UK: How To Boost Resilience Harnessing The U.K. Government Resilience Framework

The U.K. Government Resilience Framework, first published in 2022 and updated more recently, set out the U.K. government's plan to strengthen the systems, structures and capabilities that underpin national resilience. In this Q&A we provide the need-to-know facts and actionable next steps to strengthen your organisational resilience in light of the framework.

Q: What is the U.K. Government Resilience Framework and why is it important for businesses?
Q: Are businesses legally required to implement the provisions of the U.K. Government Resilience Framework?
Q: What are the core principles of the U.K. Government Resilience Framework?
Q: What are the key takeaways for businesses from the U.K. Government Resilience Framework?
Q: Will there be changes to existing regulatory regimes for businesses?

Q: What is the U.K. Government Resilience Framework and why is it important for businesses?

A: The U.K. Government Resilience Framework is a plan created by the U.K. government to strengthen the country's ability to prepare for and mitigate various risks and threats. It matters to businesses because it provides specific guidance on strengthening resilience, perspectives that may prove crucial in today's complex and unpredictable operating environment.

Q: Are businesses legally required to implement the provisions of the U.K. Government Resilience Framework?

A: The U.K. Government Resilience Framework does not currently impose legal requirements on businesses. However, implementing the framework's principles and recommendations can significantly enhance your ability to manage risks and respond to emergencies effectively. It may be in the best interest of your business to voluntarily adopt these practices to strengthen your resilience.

Q: What are the core principles and themes of the U.K. Government Resilience Framework?

A: The framework is built on three core principles: acquiring a shared understanding of the risks, focusing on prevention and preparation and adopting a whole-of-society approach to resilience.

The framework differs from previous approaches by committing to concrete and quantifiable measures to broaden and strengthen the national system of resilience. It focuses on six themes: risk, responsibility, partnership, community, skills investment and accountability.

Q: What are the key takeaways for businesses from the U.K. Government Resilience Framework?

A: The framework provides guidance on risk assessment, risk ownership and using data to embed risk in decision-making. It emphasises the importance of clear ownership of risks, access to the right information during emergencies and documenting crisis management processes. It also encourages businesses to continuously improve your ability to anticipate, prevent, prepare, respond and recover from emergencies.

We suggest there are five key takeaways you could incorporate into your risk management and resilience frameworks:

• The importance of risk ownership

The framework states: "Effective and clear ownership of risk is not only important in a crisis, but also in planning for and recovering from it." The guidance strongly emphasises the importance of risk ownership at every stage of a crisis response to ensure accountability and responsibility for risks. Robust risk ownership at every stage ensures no risks are left unaddressed.

• The value of information flow

The framework states: "It is important that decision-makers and experts have access to the right information at the right time during an emergency."

An emergency can be a chaotic environment, with information from various sources that may be incomplete or even false. A key trait of an effective crisis management team is the ability to filter out the 'noise' and gather as clear a picture as possible of the incident in question by keeping in control of and plugged into information flow. In practice, this could include clear channels of communication with other response teams in your organisation, and a concerted effort to 'horizon scan' – monitor the external environment to stay informed of the latest developments.

• Document your processes

The framework states: "There are excellent examples of partners throughout the system working together openly and seamlessly during an emergency, but too often we have found this is dependent on individuals or informally agreed ways of working."

This is a common issue for many organisations, particularly those that have experienced rapid organic growth. When you develop new ways of working quickly, you can risk leaving the documented processes behind. It's vital your crisis management structure and procedures are properly recorded and don't exist purely in the heads of a few staff members.

• Focus on the foundations of crisis management

While it's important you consider the impact of discreet events and the specific actions to take when they occur, it's impossible to anticipate every variant of every crisis that could impact your organisation. Trying to document action plans for each of them would be unfeasible. Establishing and maintaining a well-trained crisis management team in place that follows the same process for dealing with any event – focusing on the impact of the incident, rather than the cause – should be your priority.

• Don't rest on your laurels

The framework states: "...there is no room for complacency...we need to continue to strengthen our ability to anticipate, prevent, prepare, respond and recover from emergencies." Establishing you have a successful crisis response to an emergency doesn't mean you should sit back believing the 'job is done'. You need to ensure you identify and incorporate the positive lessons from your response, and any areas for improvement into your processes.

Increasing resilience in these ways make sense for any organisation, regardless of whether you are bound by regulation to implement formal provisions.

Q: Will there be changes to existing regulatory regimes for businesses?

A: An increase in resilience measures is also likely to lead to a review of existing regulatory regimes for businesses. In sectors where some regulation already exists, the latest policy paper states the government will ensure organisations "are subject to an appropriate and proportionate level of regulation on resilience." This could mean raising baseline requirements or expanding the scope of which organisations are covered by regulation within sectors.

For sectors not already regulated, the framework document describes how the government "will consider enforcing standards through regulation...any new regulation will strike a balance between the needs of the sector, consumer impacts, and the national need to guard against risk, and we will only regulate where we know that the benefits will outweigh any costs."

We look forward to further announcements on the way forward on any further regulation.

To discover a smarter way to increase your resilience, get in touch with our risk management specialists.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.