What are the 5 Anna report formats and when would I use each?
Full SUP 12 (14 sections) — the comprehensive plan, for the regulator and the SMF24 sign-off. FCA Dry-Run (1 section, 12 questions) — a mock supervisory interview where Anna answers each set FCA question in your firm's voice from your data and RAG-rates each one; rehearse this before any FCA visit. Board Quarterly Pack (5 sections) — concise, decision-oriented governance pack; tone is “what does the Board need to know and approve?”. Executive Summary (3 sections) — 1–2 pages for the CEO / Exec Committee, plain English, lead with the bottom line. SUP 12 Snapshot (4 sections) — rule-by-rule compliance gap analysis for the Compliance Officer or any FCA Skilled Person. All five draw from the same data set; you pick the format with a radio card and hit Generate.
If I switch report formats do I lose the previous draft?
No. Each format keeps its own per-section content cache (`_bcpReportContent[format][index]`). The Board Quarterly you generated in March is preserved when you switch to Full SUP 12 in April; switching back to Board Quarterly restores it exactly as it was. Per-section regeneration only refreshes the section you click; manual inline edits are preserved on save.
How does the 84-point Resilience Health score work?
Points-based, not weighted. 17 working-capture sections × 2 pts each = 34 section points. 25 FCA SUP 12 checklist items × 2 pts each = 50 checklist points. 34 + 50 = 84 max. Section points are auto-calculated where possible (% within appetite, % SPOF-free, % stress tests passed, % CMT with deputies), so a firm cannot mark itself 100% without the register data backing it up. Click the donut for a full breakdown modal: per-section points, auto vs self-assessment source labels, and a full 17-row 0/1/2-point criteria table. The Dashboard also shows a 12-month sparkline so the trend is visible at a glance.
Can we edit Anna's draft before it goes to the board?
Yes. Every section across every format is editable inline, and Anna can regenerate any individual section if your underlying data changes. Each section has its own “Generate with Anna AI” and “Edit Manually” buttons plus a free-text “Add additional notes or edits…” textarea. Export the active report as a branded formatted PDF (navy cover, auto-TOC) for the regulator, or as a Word (.doc) file that opens with track-changes for internal edits, or as a Full Pack ZIP that bundles all 12 register CSVs alongside.
How does the Live Incident Mode work?
It's the 7th tab. When something goes wrong you click Declare Incident, capture severity (P1–P4), type, topics (from a 7-item palette plus user-defined “Other - Subject”), assignee and initial notes. The platform starts the FCA 4-hour notification countdown live (refreshed every 1s), gives you a card with a running incident log to which you append timestamped, user-attributed entries, and a Close Incident button that captures resolution summary, lessons learned and FCA-notified status. On close the platform auto-creates a Stress Test row captioned “Post-Incident: <title>” with the debrief copied across, so SUP 12.6 (“SUP 12 reviewed following real incidents... lessons learned incorporated”) is satisfied without any separate manual step. Closed incidents land in a filterable table with severity, type, topic, year and search filters. Stats strip at the top: Active count, Closed YTD, Avg time-to-close, FCA Notified ratio.
What is the FCA Dry-Run and what does “RAG-rated” mean here?
It's a mock supervisory interview. Anna asks 12 set SUP 12 questions on your firm's behalf and answers each one from your live SUP 12 data. For every answer she returns: a 1–3 sentence response in your firm's voice, a Green / Amber / Red rating reflecting the depth of evidence in your data (Green = comprehensive evidence; Amber = partial / in-progress; Red = absent or materially deficient), and a 1–2 sentence examiner observation telling you what an FCA supervisor would push back on. Read it before the supervisor does. Better to fix the Reds in advance than to be surprised mid-interview.
How does the Tabletop Exercise programme work?
