Menu Close

Regulatory requirements for Self-Assessment documents

The FCA and the PRA are clear on what they expect firms to cover in their Self- Assessment document, as set out in SYSC 15A.6.1.R and SS1/21.  This includes the following:

Important business services

Identified by the firm and the justification for the determination made.

Impact tolerances

Impact tolerances set for each important business service and the justification for the level at which they have been set


The firm’s approach to mapping and how this has been used to:

  • Identify the people, processes, technology, facilities and information necessary to deliver each of its important business services;
  • Identify vulnerabilities; and
  • Support scenario testing.


The testing strategy and plan, and the justification for the approach adopted

Scenario testing

Scenario testing carried out including a description and justification of the assumptions made in relation to scenario design and any identified risks to the firm’s ability to meet its impact tolerances

lessons learnt

Any lessons learnt exercise conducted


Vulnerabilities identified including remediation actions taken or planned and justifications for their completion time


The firm’s communication strategy and how it will help reduce the anticipated harm caused by operational disruptions


The methodologies used to undertake the above activities.

Have you read our responses behind other key questions in the series?  You can view them by clicking on the links to the pages below: