Operational Resilience
Overview
Operational resilience is the ability to prevent, adapt to, respond to, recover from, and learn from operational disruption.
At Sucden Financial, we are committed to delivering continuity of service to our clients and the markets in which we operate, including during periods of disruption. We take a proactive, continuously improving approach to operational resilience, supported by a dedicated Operational Resilience team responsible for implementing the FCA’s policy PS21/3 – Building Operational Resilience.
Our framework is designed in line with the regulatory guidance and is regularly reviewed to ensure ongoing alignment with evolving regulatory expectations. The effectiveness of our operational resilience arrangements is subject to independent assurance through internal and external audit activity.
Oversight of operational resilience is provided through a dedicated Resilience Committee, with additional governance and challenge from the Risk Committee.
Important Business Services
Identifying our Important Business Services is a foundational step in how we achieve and maintain operational resilience. We focus on the services we provide to clients and the wider market that, if disrupted, could cause intolerable harm to consumers or the markets we operate in, ensuring our resilience efforts are prioritised where they matter most. Each Important Business Service is identified through a structured assessment that considers client outcomes, regulatory obligations, and the potential impacts of disruption.
The underlying people, technology, data (information), facilities and third parties which support the delivery of Important Business Services are identified, documented and reviewed on an annual basis or when a material change occurs to our business. The resilience of these dependencies is assessed for assurance or to understand the impact of their failure to prioritise actions to strengthen resilience across the end-to-end service delivery.
As our business evolves, we embed resilience into the design of new service offerings from the outset. This enables us to assess potential client impact early, identify critical dependencies, and ensure that services which may become important are built with appropriate resilience, recovery, and governance arrangements in place.
Impact Tolerances
Impact tolerances define the maximum level of disruption we are willing to tolerate for each Important Business Service before it would cause intolerable harm to our clients, the markets we operate in, or the firm itself. They provide a clear threshold against which our operational resilience can be measured and tested. All important business services have defined impact tolerances, which are reviewed on an ongoing basis.
Scenario Testing
Scenario testing is a key part of how we assess and strengthen our operational resilience. It allows us to evaluate whether we can continue to deliver our Important Business Services within impact tolerances during severe but plausible disruption events.
We design scenarios that reflect realistic operational risks, including technology failures, third‑party disruption, cyber incidents, and loss of key facilities or resources. Scenario testing provides practical insight into how disruption would unfold in real time, enabling us to identify vulnerabilities, test the effectiveness of our response and recovery arrangements, and assess decision‑making under stress. Through regular testing and review, we ensure our approach remains robust, proportionate, and focused on protecting clients and market integrity.
Business Continuity
Business continuity underpins our ability to respond effectively to disruption and continue delivering services during incidents. It focuses on ensuring that our people, processes, systems, and facilities are supported by practical, tested arrangements that enable timely response and recovery.
Our business continuity framework sets out clear roles, responsibilities, and escalation procedures, supported by strategic and operational continuity plans tailored to our requirements. These plans consider a range of disruption scenarios, including loss of staff, premises, technology, or third‑party services, and are designed to support day‑to‑day incident management as well as more severe events.
Digital Operational Resilience Act (DORA)
The Digital Operational Resilience Act (DORA) is an EU regulation that establishes requirements for financial firms to manage technology risk and maintain the continuity of critical services. It applies to firms operating in the EU and supervised by the relevant national competent authority in each Member State, in accordance with guidance published by the European Banking Authority (“EBA”) and European Securities and Markets Authority (“ESMA”). As such, DORA is not directly applicable to Sucden Financial Limited (but is applicable to Sucden Financial Hamburg).
The Terms of Business between Sucden Financial Limited and its clients are designed to reflect the regulated services provided by the firm in accordance with applicable financial services regulations. These services include the execution of financial instruments on a principal‑to‑principal basis. As such, they do not constitute third‑party arrangements where Sucden Financial Limited performs activities, processes, or services on behalf of clients that would otherwise be conducted internally. Additionally, these services do not constitute Information and Communication Technology (“ICT”) services as defined under DORA.
Relevant financial services regulations and guidance are clear on the requirements for regulated financial services providers (such as Sucden Financial Limited) when facing other counterparties or clients in a trading capacity (i.e. under MIFID and EMIR) and we do not consider these constitute the provision of ICT services under DORA (in accordance with the EU Commission Q&A: DORA030 - 2999 - European Insurance and Occupational Pensions Authority) or any other form of outsourcing (where it is contractually agreed for Sucden Financial, as a third party, to conduct activities that would otherwise be carried out internally at our clients).
Contacting us about operational resilience
If you would like further insight into how we manage resilience across the firm, your primary point of contact will be happy to assist.
Our operational resilience approach is subject to ongoing review. This page may be refreshed from time to time, without notice.