Purpose of the Self-Assessment
The purpose of the Self-Assessment is to articulate the firm’s resilience journey and how they have achieved compliance with the requirements.
It needs to show the work carried out over time to demonstrate operational resilience compliance, including the methodologies used, as well as the plans to remediate any vulnerabilities and findings.
Firms’ operational resilience frameworks are expected to grow in maturity and sophistication over time. The priority for the first Self-Assessment would be to show the firm’s steps and workings, rather than aim to provide all the answers.
The Board is accountable for, and should approve, the Self-Assessment document.
This approval should demonstrate that prioritised investment decisions are being made in respect of services which cannot be delivered within impact tolerance. The Self-Assessment is a key element for providing assurance to the Board on the firm’s resilience framework. It also allows the Senior Manager with designated responsibility for Operational Resilience to evidence the discharge of his/her responsibilities.
Self-assessment documents do not need to be submitted to regulators periodically. They only need to be provided on request or made available for inspection. Firms will first need to have fully operationalised the operational resilience requirements.
Have you read our responses behind other key questions-in the series? You can view them by clicking on the links to the pages below:
- Regulatory requirements for Self-Assessment documents
- Points for Attention and Key Considerations
- Format and Contents of the Self-Assessment