Regulatory compliance for UK-based mortgage firm | Resources
Xcina Case Study

Regulatory compliance for UK-based mortgage firm

Helping to redefine the future of mortgage lending.

The situation presented, challenges and opportunities

Perenna are in the process of applying for a UK banking licence.

Firms that want to become banks in the UK must be authorised by the PRA and FCA.

To achieve this a firm needs to be well governed with solid foundations and be operationally resilient and ready to carry out the regulated activities applied for at the time of their authorisation. This entails having reliable and scalable processes across all relevant areas including technology, information security and third-party management delivering resilience.

In the first quarter of 2021, the regulators also issued their policy statements on Operational Resilience. These require banks and other relevant institutions to prevent disruption to systems occurring to the extent practicable; adapt systems and processes to continue to provide services and functions in the event of an incident; return to normal running promptly when a disruption is over; and to learn and evolve from both incidents and near misses.

Strategic direction and recommended approach

To build a robust policy framework, processes and systems to meet business and regulatory requirements and tight deadlines across a number of areas.

Xcina Consulting conducted multiple workstreams for this new applicant to the UK banking sector assisting them in meeting their regulatory as well as business requirements, as part of the process of building a resilient organisation and robust processes and systems which can be trusted. Perenna wanted to set high internal standards to ensure they will be resilient when they attain their licence and start interacting with customers.

How we arrived at the solution

Xcina Consulting designed, planned and executed a programme of work to support Perenna in meeting the regulators’ latest operational resilience requirements as well as establish an effective Business Continuity Management System aligned to the ISO22301 international standard.

The principal workstreams covered:

  1. Establishing the firm’s Information Security Management System (aligned to the ISO27001 standard).
  2. Setting up its IT Service Management System aligned to the ITIL and ISO20000 standards.
  3. Delivering its Outsourcing and Third-Party Management framework in line with PRA, European Banking Association (EBA) and business requirements.
  4. Conducting a full Business Impact Analysis across all business functions with the teams at Perenna.
  5. Documenting the Business Continuity Policy and Strategy.
  6. Documenting relevant Business Continuity Plans.
  7. Identifying and mapping the Important Business Services to be managed within their established impact tolerances.
  8. Carrying out Due Diligence on critical third-party providers.

Xcina acted as an extension of the Perenna team and supported them with documenting their strategy for the above.

The value created and benefits to the business in terms of improvements rolled out and the impact of them (business growth and position in the sector)

All of the above workstreams were completed within the agreed timescales as well as within budget and fully met and exceeded Perenna’s expectations. The work with Perenna was very collaborative, prompting interesting debates about how best to meet and exceed regulatory expectations. There was clearly an interest from Colin and the team in finding the best solutions rather than just leaving it to Xcina – it was and remains a very close working relationship. We felt part of the team, immersed in the business and not like an outsider.

Some of the work we undertook centred around new and evolving regulations, and one of the advantages of a new firm is that they can start with those standards, there was no adaptation or remediation work to get to the new standards, so the process was very efficient. The work that Perenna has done will put it in a strong position with its peers.


Xcina Case Study

Industry and sector:

The UK mortgage sector

Solutions and service area:

Xcina’s objective:

To deliver specific areas of Perenna’s governance framework, in line with industry best practice standards, meeting expectations set by the regulators, designed to maintain customer trust.

Read the full interview >>

The team at Perenna have found working alongside the Xcina team to be very rewarding, efficient and also fun. They really share our culture that puts people at the centre of what we do, be that staff or customers.

Colin Bell. COO & Co-Founder at Perenna

Discover how we have supported businesses like yours >>

We’d love to hear from you

We have a strong track record in providing risk advisory services with a focus on governance, regulatory compliance, conduct and culture, data protection, and third-party assurance. We help organisations successfully address governance, risk management and compliance challenges.

To discuss how the areas highlighted in this case study, or any other aspect of risk management, information governance or compliance impact your business, speak with our team, tell us what matters to you and find out how we can help you navigate complex issues to help you deliver long term value.

If you have any questions or comments, or if there’s anything you would like to see covered, please get in touch by emailing Xcina Consulting at We’d love to hear from you.

Lindsey Domingo

Senior Director

Speak to me directly by Email, or
Telephone: +44 (0)203 745 7826

Lindsey Domingo

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>