What are the 5 Anna report formats and when would I use each?
Full BCP (14 sections) — the comprehensive plan, for the regulator and the SMF24 sign-off. FCA Dry-Run (1 section, 12 questions) — a mock supervisory interview where Anna answers each set FCA question in your firm's voice from your data and RAG-rates each one; rehearse this before any FCA visit. Board Quarterly Pack (5 sections) — concise, decision-oriented governance pack; tone is “what does the Board need to know and approve?”. Executive Summary (3 sections) — 1–2 pages for the CEO / Exec Committee, plain English, lead with the bottom line. SYSC 15A Snapshot (4 sections) — rule-by-rule compliance gap analysis for the Compliance Officer or any FCA Skilled Person. All five draw from the same data set; you pick the format with a radio card and hit Generate.
If I switch report formats do I lose the previous draft?
No. Each format keeps its own saved content. The Board Quarterly you generated in March is preserved when you switch to Full BCP in April; switching back to Board Quarterly restores it exactly as it was. Regenerating a section only refreshes the section you click; manual inline edits are preserved on save.
How does the 84-point Resilience Health score work?
Points-based, not weighted. 17 sections × 2 pts each = 34 section points. 25 FCA SYSC 15A checklist items × 2 pts each = 50 checklist points. 34 + 50 = 84 max. Section points are auto-calculated where possible (% within appetite, % SPOF-free, % stress tests passed, % CMT with deputies), so a firm cannot mark itself 100% without the register data backing it up. Click the score for a full breakdown: per-section points, auto vs self-assessment labels, and a full criteria table. The Dashboard also shows a 12-month trend line so the direction of travel is visible at a glance.
Can we edit Anna's draft before it goes to the board?
Yes. Every section across every format is editable inline, and Anna can regenerate any individual section if your underlying data changes. Each section has its own “Generate with Anna AI” and “Edit Manually” buttons plus a free-text “Add additional notes or edits…” textarea. Export the active report as a branded formatted PDF (navy cover, auto-TOC) for the regulator, or as a Word (.doc) file that opens with track-changes for internal edits, or as a Full Pack ZIP that bundles all 12 register CSVs alongside.
How does the Live Incident Mode work?
When something goes wrong you click Declare Incident, capture severity (P1–P4), type, topics (from a 7-item list plus a user-defined “Other - Subject”), assignee and initial notes. The platform starts the FCA 4-hour notification countdown live (refreshed every second), gives you a card with a running incident log to which you append timestamped, user-attributed entries, and a Close Incident button that captures resolution summary, lessons learned and FCA-notified status. On close it auto-creates a stress-test entry captioned “Post-Incident: <title>” with the debrief copied across, so SYSC 15A.6 (“BCP reviewed following real incidents... lessons learned incorporated”) is satisfied without any separate manual step. Closed incidents land in a filterable table with severity, type, topic, year and search filters. A stats summary at the top shows Active count, Closed YTD, Avg time-to-close and FCA Notified ratio.
What is the FCA Dry-Run and what does “RAG-rated” mean here?
It's a mock supervisory interview. Anna asks 12 set SYSC 15A questions on your firm's behalf and answers each one from your live BCP data. For every answer she returns: a 1–3 sentence response in your firm's voice, a Green / Amber / Red rating reflecting the depth of evidence in your data (Green = comprehensive evidence; Amber = partial / in-progress; Red = absent or materially deficient), and a 1–2 sentence examiner observation telling you what an FCA supervisor would push back on. Read it before the supervisor does. Better to fix the Reds in advance than to be surprised mid-interview.
How does the Tabletop Exercise programme work?
8 base scenarios ship pre-loaded with their own 6-step playbooks, each anchored to a SYSC reference: Cyber Ransomware (15A.3), Premises Fire (15A.4), Key Person Loss (15A.3), Pandemic / Mass Absence (15A.3), Critical Supplier Failure (15A.5), Payment Rail Outage (15A.4), Data Breach (UK GDPR Art.33), Regulatory Enforcement Action (SUP 15). You schedule one against a date and named participants, run through it on the day, click Mark Complete with the lessons learned. The platform auto-creates a Stress Test row on completion captioned “Tabletop: <name>” — same auto-feed pattern as closed incidents. Closes the gap most firms have where tabletops happen but never make it into the stress-test register.
