The Role of Exit Strategies in Operational Resilience | NTT DATA

Tue, 30 January 2024

The Role of Exit Strategies in Operational Resilience

The Key to Improving Operational Resilience is Hidden in Enterprise Architecture: Part 3

Exit strategies function much like insurance policies, lying dormant until a critical situation rears its head. However, like insurance, they likely won’t cover every possible scenario. In the financial services sector, these strategies play a crucial role in mitigating operational risk.

Regulatory bodies, including the Financial Conduct Authority (FCA) in the UK, emphasise the need for well-defined, documented, and tested exit plans and termination protocols (FCA FG16/5). Financial entities must navigate the complexities of transitioning to alternative service providers, ensuring seamless operations, and collaborating effectively with outsourcing partners during shifts. For these firms, it’s essential to manage concentration risks and establish contingency measures in case of disruptions from service providers.

High-level Plans Aren’t Enough

Unfortunately, many organisations overlook the importance of specific exit strategies, relying on broad plans without adequate detail. It's crucial to assess how quickly a financial organisation can become fully operational with a new vendor or, at the very least, maintain core services. Firms should be more deeply exploring the exit strategies of third-party vendors, evaluating their ability to restore operational capabilities in alignment with requirements, and possessing insights into their architectural framework.

The Concept of Exit Recovery Time Benchmarks

Similar to measuring service recovery times with the Recovery Time Objective (RTO), the Exit Recovery Time Objective (ERTO) assesses the time required to migrate systems to an alternative vendor and restore systems to a fully operational state. A commitment to a robust exit strategy can be addressed, to some extent, through architectural design, spreading out concentrated risk and lowering operational risk.

Multi-Cloud Approach

Organisations may also reduce risk by using multiple cloud providers. This could involve actively using a primary cloud while preparing another cloud for a potential shift. Alternatively, firms can simultaneously leverage multiple cloud platforms, which is comprehensive but costly. In this context, containerisation is a pivotal tool for enabling multi-cloud operability, allowing organisations to amplify their cloud strategies. However, when it comes to the post-containerisation stage, including effective management and upkeep, it’s critical to remain vigilant.

Non-Proprietary Approach

A non-proprietary approach is crucial. While containerisation is a significant element, many cloud platform vendors offer attractive proprietary products. The ease of portability for these systems might pose unexpected challenges, especially in terms of security, configurations, and integrations.  Employing standard coding languages and embracing containerisation can mitigate the risk of being tied to a specific vendor.

Ultimately, this approach relies on a comprehensive understanding of requirements, architectural design, and the total cost of ownership (TCO). There are various instances reported in the media that underscore this, such as exorbitant data egress charges, migrations back to data centres, and cloud vendors encountering difficulties in running certain services cost-effectively in the cloud.

Prioritising Unexpected Scenarios

One integral step in this process is to prioritise unexpected scenarios. Rigorous testing, especially in non-active-active multi-cloud ecosystems, fortifies an organisation's resilience. For any exit strategy evaluations in such environments, assume continual usage and emphasise seamlessly integrating critical applications into business continuity planning (BCP) assessments.

Keeping Your Exit Strategies Open

Having a well-thought-out exit strategy is paramount in the financial services sector, and it should be treated as an integral part of operational resilience. By considering multi-cloud adoption, containerisation, and non-proprietary vendors, organisations can enhance their ability to handle operational and concentration risk effectively and ensure business continuity. Regular exit plan testing, especially in non-active-active multi-cloud environments, can further bolster preparedness and responsiveness in times of need.

At NTT DATA, we take pride in our understanding of architecture and data, recognising the immense value they bring. Our expertise in banking and the financial markets segment enables us to understand our clients' challenges.  If you want to learn more about exit strategies, cloud containerisation, operational resilience, or our legacy modernisation initiatives, please do get in touch.

How can we help you

Get in touch