In the first of our two-part webinar series hosted by the Managing General Agents’ Association (MGAA), Pervin Sivanathan, Group Head of Audit & Advisory Services; Mike Dalzell, Group Head of Governance, Risk & Compliance and Company Secretary; and Kristy Lovegrove, Chief Technology Officer, unpacked one of the most pressing issues facing MGAs today: how to build, evidence, and continuously strengthen operational resilience in an increasingly complex third-party ecosystem.
With regulatory scrutiny intensifying and frameworks like the UK FCA’s rules and the EU’s Digital Operational Resilience Act (DORA) sharpening expectations, MGAs are under growing pressure to demonstrate that critical business services can withstand disruption, even when delivered by outsourced partners.
1. Operational resilience is now a board-level mandate
The panel agreed that the shift from “business continuity planning” to true operational resilience is well underway. Regulators now expect firms to map important business services, set impact tolerances, and continuously test resilience.
As Pervin Sivanathan noted: “The FCA has made it clear that operational resilience isn’t a checkbox exercise, MGAs must evidence that core services remain resilient, even when those services are outsourced.”
2. Third-party vendor oversight remains a major weak spot
Fragmented due diligence, periodic audits, and inconsistent data were highlighted as common challenges. Reliance on claims handlers, IT providers, and outsourced operational partners introduces hidden dependencies that MGAs often struggle to evidence.
Mike Dalzell emphasised the scale of change: “Outsourcing has grown rapidly, and regulators now expect firms to take full responsibility for managing the risks across third-party relationships, throughout the entire lifecycle.”
Mapping vendor dependencies, testing against impact tolerances, and ensuring suppliers meet resilience expectations are now critical components of good governance.
3. Technology and data visibility are essential enablers
Digital transformation is becoming central to resilience planning. From real-time monitoring and dependency mapping to data-driven risk assessment and automation, MGAs are increasingly looking to tech to support continuous oversight.
Kristy Lovegrove highlighted the shift: “Digital transformation isn’t just about systems, it’s about visibility. When you understand your dependencies, your data, and your risk points, resilience becomes proactive rather than reactive.”
4. Culture and collaboration underpin everything
A consistent theme across the discussion was the need for compliance, audit, and technology teams to break down silos. Embedding resilience into everyday processes, governance frameworks, and decision-making is essential for firms wanting to move beyond minimum regulatory compliance.
5. What the live poll results revealed
The panel presented two poll questions live to the audience during the Webinar and the results were quite compelling. The first audience poll question: “Do you see operational resilience as a technical or regulatory control?” highlighted an overwhelming consensus: 96% of respondents view operational resilience as a dual responsibility, combining both regulatory and technical dimensions.
Only 4% saw it primarily as a technical requirement. This aligns strongly with the panel’s message that resilience cannot sit solely within compliance or IT. Instead, it must be jointly owned across the business, with clear governance, robust technical foundations, and board-level accountability. The result underscored the industry’s recognition that regulatory expectations and technological capability are now inseparable.
The second poll: “Do you test your outsource providers for operational resilience?”- showed a more mixed picture. Just 17% reported proactive, regular testing, while 43% said it is a work in progress, and 39% admitted they do not currently test providers but recognise the need.
These findings reflect the maturity challenge facing MGAs today: while firms understand the regulatory and operational importance of vendor oversight, many are still developing the tools, processes, and data needed to do it effectively. The panel noted that this gap is precisely where digital transformation, continuous monitoring, and clearer governance frameworks can offer immediate impact.
This was a hugely useful session for the market, offering an honest exploration of the challenges and gaps that MGAs continue to face in building true operational resilience. Part two moves the conversation forward, providing a practical, solutions-focused deep dive into the tools, processes, and approaches that can help firms strengthen their resilience frameworks.
Many thanks to the MGAA for hosting this informative session, and to everyone who joined us live, and took part in the polls.
Watch Part 1: Operational Resilience & Third-Party Vendor Risk 101: What Are the Challenges?
Coming soon – Part 2: Managing Operational Resilience and Third-Party Vendor Risks 101: What are the Solutions?
Get in touch
To speak to the Pro Global team please feel free to reach out to us at:
Lysander PR
To contact our PR team directly please use the link below
View Previous 