles will have clear benefits to the ultimate users of the family office – the family.
By adopting the rigours of this approach, the family office can be confident that they are doing all they can to ensure ongoing stability over the provision of the services they deem to be the most important to the family (with any break of service being within tolerable, and pre-determined and agreed levels), whatever the world throws at them in 2021.
Jessica is a partner specialising in audit and advisory services for privately owned asset managers, sovereign wealth funds and family offices. She leads audit and assurance for the Deloitte UK Family Office practice; providing a range of services to some of the UK’s largest family offices. She delivers both external and internal audits to her clients, including reviews of their control environment and governance structures.
Rafik has been with the UK practice for 18 years, since he was an intern during University. He originally joined the Enterprise Risk Services department, which he was within for 13 years. He has since moved into the Investment Management practice within Audit. His role within the department until recently focussed on Technology Risk and Control, where he act as the IT specialist on nearly all the external audit jobs within the department's portfolio.
Asli is a Manager in our Investment Management & Private Equity department, with a background in internal audit, operational and technology risk and controls. She has a strong background in internal control, risk assessment, compliance management and regulatory reviews, SOX audits, process design and enhancement. She focusses heavily on Operational Resilience and has experience in control framework design, business process mapping, RegTech design and construction, internal audit and project management. She is engaged in content development for the Deloitte’s Operational Resilience solution, OneView where she is involved in the design of components linked to the principles and concepts outlined in the regulatory consultation papers.