Building Resilience from the Ground Up: Business Continuity for a New Bank
Sector: Financial Services | Scope: Full BC programme development | Outcome: FCA licensing achieved
Becoming an authorised bank is not a straightforward process. The FCA’s requirements are extensive, and business continuity sits firmly within them — not as a box-ticking exercise, but as evidence that the organisation can withstand operational disruption without putting customers or financial stability at risk. For a new entrant to the market, that means building a credible, tested BC programme before the doors open, often while the business itself is still taking shape around you.
Cambridge Risk Solutions was brought in at the establishment phase of a new UK bank to develop its business continuity programme from scratch as part of the FCA authorisation process. The engagement covered the full spectrum: policy framework, business impact analysis, continuity plans, and a live exercise to test what had been built.
The Complication
New organisations rarely arrive as blank slates. This client had already developed elements of their resilience thinking independently — and were understandably protective of that work. The challenge was that those existing arrangements overlapped significantly with what a formal BC programme required, creating duplication and, in places, contradiction. Persuading a small, fast-moving team to consolidate rather than run parallel frameworks required careful stakeholder management and a clear demonstration of why integration would serve them better than separation.
Staff changes during the initial establishment period added further complexity. Key contacts changed, institutional knowledge had to be rebuilt more than once, and the programme had to be designed to be genuinely transferable — not dependent on any one individual’s understanding of what had been agreed.
The primary point of contact sat within the IT function, which reflected where BC instinctively lands in many technology-led businesses. Part of the work was therefore ensuring that the programme was understood and owned at the right level of the organisation, not just documented in a corner of the IT department.
The Approach
The starting point was a structured BIA that mapped the bank’s critical processes against the FCA’s operational resilience expectations — establishing what needed to recover, in what order, and within what timeframes. From that foundation, a policy framework and suite of continuity plans were developed that were proportionate to the size of the organisation while meeting the evidential requirements of the authorisation process.
A tabletop exercise tested the plans before submission, identifying a small number of gaps that were addressed before the final documentation was presented. Skills transfer throughout the engagement meant that by the time the programme was handed over, the internal team had the knowledge and confidence to maintain and develop it independently.
The Outcome
The bank received its FCA authorisation and is now operating. The BC programme developed during the engagement formed part of the evidence base submitted in support of the licence application.
For a new entrant to one of the most regulated sectors in the UK, having a credible, tested, and fully documented BC programme in place before opening was not optional — it was the condition on which everything else depended.