Skip to main content

Principle 12: Operational Resilience

Managing agents should maintain robust and resilient operations, embedding cyber resilience and effective third-party risk management.

To support this, managing agents should:

Operate a robust operational resilience framework

Maintain oversight of operational resilience through appropriate governance processes and risk and control environments

Maintain appropriate cyber resilience

Market Operational Resilience Framework

The Market Operational Resilience Framework is intended to provide guidance to managing agents and other market participants on how to respond to outages and incidents that require collaboration as well as high level of summaries of centrally coordinated activities.

Urgent Settlement Guidance

In the event of disruption to DXC or Lloyd’s STFO the following guidance should be referred to when coordinating settlement processes.

Impact Tolerance Breach Reporting

Managing Agents are required to report any breach of impact tolerances to Lloyd’s formally through this Impact Tolerance Breach reporting template. Any breaches of impact tolerances across the market are considered as part of Lloyd’s risk appetite, and Lloyd’s will need this information to accurately report to regulators in its performance relative to appetite. The form can be completed by anyone qualified to do so but should be approved by whomever is responsible for Operational Resilience at the Managing Agent reporting the Impact Tolerance Breach. Please send any completed forms to

Operational Resilience Maturity Matrix

The Maturity Matrix for Operational Resilience is available within the Principles and Maturity Matrix document, which can be found on our Principles for doing business at Lloyd’s page.


Discussions around operational resilience will take place with the Operational Resilience team who will discuss elements of third party Coverholders and DCAs. Some other aspects regarding third-party Coverholders and DCA’s could be picked up elsewhere.