The Challenge
A global Marine Insurer faced increasing regulatory scrutiny, intensified by UK regulatory expectations and post-DORA requirements mandating demonstrable ICT resilience.
The organisation lacked a scalable, integrated Enterprise Resilience (ER) capability to centrally govern cyber resilience, crisis management, third-party risk, and regulatory mapping of critical services and assets. Without measurable evidence of resilience and clearly defined governance, the firm was exposed to both operational disruption and regulatory censure.
Our Approach
Partnering with the Head of Enterprise Resilience and sponsored by the Group COO (SMF24), we designed and operationalised a proportionate, integrated First Line of Defence (1LoD) ER capability.
Key elements included:
All work was delivered proportionately to the organisation’s size and risk profile, leveraging existing artefacts where possible to ensure practicality and sustainability.
The Outcome
The client now operates with a scalable, integrated Enterprise Resilience capability that supports business continuity, regulatory confidence, and sustainable application of resiliency practices across jurisdictions.
A collaborative and valuable engagement. Stratiformis helped break down a complex regulatory subject matter into clear, actionable plans and business outcomes, and supported the end-to-end shaping and implementation of the program over 18 months. Having a trusted advisor and SME alongside our team meant a more efficient and focused delivery overall.
Stratiformis engaged in a focussed and accelerated manner to develop a comprehensive operating model capability breakdown, along with identification of the firm’s critical business processes Given the breadth of stakeholders and the inherent complexity of the processes, this work required both rigor and strong business insight — all of which Stratiformis delivered with diligence and professionalism.