Since the inception of the General Data Protection Regulation (GDPR), organisations have recognised the significance of understanding their suppliers’ data chains. Likewise, a similar trend began in the financial services sector when the regulator implemented SS2/21, aiming to establish expectations and demands concerning third-party supply chains and risk.
However, the question remains: have organisations adequately addressed these concerns, or is further action necessary?
The fallacy of cloud migration as a remedy for operational resilience
Many organisations believe migrating to the cloud will solve all their operational resilience issues. However, this is far from the truth. The cloud may not remediate systemic issues; for lift and shift, it merely relocates problems from one place to another, and in some cases, technology debt remains.
Achieving operational resilience requires a holistic view and an enterprise perspective to comprehend the complexities and mechanisms involved. This is where Enterprise Architecture plays a crucial role.
The challenge of obtaining information on 3rd party systems
Although many architectural practices advocate for the application of Enterprise Architecture to external systems, acquiring information about proprietary system architectures often proves to be a frustrating and time-consuming experience.
Insufficient supply chain knowledge exposes organisations to risks, as corners are cut in architectures, and vendors are reluctant to reveal weaknesses. Consequently, external security breaches and outages become more common, leading to reputation damage in the financial industry and prompting regulators to act.
DORA and regulatory compliance
Financial services firms increasingly demand information about their vendors' operational architectures, but vendors often struggle to provide the required documentation to meet UK regulatory standards. The European Union has recognised that operational resilience is critical to a stable financial system and proposed the Digital Operational Resilience Act (DORA) in response.
DORA aims to establish a standard framework for mitigating critical supplier operational risk across Europe. The proposed act shares commonalities with UK regulations and will also affect UK financial services firms operating in Europe.
Identifying the root causes of operational issues
One could argue that most operational issues stem from inadequate IT strategies and the strength of the architecture practice, particularly regarding technology debt.
Several factors contribute to these operational resilience problems, including:
- Strategic drivers
- Poor lifecycle management
- Partially implemented architectures
- Disparate systems
- Manual processes.
Mitigating operational risks
To proactively address operational resilience challenges, your key strategic driver must be reducing technology debt to foster innovation and drive business growth. Baselining architectures and understanding dependencies are crucial for effective technology debt management.
By implementing risk management practices in architecture, you enhance your stakeholder management and provide leverage. An effective knowledge management strategy facilitates real-time access to information and promotes cohesion across business functions.
Boosting operational resilience
If you want to ensure operational resilience, your organisation must address these root causes at the enterprise level. Regulators are demanding a standard framework and increased visibility across the supply chain, and building a solid foundation begins with tackling technology debt. Financial services firms can enhance their ability to adapt and thrive in an evolving landscape by proactively managing operational risks and embracing a comprehensive approach.
In the next article, we will examine factors such as strategic drivers, poor lifecycle management, partially designed architectures, disparate systems, and manual processes and examine their impact on operational resilience.
At NTT DATA, we take pride in our understanding of enterprise architecture and data, recognising the immense value they bring to enterprise-level organisations. Our expertise allows us to harness both to provide operational insights, a full data strategy, and a 360-degree view of our clients’ challenges.
If you want to learn more about any of the topics discussed here or explore our legacy modernisation initiatives, don’t hesitate to reach out.