Regulatory requirements for Self-Assessment documents
The FCA and the PRA are clear on what they expect firms to cover in their Self- Assessment document, as set out in SYSC 15A.6.1.R and SS1/21. This includes the following:
Important business services
Identified by the firm and the justification for the determination made.
Impact tolerances
Impact tolerances set for each important business service and the justification for the level at which they have been set
MAPPING
The firm’s approach to mapping and how this has been used to:
- Identify the people, processes, technology, facilities and information necessary to deliver each of its important business services;
- Identify vulnerabilities; and
- Support scenario testing.
TESTING STRATEGY
The testing strategy and plan, and the justification for the approach adopted
Scenario testing
Scenario testing carried out including a description and justification of the assumptions made in relation to scenario design and any identified risks to the firm’s ability to meet its impact tolerances
lessons learnt
Any lessons learnt exercise conducted
Vulnerabilities
Vulnerabilities identified including remediation actions taken or planned and justifications for their completion time
communicatioNS
The firm’s communication strategy and how it will help reduce the anticipated harm caused by operational disruptions
methodologies
The methodologies used to undertake the above activities.
Have you read our responses behind other key questions in the series? You can view them by clicking on the links to the pages below:
- Purpose of the Self-Assessment
- Points for Attention and Key Considerations
- Format and Contents of the Self-Assessment