8 base scenarios ship pre-loaded with their own 6-step playbooks, each anchored to a SYSC reference: Cyber Ransomware (15A.3), Premises Fire (15A.4), Key Person Loss (15A.3), Pandemic / Mass Absence (15A.3), Critical Supplier Failure (15A.5), Payment Rail Outage (15A.4), Data Breach (UK GDPR Art.33), Regulatory Enforcement Action (SUP 15). You schedule one against a date and named participants, run through it on the day, click Mark Complete with the lessons learned. The platform auto-creates a Stress Test row on completion captioned “Tabletop: <name>” — same auto-feed pattern as closed incidents. Closes the gap most firms have where tabletops happen but never make it into the stress-test register.
What FCA rules does the module cover?
The full SUP 12 framework: 15A.2 (SUP 12 existence & currency), 15A.3 (RTO/RPO), 15A.4 (recovery strategies & third-party dependencies), 15A.5 (scenario testing), 15A.6 (self-assessment & impact tolerances), 15A.7 (governance, SM&CR accountability, 3-year retention, 24-hour Senior Manager escalation), 15A.8 (FCA notification & client comms). Adjacent obligations: PRIN 2A (Consumer Duty 4-hour tolerance for IBS), SM&CR (named Senior Manager), and Cyber Essentials Plus renewal tracking.
What's in the 25-item FCA SUP 12 Compliance Checklist?
Items a through y. Each is a firm-level SUP 12 control with a plain-English statement and a SYSC anchor. Covers SUP 12 existence and currency, RTO/RPO definition, recovery strategy realism, communication protocols, review cycle, testing cadence, action tracking, scenario breadth (cyber, IT, premises, key-person, market, pandemic, supplier), staff training, training record retention, client and FCA communication plans, channel testing, third-party dependency identification and SLA alignment, review triggers on operational change and real incidents, three-year record retention, 24-hour Senior Manager escalation, Board oversight reporting, and overall SUP 12 alignment. 2 pts (Met), 1 pt (Partial), 0 pts (Not Met). A 50-point total.
How does the Threat Register differ from a normal risk register?
Two ways. First, every threat is benchmarked against a firm-set risk appetite threshold (defaults: Low ≤7 / Medium ≤14 / High ≥15, all editable), so Ransomware at L3 × I5 = 15 against appetite 10 fails automatically, feeds the Dashboard's Threat Risk Summary chart, and affects the scoring model's auto-calculated Threat Register band. Second, the 7 threat categories are prescribed: Cyber, Physical, People, Third Party, Technology, Health, Regulatory, matching the FCA's expected breadth. Most threat registers stop at a risk score; this one demands the appetite comparison.
How does it integrate with the rest of RegTechPRO?
Shared persistence layer. SUP 12 Oversight writes to the same unified data store as Financial Crime and Consumer Duty Hub — one submission per firm per module. Ops data surfaces back into the platform's cross-module views: Consumer Duty's 4-hour IBS benchmark, MI Dashboard's resilience tiles, and Policy Studio's SUP 12-adjacent policies. One platform, one set of compliance data.
How does Single Point of Failure detection work?
The Resource Dependencies register maps four resource classes per IBS (People with minimum head counts, Technology, Facilities, Third Parties) and automatically flags a red ⚠ YES SPOF pill when a resource line has no alternative. It's the concentration-risk assessment an FCA inspector asks about, surfaced without needing a consultant to run the mapping. The accordion badge shows "X% no SPOF" live.
How much does SUP 12 Oversight & SUP 12 cost?
From £500/month. The module ships a 14-section Anna-generated narrative SUP 12. See
regtechpro.co.uk/pricing for the full modular calculator.
Do I need the whole RegTechPRO platform, or can I just have this module?
SUP 12 Oversight is an add-on to a RegTechPRO subscription. It sits inside the platform so it can share data with Consumer Duty (IBS 4-hour tolerance), the MI Dashboard (resilience tiles) and the document library (SUP 12 exports and evidence). The base subscription includes the Core modules you need to make Op Res function end-to-end.
How long does setup take?
Under a day. The module ships pre-seeded with the 25-item SUP 12 checklist, the 20-step Immediate Response Procedure, the 18-item Recovery Box, default risk-appetite thresholds, the 7-category threat taxonomy, a 14-section SUP 12 skeleton and the 6-policy insurance register. You add your IBS list, your CMT with deputies, your third-party suppliers and your IT systems. Then Anna drafts the SUP 12. No migration project, no consultant needed to "design the framework".