What FCA rules does the module cover?
The full SYSC 15A framework: 15A.2 (BCP existence & currency), 15A.3 (RTO/RPO), 15A.4 (recovery strategies & third-party dependencies), 15A.5 (scenario testing), 15A.6 (self-assessment & impact tolerances), 15A.7 (governance, SM&CR accountability, 3-year retention, 24-hour Senior Manager escalation), 15A.8 (FCA notification & client comms). Adjacent obligations: PRIN 2A (Consumer Duty 4-hour tolerance for IBS), SM&CR (named Senior Manager), and Cyber Essentials Plus renewal tracking.
What's in the 25-item FCA SYSC 15A Compliance Checklist?
Items a through y. Each is a firm-level SYSC 15A control with a plain-English statement and a SYSC anchor. Covers BCP existence and currency, RTO/RPO definition, recovery strategy realism, communication protocols, review cycle, testing cadence, action tracking, scenario breadth (cyber, IT, premises, key-person, market, pandemic, supplier), staff training, training record retention, client and FCA communication plans, channel testing, third-party dependency identification and SLA alignment, review triggers on operational change and real incidents, three-year record retention, 24-hour Senior Manager escalation, Board oversight reporting, and overall SYSC 15A alignment. 2 pts (Met), 1 pt (Partial), 0 pts (Not Met). A 50-point total.
How does the Threat Register differ from a normal risk register?
Two ways. First, every threat is benchmarked against a firm-set risk appetite threshold (defaults: Low ≤7 / Medium ≤14 / High ≥15, all editable), so Ransomware at L3 × I5 = 15 against appetite 10 fails automatically, feeds the Dashboard's Threat Risk Summary chart, and affects the scoring model's auto-calculated Threat Register band. Second, the 7 threat categories are prescribed: Cyber, Physical, People, Third Party, Technology, Health, Regulatory, matching the FCA's expected breadth. Most threat registers stop at a risk score; this one demands the appetite comparison.
How does it integrate with the rest of RegTechPRO?
One platform, one set of data. Operational Resilience shares records with Financial Crime and Consumer Duty Hub — one record per firm per module. Ops data surfaces back into the platform's cross-module views: Consumer Duty's 4-hour IBS benchmark, MI Dashboard's resilience tiles, and Policy Studio's BCP-adjacent policies. One platform, one set of compliance data.
How does Single Point of Failure detection work?
The Resource Dependencies register maps four resource classes per IBS (People with minimum head counts, Technology, Facilities, Third Parties) and automatically flags a red ⚠ YES SPOF pill when a resource line has no alternative. It's the concentration-risk assessment an FCA inspector asks about, surfaced without needing a consultant to run the mapping. The accordion badge shows "X% no SPOF" live.
How much does Operational Resilience & BCP cost?
From £250/month. The module ships a 14-section Anna-generated narrative BCP. See
regtechpro.co.uk/pricing for the full modular calculator.
Do I need the whole RegTechPRO platform, or can I just have this module?
Operational Resilience is an add-on to a RegTechPRO subscription. It sits inside the platform so it can share data with Consumer Duty (IBS 4-hour tolerance), the MI Dashboard (resilience tiles) and the document library (BCP exports and evidence). The base subscription includes the Core modules you need to make Op Res function end-to-end.
How long does setup take?
Under a day. The module ships pre-seeded with the 25-item SYSC 15A checklist, the 20-step Immediate Response Procedure, the 18-item Recovery Box, default risk-appetite thresholds, the 7-category threat taxonomy, a 14-section BCP skeleton and the 6-policy insurance register. You add your IBS list, your CMT with deputies, your third-party suppliers and your IT systems. Then Anna drafts the BCP. No migration project; the framework is built in.
