The FCA doesn't just want you to survive a crisis — it wants evidence you planned for one. Under SYSC 4.1.6R, every FCA-regulated firm must maintain adequate business continuity systems. Under SYSC 15A, the bar is higher still — firms must identify essential business services, set impact tolerances, conduct scenario testing, and demonstrate they can remain within those tolerances during severe but plausible disruptions. The difference between a firm that weathers a crisis and one that doesn't usually isn't luck — it's whether the plan existed before the crisis hit. Disruptions are inevitable. Being unprepared for them is a choice.
What's included:
Full regulatory mapping: SYSC 4.1.6R/8.1.1R/13.8/15A.2.1R/15A.2.2R/15A.2.6R/15A.2.8R, SUP 15.3.1R, PRIN 6/7/11, IFPRU/MIFIDPRU prudential standards, CASS, MAR, and UK GDPR/DPA 2018
Business Impact Analysis framework: critical function identification, Maximum Tolerable Period of Disruption, and RTO/RPO matrix — client transactions (2hr/30min), cybersecurity (1hr/15min), and regulatory reporting (24hr/6hr)
IT Disaster Recovery Plan: five-phase restoration roadmap, real-time data replication, hourly incremental backups, daily full system backups, and cloud georedundancy with AES-256 encryption
Cybersecurity threat response protocols: ransomware, DDoS, phishing, and insider threat — with FCA and ICO notification requirements
Emergency communication framework: crisis hotline, secure messaging, 15-minute employee acknowledgement standard, and 1-hour client notification standard for transaction and data security impacts
Financial resilience framework: capital buffers, 3–6 month liquidity reserves, emergency credit lines, quarterly stress testing, and insurance coverage matrix
Testing schedule: quarterly tabletop exercises, semi-annual live drills, annual IT failover, vendor resilience, and regulatory stress tests
+ much more
Who is this for?
Compliance Officers, Risk Managers, Chief Operating Officers, SMF holders, and Boards at FCA-regulated firms who need a complete, board-approved Business Continuity Plan that satisfies FCA operational resilience expectations and demonstrates the firm is genuinely prepared for disruption.
How it works
Step 1 — Read it. Every section exists for a reason, grounded in a specific regulatory obligation.
Step 2 — Understand it. Map the content against your current practices. Identify where you're strong and where gaps exist.
Step 3 — Make it yours. Tailor the language to reflect how your organisation actually operates. A policy that sounds like your firm is a policy your people will follow.
Step 4 — Take ownership. Assign clear accountability — Board approval, named SMF holder, designated policy owner. A policy without an owner is a liability, not an asset.
Step 5 — Operationalise it. Embed the policy into your governance calendar, training programme, and annual review cycle. This is where compliance becomes culture.
Or, get this free with RegTechPRO
Access this alongside the full compliance policy library — SM&CR, COBS, AML, Consumer Duty, GDPR, and more — for a fraction of the cost of consultancy.
View RegTechPRO pricing and packages →
The FCA doesn't just want you to survive a crisis — it wants evidence you planned for one. Under SYSC 4.1.6R, every FCA-regulated firm must maintain adequate business continuity systems. Under SYSC 15A, the bar is higher still — firms must identify essential business services, set impact tolerances, conduct scenario testing, and demonstrate they can remain within those tolerances during severe but plausible disruptions. The difference between a firm that weathers a crisis and one that doesn't usually isn't luck — it's whether the plan existed before the crisis hit. Disruptions are inevitable. Being unprepared for them is a choice.
What's included:
Full regulatory mapping: SYSC 4.1.6R/8.1.1R/13.8/15A.2.1R/15A.2.2R/15A.2.6R/15A.2.8R, SUP 15.3.1R, PRIN 6/7/11, IFPRU/MIFIDPRU prudential standards, CASS, MAR, and UK GDPR/DPA 2018
Business Impact Analysis framework: critical function identification, Maximum Tolerable Period of Disruption, and RTO/RPO matrix — client transactions (2hr/30min), cybersecurity (1hr/15min), and regulatory reporting (24hr/6hr)
IT Disaster Recovery Plan: five-phase restoration roadmap, real-time data replication, hourly incremental backups, daily full system backups, and cloud georedundancy with AES-256 encryption
Cybersecurity threat response protocols: ransomware, DDoS, phishing, and insider threat — with FCA and ICO notification requirements
Emergency communication framework: crisis hotline, secure messaging, 15-minute employee acknowledgement standard, and 1-hour client notification standard for transaction and data security impacts
Financial resilience framework: capital buffers, 3–6 month liquidity reserves, emergency credit lines, quarterly stress testing, and insurance coverage matrix
Testing schedule: quarterly tabletop exercises, semi-annual live drills, annual IT failover, vendor resilience, and regulatory stress tests
+ much more
Who is this for?
Compliance Officers, Risk Managers, Chief Operating Officers, SMF holders, and Boards at FCA-regulated firms who need a complete, board-approved Business Continuity Plan that satisfies FCA operational resilience expectations and demonstrates the firm is genuinely prepared for disruption.
How it works
Step 1 — Read it. Every section exists for a reason, grounded in a specific regulatory obligation.
Step 2 — Understand it. Map the content against your current practices. Identify where you're strong and where gaps exist.
Step 3 — Make it yours. Tailor the language to reflect how your organisation actually operates. A policy that sounds like your firm is a policy your people will follow.
Step 4 — Take ownership. Assign clear accountability — Board approval, named SMF holder, designated policy owner. A policy without an owner is a liability, not an asset.
Step 5 — Operationalise it. Embed the policy into your governance calendar, training programme, and annual review cycle. This is where compliance becomes culture.
Or, get this free with RegTechPRO
Access this alongside the full compliance policy library — SM&CR, COBS, AML, Consumer Duty, GDPR, and more — for a fraction of the cost of consultancy.
View RegTechPRO pricing and packages →
Image 1 of 7
Image 2 of 7
Image 3 of 7
Image 4 of 7
Image 5 of 7
Image 6 of 7
Image 7 of 7
