An Overview of the CMORG Conference on 18 September 2025

On the 18th September, the Cross Market Operational Resilience Group (CMORG) hosted its third conference bringing together senior leaders, regulators, government representatives and industry practitioners committed to enhancing the operational resilience of the UK’s financial sector.  

This year’s event focused on the evolving landscape of operational resilience, with an emphasis on senior management perspectives, regulatory priorities, and systemic risks. 

2025 CMORG Conference

Keynote speech

• Liz Oakes, External Member of the Financial Policy Committee, delivered the keynote, titled ‘A systemic risk perspective on operational resilience’. She emphasised the importance of understanding system-wide dynamics and the role of collective action in safeguarding financial stability. The full speech can be found here.

Executive Insights: The Senior Management View

• A panel of senior executives from CMORG member firms shared how operational resilience is being embedded at the highest levels of their organisations. The discussions focused on board engagement, governance, and lessons learned from recent disruption scenarios.
• Key challenges highlighted third-party dependency identification as an area of focus, and misinformation, specifically on social media as an emerging threat that is increasingly concerning C-suite leaders.
• The Senior Managers spotlighted rigorous prioritisation to drive meaningful resilience outcomes, with next steps centred on enhancing third party dependency management and advancing the maturity of resilience testing.

Regulatory Priorities: Authorities Presentation

• Representatives from the Bank of England and industry experts outlined emerging regulatory priorities, supervisory findings, and guidance for firms preparing for the next phase of policy development.
• The panel discussed the importance of strong self-assessments to help firms define realistic impact tolerances and important business services. These assessments were recognised as a valuable opportunity for firms to highlight their resilience journey, the capabilities they have developed and the maturity they continue to build.
• Discussion emphasised strengthening response capabilities, encouraging firms to engage actively and transparently in the Sector Response Framework to ensure effective incident management and deliver positive outcomes for the industry.

Government Perspective: Identifying Systemic Risks

• Government representatives provided a strategic overview of cross-sector risks to national infrastructure, discussing areas firms should be prioritising as they advance their operational resilience journeys.
• Key risks identified by the government included emerging technologies, particularly the role of AI and post-quantum cryptography, alongside cross-sector dependencies and the growing threat of ransomware. 

Interactive Crisis Simulation

• Participants engaged in a hands-on, scenario-based exercise simulating an advanced ransomware attack on a third party. The session tested coordination, communication, and decision-making across the sector, offering valuable insights into crisis response capabilities.
• The exercise served as a collaborative forum for industry participants to share their decision-making process with peers and explore the sector’s crisis response capabilities.

Upcoming events

Sector Response Framework Symposium on 13 November

• The inaugural Sector Response Framework (SRF) Symposium will bring together the SRF Response Groups, Financial Market Infrastructure firms, and industry practitioners.  The event will reflect on recent incidents and technical exercises, explore the future evolution of the SRF, and foster stronger relationships across the sector. 

For a comprehensive guide to CMORG’s purpose, governance, key artefacts and capabilities, please follow this link to the CMORG Handbook. 

CMORG-endorsed capabilities (including good practice guidance, response frameworks and contingency tools) have been developed collectively by industry to support the operational resilience of the UK financial sector. The financial authorities support the development of these capabilities and collective efforts to improve sector resilience. However, their use is voluntary, and they do not constitute regulatory rules or supervisory expectations; as such, they may not necessarily represent formal endorsement by the authorities.