I'm a compliance consultant. Can I run this across my client book?
Yes. It's one of the module's strongest use cases. Each client has its own workspace with its own registers, its own 84-point score, its own 14-section BCP. You run the production line; the client retains SYSC 15A accountability (Senior Manager sign-off, Self-Assessment answers, Board review date). It frees you for the skilled-person reviews and incident-response retainers where your expertise actually pays — the routine BCP production runs on the platform.
How is multi-year history kept defensible?
Three layers. First, on 1 January the platform auto-locks the previous year and writes an audit-trail entry recording the lock event. Second, previous years are read-only by default — an FCA skilled-person opening the 2024 BCP sees exactly what was approved by the Board at the time. Third, if you legitimately need to amend a prior year (e.g. a QA finding), you click Unlock; this opens a modal capturing your email (auto-detected) and a required free-text reason, both written to the audit trail. A clock-icon button next to the year selector opens the Unlock History popup so the full date / user / reason history for any year is one click away. Defensible posture for any FCA review.
What's the Field Guidance / tooltip system?
A small (i) icon next to every form-field label across 32 fields (Governance, Financial Impact, IT DR, Communications, Facilities, Recovery Box). Hover for an unpinned preview; click for a pinned popover. Each tooltip shows a regulatory citation pill (e.g. SYSC 15A.7 / SMCR), a plain-English description, an option-by-option guide for dropdowns, and a worked example. Removes the “what does this field actually want?” guesswork that plagues most operational-resilience templates and makes onboarding a new BCP Coordinator dramatically faster. Same component used in our Data Protection and Financial Crime modules.
Does Anna ever attest on my behalf?
No. Anna synthesises; she never attests. The design principle is deliberate and matches the other RegTechPRO modules: human attestation at the input (your IBS tolerances, threat register, 6 SYSC 15A.6 Self-Assessment answers, Board Sponsor sign-off date), AI efficiency in the middle (her 14-section narrative BCP), human sign-off at the output. This is the supervisory-grade division of labour the FCA would want to see and matches SYSC 15A.7's clear accountability expectations.
What does Anna actually cite when she writes?
The SYSC 15A rule she's addressing. Section 3 of the BCP opens with "in accordance with FCA SYSC 15A.3, which requires firms to identify and assess scenarios that could disrupt important business services", plus the specific figures from your registers (your dated IBS tolerances, your CMT names, your DR provider, your 4-hour FCA notification threshold). Adjacent citations: PRIN 2A where the Consumer Duty 4-hour IBS tolerance applies, SM&CR for named Senior Manager accountability, and any specific policy statement where the firm has taken a position.
How reproducible is a prior-year BCP?
Fully reproducible. The Year selector lets you view any historical BCP as it was signed off; previous years are read-only by default and any edit requires the audit-trailed unlock flow. Each section is stored per-year per-format after Anna generates it, so a 2026 Board Quarterly opened in 2028 still reads exactly as approved at the time. The underlying register data is preserved alongside, so an FCA skilled-person review can trace every claim back to the register row that supports it.
What audit trail do inspectors see?
Every section status is timestamped. Every IBS impact tolerance carries a date-set. Every stress test logs a date tested, result and actions/comments. Every CMT role is tied to a named deputy; the section will not mark complete without one. The 20-step Immediate Response runbook auto-saves on each checkbox tick. The 18-item Recovery Box has a per-item attestation log with timestamp, user and RAG cadence (Green <90 days, Amber 90–120, Red >120 / never). Every closed incident records who declared it, who closed it, the full event log and the FCA-notified status. Every year-lock and unlock event is in the audit trail with user and reason. Third-party suppliers record BCP Received (Yes/No) + BCP Adequate (Adequate/Pending/Inadequate) + Alternative Supplier. An inspector asking “when did you last test for ransomware?” gets a dated, named-owner, pass/fail answer in one click; “who unlocked 2024 in March?” gets a name, timestamp and reason.