I'm a compliance consultant. Can I run this across my client book?
Yes. It's one of the module's strongest use cases. Each client has its own workspace with its own 17-section working capture, its own 84-point score, its own 14-section SUP 12. You run the production line; the client retains SUP 12 accountability (Senior Manager sign-off, Self-Assessment answers, Board review date). Consultants reserved for skilled-person reviews and incident-response retainers; the SUP 12 production itself becomes platform-owned.
How is multi-year history kept defensible?
Three layers. First, on 1 January the platform auto-locks the previous year and writes an audit-trail entry recording the lock event. Second, previous years are read-only by default — an FCA skilled-person opening the 2024 SUP 12 sees exactly what was approved by the Board at the time. Third, if you legitimately need to amend a prior year (e.g. a QA finding), you click Unlock; this opens a modal capturing your email (auto-detected) and a required free-text reason, both written to the audit trail. A clock-icon button next to the year selector opens the Unlock History popup so the full date / user / reason history for any year is one click away. Defensible posture for any FCA review.
What's the Field Guidance / tooltip system?
A small (i) icon next to every form-field label across 32 fields (Governance, Financial Impact, IT DR, Communications, Facilities, Recovery Box). Hover for an unpinned preview; click for a pinned popover. Each tooltip shows a regulatory citation pill (e.g. SUP 12.7 / SMCR), a plain-English description, an option-by-option guide for dropdowns, and a worked example. Removes the “what does this field actually want?” guesswork that plagues most operational-resilience templates and makes onboarding a new SUP 12 Coordinator dramatically faster. Same component used in our Data Protection and Financial Crime modules.
Does Anna ever attest on my behalf?
No. Anna synthesises; she never attests. The design principle is deliberate and matches the other RegTechPRO modules: human attestation at the input (your IBS tolerances, threat register, 6 SUP 12.6 Self-Assessment answers, Board Sponsor sign-off date), AI efficiency in the middle (her 14-section narrative SUP 12), human sign-off at the output. This is the supervisory-grade division of labour the FCA would want to see and matches SUP 12.7's clear accountability expectations.
What does Anna actually cite when she writes?
The SUP 12 rule she's addressing. Section 3 of the SUP 12 opens with "in accordance with FCA SUP 12.3, which requires firms to identify and assess scenarios that could disrupt important business services", plus the specific figures from your registers (your dated IBS tolerances, your CMT names, your DR provider, your 4-hour FCA notification threshold). Adjacent citations: PRIN 2A where the Consumer Duty 4-hour IBS tolerance applies, SM&CR for named Senior Manager accountability, and any specific policy statement where the firm has taken a position.
How reproducible is a prior-year SUP 12?
Fully reproducible. The Year selector lets you view any historical SUP 12 as it was signed off; previous years are read-only by default and any edit requires the audit-trailed unlock flow. Each section is stored per-year per-format after Anna generates it, so a 2026 Board Quarterly opened in 2028 still reads exactly as approved at the time. The underlying register data is preserved alongside, so an FCA skilled-person review can trace every claim back to the register row that supports it.
What audit trail do inspectors see?
Every section status is timestamped. Every IBS impact tolerance carries a date-set. Every stress test logs a date tested, result and actions/comments. Every CMT role is tied to a named deputy; the section will not mark complete without one. The 20-step Immediate Response runbook auto-saves on each checkbox tick. The 18-item Recovery Box has a per-item attestation log with timestamp, user and RAG cadence (Green <90 days, Amber 90–120, Red >120 / never). Every closed incident records declaredBy, closedBy, full event log and FCA-notified flag. Every year-lock and unlock event is in the audit trail with user and reason. Third-party suppliers record SUP 12 Received (Yes/No) + SUP 12 Adequate (Adequate/Pending/Inadequate) + Alternative Supplier. An inspector asking “when did you last test for ransomware?” gets a dated, named-owner, pass/fail answer in one click; “who unlocked 2024 in March?” gets a name, timestamp and reason.
