Skip to main content

Principle 12: Operational Resilience

Managing agents should maintain robust and resilient operations, embedding cyber resilience and effective third-party risk management.

To support this, managing agents should:

Prioritise resilience of the most important services; embedding appropriate governance for operational resilience into their businesses and prioritising recovery of important business services within identified and tested impact tolerances

Invest in their operational resilience, including their control environments, so that the risk of a future event causing harm to customers or threatening the business’ viability is mitigated

Embed cyber resilience into operations; protecting their information systems, processes, people and data from external or internal compromise to prevent harm to customers, loss of data, contagion and/or reputational damage to the wider Lloyd’s market

Market Operational Resilience Framework

The Market Operational Resilience Framework is intended to provide guidance to managing agents and other market participants on how to respond to outages and incidents that require collaboration as well as high level of summaries of centrally coordinated activities.

Urgent Settlement Guidance

In the event of disruption to DXC or Lloyd’s STFO the following guidance should be referred to when coordinating settlement processes.

Impact Tolerance Breach Reporting

Managing Agents are required to report any breach of impact tolerances to Lloyd’s formally through this Impact Tolerance Breach reporting template. Any breaches of impact tolerances across the market are considered as part of Lloyd’s risk appetite, and Lloyd’s will need this information to accurately report to regulators in its performance relative to appetite. The form can be completed by anyone qualified to do so but should be approved by whomever is responsible for Operational Resilience at the Managing Agent reporting the Impact Tolerance Breach. Please send any completed forms to

Operational Resilience Maturity Matrix

The Maturity Matrix for Operational Resilience is available within the Principles and Maturity Matrix document, which can be found on our Principles for doing business at Lloyd’s page.


Discussions around operational resilience will take place with the Operational Resilience team who will discuss elements of third party Coverholders and DCAs. Some other aspects regarding third-party Coverholders and DCA’s could be picked up elsewhere.