St Georges Strategy

Signals / Operational resilience

Failure paths, fallback evidence, and customer impact

The exploded resilience page behind the weekly brief. It turns outages and control failures into internal tests of ownership, telemetry, tolerance, and recovery.

Supporting evidence

Ten further resilience signals

The shortlist above carries the leadership read. These ten additional rows link public incidents and official signals to the resilience tests they imply.

  1. 06

    Worldpay outage shows processor failure can become customer harm

    Payments / Guardian / 2026-06-23
  2. 07

    HSBC Australia penalty keeps complaint ageing in the resilience narrative

    Conduct and fraud / Financial Times / 2026-06
  3. 08

    Important business services still need third-party evidence packs

    Official expectations / Bank of England and PRA
  4. 09

    Impact tolerances should be tested against customer-visible journeys

    Official expectations / FCA
  5. 10

    Patch SLAs are compressing as AI changes vulnerability discovery

    Cyber resilience / Wired / 2026
  6. 11

    Agent guardrails need operational recovery and incident communications

    AI security / TechRadar / 2026
  7. 12

    Vendor status pages should not be treated as control evidence

    Telemetry / Tom's Guide / 2026-06-22
  8. 13

    Regional network degradation can create uneven customer impact

    Network / TechRadar / 2026-06
  9. 14

    Manual fallback should be tested against staffing, permissions, and data access

    Official expectations / FCA
  10. 15

    Post-incident lessons should map to accountable control owners

    Official expectations / Bank of England and PRA

Why it made the weekly brief

The editorial judgement

Resilience signals matter when they reveal an internal control test: whether a firm understands its customer-visible failure paths and can evidence recovery under stress.

So what

Availability is not the same as service continuity

A platform can be technically up while customers cannot pay, trade, access, complain, or recover. The test is the journey, not the component.

Who cares

COO, CIO, CISO, payments, complaints, conduct, and resilience teams

Operational resilience belongs across business services, customer outcomes, third parties, cyber, incident response, and governance.

Evidence needed

Dependency maps, tolerance tests, telemetry, and rehearsed fallback

The weekly brief should push readers toward evidence that failure paths have been tested, not simply documented.

Control evidence checklist

What the reader should ask for

Resilience pages should end in practical evidence prompts that can be handed to a service owner or control owner.

Archive and source trail

How this topic should compound over time

Resilience is especially valuable as an archive because incidents repeat in patterns. The archive should preserve the pattern, not only the incident.