Menu Close

Regulatory requirements for Self-Assessment documents


The FCA and the PRA are clear on what they expect firms to cover in their Self- Assessment document, as set out in SYSC 15A.6.1.R and SS1/21.  This includes the following:

Important business services

Identified by the firm and the justification for the determination made.

Impact tolerances

Impact tolerances set for each important business service and the justification for the level at which they have been set

MAPPING

The firm’s approach to mapping and how this has been used to:

  • Identify the people, processes, technology, facilities and information necessary to deliver each of its important business services;
  • Identify vulnerabilities; and
  • Support scenario testing.

TESTING STRATEGY

The testing strategy and plan, and the justification for the approach adopted

Scenario testing

Scenario testing carried out including a description and justification of the assumptions made in relation to scenario design and any identified risks to the firm’s ability to meet its impact tolerances

lessons learnt

Any lessons learnt exercise conducted

Vulnerabilities

Vulnerabilities identified including remediation actions taken or planned and justifications for their completion time

communicatioNS

The firm’s communication strategy and how it will help reduce the anticipated harm caused by operational disruptions

methodologies

The methodologies used to undertake the above activities.

Have you read our responses behind other key questions in the series?  You can view them by clicking on the links to the pages below: