On September 16, 2025, the Operational & Organisational Resilience in Financial Services Conference (OPRES 2025) brought together resilience experts from across the UK to London’s One Great George Street.  This annual, industry-led event marked a pivotal moment for financial services operating beyond the March 2025 regulatory deadlines, shifting the emphasis from compliance to capability. With a focus on embedding operational resilience, navigating third-party dependencies, exploring AI-powered response, and reinforcing real-time readiness, OPRES 2025 offered a forward-looking playbook for the transformation of resilience programs.

Below, we explore the core themes that emerged, offering actionable insight for business continuity, risk, and compliance leaders seeking to transform resilience into a strategic business enabler.

  1. Embedding Resilience Beyond Deadlines

Regulators like the FCA and PRA made clear that compliance doesn’t end once frameworks are in place. This is just the beginning. Firms are now expected to demonstrate resilience in action, not on paper.

FCA guidance emphasized continuous review of important business services, impact tolerances, and scenario testing as part of firms’ core operating models, not stand-alone exercises (AllEvents, Sidley Austin, FCA). OPRES sessions reinforced this mandate, spotlighting organisations that had broken continuity out of silos, weaving it into client journeys, third-party oversight, and board-level reporting.

Takeaway for Leaders:
Evolve resilience programs from “once-a-year drills” to programmatic workflows that drive visibility across business functions, test in real operational contexts, and link directly to impact and recovery metrics.

  1. Third-Party Resilience Takes Center Stage

Disconnected continuity plans are no longer sufficient in a world where service disruptions often originate with third parties. OPRES 2025 strongly emphasized that vendor risk is a strategic priority.

Speakers highlighted frameworks for vetting core suppliers, developing impact-aligned contracts, mapping interdependencies, and building contingency plans, even for suppliers outside your direct control. These discussions echo broader financial sector expectations on third-party risk management embedded within the UK’s operational resilience toolkit (Bank of England, FCA).

Takeaway for Leaders:
Prioritize end-to-end mapping of your supplier ecosystem. Incorporate resilience criteria into procurement and service-level agreements. Simulate supplier failure scenarios to test your organization’s ability to sustain critical services under stress.

  1. The Rise of AI and Automation in Resilience

While regulation pushes for capability, innovation is enabling resilience to scale. AI and automation emerged as recurring topics at OPRES 2025, not as futuristic buzzwords, but as tangible accelerators for incident response, testing, and real-time insight delivery.

Several presenters shared how AI-enabled platforms are streamlining control testing, generating scenario insights, and offering dynamic dashboards for regulators and the board. These capabilities align with industry-wide discussions on operational resilience ROI, where automation enhances both speed and auditability (AllEvents).

Takeaway for Leaders:
Identify repeatable, high-value tasks within your resilience workflow that could benefit from automation, such as alerting, test coordination, and audit trail generation. Adopt AI-supported tools that maintain transparency and governance.

  1. Coordinated Scenario Testing Is Non-Negotiable

Multi-layered and interconnected scenario testing is essential; they are no longer just nice-to-have OPRES sessions made it clear that tabletop exercises must simulate real cross-functional failures and not just IT outages. Structural vulnerabilities often live in the overlaps between business services, technology, and partners.

Firms were encouraged to build scenarios that trigger alert mechanisms, test third-party dependencies, exercise escalation protocols, and stress-test communication chains all in a live environment.

Takeaway for Leaders:
Design scenario-based tests that stress your entire operational architecture. Make tests routine by integrating learnings into continuous improvement, governance reviews, and executive dashboards.

  1. Board and Executive Alignment Remains Critical

Regulators expect boards to own operational resilience, not delegate it. Speakers assigned heavy weight to governance, stating that the tone at the top has a direct impact on resilience maturity.

Executive alignment was positioned less as oversight and more as active sponsorship. Successful firms presented resilience not as a risk-fix, but as a business continuity enabler, demonstrating how resilience preserves customer trust, protects revenue, and safeguards reputation.

Takeaway for Leaders:
Craft executive dashboards that pair resilience metrics with business impact outcomes such as downtime avoidance, customer retention, or regulatory audit readiness. Change the narrative: resilience is a performance multiplier, not a cost center.

  1. Horizon Scanning and Emerging Risks Shape Learning

When the world shifts fast, resilience is best built ahead of the curve. OPRES 2025 encouraged firms to continuously scan for emerging threats (such as AI misuse, cyber trends, geopolitical disruption, or tech vulnerabilities) and rapidly integrate them into resilience programs.

Beyond static assessments, speakers showed how adaptive learning, red-teaming, and cross-industry collaboration can keep firms prepared for “unknown unknowns” within their resilience architecture.

Takeaway for Leaders:
Establish regular threat horizon scanning coordinated with risk, IT, compliance, and strategy teams. Refresh test scenarios accordingly and ensure lessons permeate across governance workflows.

  1. Resilience As a Competitive, Not Regulatory, Advantage

Finally, one of the most powerful themes from OPRES 2025 was re-framing resilience as a strategic differentiator. In a shifting operating environment, firms that build seamless, intelligent, and future-scaled resilience will win customer trust and stake leadership positions.

Speakers revealed how organisations are layering resilience into digital product design, customer experience workflows, and service delivery, making continuity a foundational capability, not an afterthought.

Takeaway for Leaders:
Move resilience from the ‘risk department’ into business strategy. Show how integrated resilience can elevate performance, from frictionless customer journeys to uninterrupted digital banking services, positioning it as a product-level differentiator.

OPRES 2025 wasn’t just another regulatory checkpoint. It was a turning point. As financial services emerge from March 2025 compliance deadlines, resilience stands at a crossroads. The most forward-looking firms are choosing transformation over box-ticking and integrating resilience into their architecture, strategy, culture, and operations.

If your organisation is ready to evolve from compliance to confidence, CLDigital is here to help.

Let’s Continue the Conversation

Explore how CLDigital 360 helps you embed resilience across processes, third-party risk, and real-time response—powered by no-code agility and AI-driven insight.

Book a Post-Event Demo.

By Ian WilsonSenior Vice President of GRC Business Development EMEA at CLDigital