News

CMORG Reflections Blog

CMORG Reflections Blog

Over 2024, the Cross Market Resilience Group (CMORG) has made significant strides in strengthening the operational resilience of the UK financial sector. It has advanced sector-wide resilience through a variety of initiatives and artefacts this year. These contributions have been crucial in reinforcing firm-level resiliency and how the sector can effectively response to systemic disruptions.

Among the key artefacts published by CMORG in 2024 are: 

  • Sector Response Framework (SRF) Summary – This provides an overview of how the sector responds to a systemic incident. The guidance is intended for everyone in the sector, from practitioner to c-suite, and outlines how organisations across the finance sector and Government, including the Authorities, coordinate and make informed decisions when responding to systemic disruption. 
  • Sector Response Framework (SRF) Mapping Template – This template helps firms map their participation in the SRF to support how they internally manage engagement with the sector during a systemic incident.
  • Voluntary Sterling Settlement Postponement (VSSP) Playbook – This sector-level playbook provides a coordinated approach to an industry-agreed sterling settlement postponement in response to several scenarios, ensuring that financial institutions can maintain stability during extreme events. 
  • Collaborative Scenario Testing of Third Parties – This document outlines best practice for testing third-party resilience. 
  • Third Party Critical Vulnerability Response Playbook – The Cyber Coordination Group (CCG) and Financial Sector Cyber Collaboration Centre (FSCCC) worked collectively on this playbook, which offers a coordination approach through information sharing in response to a major third party zero day or critical vulnerability. 

In addition, there are some other notable achievements that have been accomplished throughout the course of the year. 

The Sector Response Framework Group (SRFG) undertook the annual attestation from all the Sector Groups and FMIs. This provides CMORG with a view of the level of preparedness of each SRF group to respond to incidents. Learnings identified through the attestation will support a broader evolution programme for the SRF into 2025.

The group also led an awareness campaign across the sector, engaging with the FCA’s Cyber Coordination Groups (CCGs) and the trade association landscape for the first time.

CMORG established the AI Taskforce, a joint initiative between the Cyber Coordination Group (CCG) and the CIO Forum.  It was established to prepare the sector for the resilience issues posed by the adoption and use of AI by firms and by threat actors. 

CMORG also successfully delivered the Sector Simulation Exercise (SIMEX24). The simulation exercised the UK financial sector’s ability to respond to a major infrastructure failure that would require a full UK service suspension and restart of the UK financial sector. It effectively tested firms’ and the industry’s ability to undertake a coordinated service suspension and restart of the sector.

This year, we were proud to convene in person with the G7 Cyber Experts Group (CEG) for the first time, facilitating an international dialogue between CMORG and the G7 CEG to share perspectives on operational resilience and enhance global collaboration efforts. This focused largely on the challenges and ability to coordinate reconnection during significant cyber events. 

Looking forward, groups such as the Operational Resilience Collaboration Group (ORCG) and Third Party Resilience Group (TPRG) have focused on initiatives looking to be published in the new year. We look forward to seeing artefacts relating to sector-wide threat monitoring, a new Dynamic Scenario Library (DSL), and best practice on exit planning for the stressed exit of a third party.

These milestones, alongside the work published in 2024, reflect CMORG’s commitment to strengthening the resilience of the UK financial sector. We are grateful to all participants who contributed their expertise and enthusiasm to these initiatives, and we look forward to building on this momentum in 2025. 
 
CMORG-endorsed capabilities (including good practice guidance, response frameworks and contingency tools) have been developed collectively by industry to support the operational resilience of the UK financial sector. The financial authorities support the development of these capabilities and collective efforts to improve sector resilience. However, their use is voluntary, and they do not constitute regulatory rules or supervisory expectations; as such, they may not necessarily represent formal endorsement by the authorities.

Over 2024, the Cross Market Resilience Group (CMORG) has made significant strides in strengthening the operational resilience of the UK financial sector.