The Context
Those in regulated financial services will know the phrase well: ‘those not in scope can treat this as guidance.’ The FCA’s Operational Resilience: Insights and Observations One Year On opens exactly there, and lands alongside Policy Statement 26/2 (PS26/2) on operational incident and third-party reporting. If your firm has been filing both under ‘noted, not applicable,’ read on.
I’m writing this straight off the back of UK Fintech Week, where closed-group, Chatham House-level conversations with the FCA made one thing clear: operational resilience is definitely top of the agenda, not because of any rule change, but because the technology landscape has. The FCA has looked across the industry and found that the gap between firms who genuinely understand their operational dependencies and those who produced documentation to satisfy a supervisory visit is widening. At the same time, agentic artificial intelligence (AI), systems that don’t just assist but reason, decide, and execute autonomously, is being embedded into regulated firms faster than the governance designed to contain it.
In an era where agentic AI has all the seats at the table, what your operational resilience framework looks like today will either set you up to grow, or set you up to fail.
What the FCA Actually Found
The review covers six areas: important business services (IBS) and impact tolerances; resource mapping; scenario testing; vulnerability management; communications; and governance. The headline finding is that firms have matured, but unevenly, and with persistent structural gaps.
On mapping: Firms have improved, but the FCA’s areas for improvement are pointed. Mapping has been largely focused on technology, but not even across the whole ecosystem (think third party dependencies). The FCA is explicit that it must also cover facilities, people, processes, information, and, critically, third-party resilience and testing outcomes. There is, in their words, ‘more work to do on identifying, assessing and remediating third-party vulnerabilities.’ Third-party risk is the single most common gap.
On scenario testing: Some firms are claiming in self-assessments that there is no scenario they wouldn’t be able to recover from, without evidence of having tested sufficiently severe
scenarios. The FCA is direct: that gives boards no meaningful assurance. Good practice firms are expanding to include broader cyber threats, third-party outages, and events that would actually breach impact tolerances, with documented mitigation plans and confidence ratings.
On governance: The FCA found unclear board engagement, absent document review trails, and ‘little or no evidence of input from second or third line of defence’ in self-assessments. Remediation actions frequently lacked named owners and target completion dates. The gap between having a governance framework and having governance that works is larger than many firms realise.
On impact tolerances: Good practice firms are using quantitative, non-time-based metrics – transaction volumes, financial thresholds – alongside time-based measures, and calibrating these using real-world incidents. The area for improvement: firms are not establishing distinct tolerances for market integrity harm versus consumer harm. These are different thresholds and they need to be treated as such.
The FCA’s conclusion is unambiguous: firms must move beyond compliance and embed operational resilience into how they design products, deliver services, and conduct business. Treat it as a core business capability, not a standalone exercise.
Why Now: The AI Acceleration Problem
Here is what makes this iteration of the operational resilience conversation different from prior ones. The risk surface of a regulated firm has changed in ways the existing framework was not designed to handle.
The Basel operational risk taxonomy for example – processes, people, systems, external events – has held for two decades. Then agentic AI arrived. An AI agent reasons, decides, transacts, and learns. It is not a system: systems do not exercise judgement. It is not a person: people do not replicate errors identically across a million decisions before lunch. It is a third category that no taxonomy has yet embedded.
The US regulators have somewhat acknowledged this. The Federal Reserve’s SR 26-2 and OCC Bulletin 2026-13 (both April 2026) explicitly carve generative and agentic AI out of existing model risk management frameworks, on the grounds they are ‘novel and rapidly evolving’ and do not fit, a significant admission. The events make the point more concretely: in March 2026, Alibaba’s autonomous research agent ROME spontaneously diverted computing resources to mine cryptocurrency, with no human instruction. Emergent behaviour from an optimising system. Map it onto the Basel event types of internal fraud, system failure, external event, and none fit. The system was working. It was just working towards the wrong objective.
For regulated firms, agentic AI introduces a specific failure mode the FCA’s review does not yet name but will: decision drift. Unlike traditional software, where a behaviour change
requires deliberate deployment, an AI system can exhibit different behaviour across sessions as underlying model weights are updated by a provider you have no direct control over. If your third-party framework has no mechanism for detecting that drift, you have a resilience gap that is invisible until it is catastrophic.
There is also an insurance dimension most firms have not modelled. Traditional operational risk insurance – cyber, errors and omissions, directors and officers, was underwritten for human or system causation. Early policy wordings are beginning to carve out ‘autonomous decisioning’ exclusions. If that pattern holds, a material slice of agentic loss will be uninsurable and must be capitalised, not transferred. This creates a significant capital risk for businesses which most are putting off ‘for anther day’.
What to Do: Building Something Board-Ready
The firms ahead of this are not the largest or best-resourced. They are the ones whose senior leadership asked an operational question rather than a compliance question: not ‘what do our policies say?’ but ‘what could actually falter under pressure, and who would find out first?’
Start with a single important business service and work through it rigorously. The FCA’s good practice firms show exactly what this looks like in practice:
- Map end-to-end not just first-tier vendors but the infrastructure beneath them. For any AI tools in the service chain: include the model provider, the cloud infrastructure it runs on, and the data pipeline feeding it. This is the third-party mapping gap the FCA flagged most consistently.
- Set impact tolerances by outcome, not just time using transaction volumes and financial thresholds as your primary measures. Establish distinct tolerances for consumer harm and market integrity harm. These are not the same number.
- Test scenarios that would actually breach your tolerances not scenarios you know you can recover from. For AI-assisted processes, include model failure, provider outage, and unexpected behaviour change as stress scenarios. Document mitigation plans and confidence ratings.
- Name the owners – a specific person accountable for each critical third-party relationship, including AI vendors, or service providers utilising AI for your end outcome. Remediation actions need named owners and completion dates, not committee oversight.
- For AI vendors specifically contract for model versioning and change notification. You need advance warning when the model your workflow depends on is updated. Run-time anomaly detection on agent behaviour, not just outputs, should be a minimum expectation.
- Give the board something real. The FCA is clear that self-assessments must be detailed enough for boards to challenge and make investment decisions. A live dependency map with ownership and recovery capability beats a slide deck of attestations.
The FCA’s growth agenda and its operational resilience agenda are not in tension. The regulator’s position is that firms unable to demonstrate resilience are not ready to grow. The AI integration pipeline across financial services will test that at scale, and sooner than most risk committees are currently modelling. Close parallels exist in the EU under the Digital Operational Resilience Act (DORA), which is already live for firms with EU operations and provides a useful floor for where UK expectations are heading.
The firms that build out a robust framework now while the landscape is somewhat manageable and before agentic AI begins to propagate will have a better chance of moving with momentum but crucially visibility. And if recent events are any guide, after the fact is closer than it looks.
ABOUT ELIRA SOLUTIONS
Elira Solutions works with FCA-regulated firms on operational resilience mapping, third-party risk frameworks, and technology governance. If this piece has surfaced questions about your own framework, we’re happy to have that conversation.
