Montage of a team of business people at a presentation at the boardroom table. There are several buildings in an overlaid cityscape. There is also motion blurred traffic on a roadway in the middle of the group. City is Sydney, Australia. Business development; growth and architecture

Turning failure into opportunity: Resilience by Design

As FINMA sharpens its focus on operational resilience and critical functions, now is the time to embrace the power of Resilience by Design.

In brief

  • Resilience by Design is a strategic approach enabling companies to adapt and thrive in the face of adversity.
  • Regular testing plays an important role in this journey towards resilience, enabling systems to be assessed and improved continually.
  • Successful Resilience by Design is built on three pillars: preparedness, adaptability and recovery.

Resilience by Design: Failing forward

Embracing Resilience by Design can strengthen financial services institutions against the myriad of challenges that exist in the increasingly complex and fast-paced business environment characterized by digital transformation coupled with economic crises, pandemics like COVID-19, cybersecurity threats, and international political upheavals.

Resilience by Design transcends the traditional concept of response and recovery and infuses resilience into the architectural design of an enterprise – its people, processes, strategies, and systems. This approach leverages simulation exercises, tests, and real-life events to identify and address vulnerabilities in operations. Vulnerabilities are then regarded as valuable learning experiences, steering investment in enterprise risk management and resource efficiency to improve the system’s resilience and recovery response. This mindset goes beyond simply bouncing back to how things were before the setback; it’s about learning from such experiences, otherwise referred to as “failing forward”, and using these lessons to drive innovation. In essence, it’s about adopting a strategic mindset that is both proactive and long-term.

The urgency for adopting this mindset is highlighted by recent guidelines like the FINMA Circular 2023/1, which outlines operational resilience benchmarks for Swiss financial institutions. Such regulations reinforce that operational resilience isn’t a one-time fix—it’s a necessary, continuous journey for companies that want to succeed in the face of future uncertainties.

According to FINMA’s definition, operational resilience is an organization’s ability to swiftly restore critical functions while remaining within acceptable disruption limits. It also encompasses the organization’s proficiency in recognizing and safeguarding against potential threats; reacting to and recovering from disruptions; and using those incidents to boost future preparedness.

An operationally resilient enterprise designs its model to diminish the chances and implications of disruptions to its vital functions, significantly reducing not only the residual risks but also minimizing the chances of such disruptions occurring.

Essential pillars for implementing Resilience by Design

Implementing this approach within a business context is a multifaceted endeavor, fundamentally encompassing three critical components: preparedness, adaptability, and recovery.

How EY can help

These three pillars are enhanced by technology and infrastructure. Investing in robust systems is not an optional luxury but key to ensuring continuous operations. By designing system infrastructure with resilience in mind, such as through automated failovers, data backups and cyber-secure networks, businesses can maintain their operations even when faced with unforeseen events.

 

Resilience testing

In the quest for operational resilience, a pivotal yet frequently neglected element is comprehensive testing. This process enables systems, procedures or teams to be exposed to a variety of simulated conditions to assess their readiness and help identify areas that need strengthening.

Impact tolerances should be at the heart of our discussions on operating model design to strategically prioritize actions. This is particularly true for essential business services — or “critical functions”— as delineated by FINMA in the 2023/1 circular. It is imperative for teams to conduct regular assessments of the resilience of critical functions, ensuring they remain within their disruption tolerance parameters. Robust testing strategies are essential to identify areas that may require additional investment and support amendments to the operating model, including the creation of redundancies, backups and options for substitutability.

Testing should not be seen as a “one-off event” but an iterative process encompassing continuous evaluation, training, and enhancement. A testing protocol assures that the foundation on which operational resilience is built remains pertinent through consistent capability development and increasingly robust systems throughout the prevention, detection, response and recovery of disruptions.

Resilience by Design transcends the traditional concept of recovery and infuses resilience into the architectural design of an enterprise – its teams, processes, strategies, and systems.

Christian Schnewlin

Senior Manager, Business Consulting in Financial Services | EY Switzerland

Competitive edge

Incorporating Resilience by Design fortifies financial institutions against unforeseen disruptions and distinguishes them in a competitive marketplace. Clients and investors, increasingly focused on crisis management capabilities, favour institutions that exhibit robustness and strategic foresight. A demonstrated commitment to resilience not only enhances stakeholder confidence, leading to customer loyalty and investor trust, but also positions an organization to transform industry upheavals into opportunities for growth and leadership. By weaving resilience into their core business strategy, organizations navigate today's financial complexities with agility, exceeding regulatory compliance and embracing a culture of continuous improvement, risk awareness, and adaptability. As a result, these institutions are well-equipped to withstand shocks and outmaneuver competitors, leveraging change as a competitive advantage. Ultimately, Resilience by Design fosters a sustainable, forward-thinking business model that thrives in the face of uncertainty, ensuring long-term success and a leading industry position.

Summary

Resilience by Design goes beyond mere compliance, aiming to create robust systems that can withstand diverse shocks and stresses. A common mistake is to meet only the minimum requirements of regulations like FINMA 23/1 or DORA, rather than striving to exceed them to achieve true resilience. Compliance should be considered as the starting point, not the end goal. Regular and thorough testing is essential to uncover vulnerabilities and enhance response mechanisms, ensuring that businesses are consistently working on turning adversities into opportunities and failures into stepping-stones for success, embodying the ethos of 'failing forward'.

Acknowledgement

We kindly thank Katrina McAuliffe, Cecilia Skarne, Sabina Portmann and Sanja Zivkovic for their valuable contribution to this article.

Related articles

Do you know what data assets are critical for business operations?

Banks should prepare for the new FINMA Circular 2023/1 “Operational risks and resilience – banks”, including provisions on critical data.

Christian Schnewlin + 2

    About this article

    Photographic portrait of Christian Schnewlin
    Christian Schnewlin
    Senior Manager, Business Consulting in Financial Services | EY Switzerland
    Race car driving is the passion of Christian. Pushing towards the top rank with his team while knowing that consistency and sustainability is more important than short-term wins.
    Related topics
    Risk and regulatory transformation
    Banking and capital markets
    Technology
    Financial Services EMEIA
    Technology leader's agenda

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Limited, each of which is a separate legal entity. Ernst & Young Limited is a Swiss company with registered seats in Switzerland providing services to clients in Switzerland.