FCA impact tolerances: setting, testing and reviewing
FCA impact tolerances: setting, testing and reviewing An impact tolerance is the maximum disruption to an important business service that a firm is prepared to accept. Setting impact tolerances is the most technically demanding element of the FCA’s operational resilience framework under PS21/3 — it …
Important business services: how to identify them in practice
Important business services: how to identify them in practice The concept of the important business service sits at the centre of the FCA’s operational resilience framework. Under Policy Statement PS21/3, firms must identify the services they provide to external clients which, if disrupted, would cause …
The SMF18 oversight role: governance over CASS in practice
The SMF18 oversight role: governance over CASS in practice SMF18 — the Other Overall Responsibility function under the FCA’s Senior Managers and Certification Regime — is the catch-all senior manager designation that captures significant areas of a firm’s activity not allocated to one of the …
CASS audits in 2026: what FRC standards now require
CASS audits in 2026: what FRC standards now require The annual Client Assets audit is a statutory obligation for FCA-regulated investment firms that hold client money or custody assets. The audit is required under CASS 6.6 and CASS 7.15, must be conducted by an approved …
Hiring a Head of Regulatory Reporting: capability framework and salary benchmarks
Hiring a Head of Regulatory Reporting: capability framework and salary benchmarks The Head of Regulatory Reporting is one of the most technically demanding senior finance roles at an FCA-regulated firm. It combines deep knowledge of the applicable prudential framework — MIFIDPRU for investment firms, COREP …
Common RegData errors and how to avoid them in 2026
Common RegData errors and how to avoid them in 2026 The FCA’s RegData platform — which replaced Gabriel for regulatory return submissions in October 2022 — has been the submission vehicle for MIFIDPRU returns since the regime came into force in January 2022. Three years …
MIFIDPRU returns: what an investment firm’s Head of Regulatory Reporting owns
MIFIDPRU returns: what an investment firm’s Head of Regulatory Reporting owns The FCA’s prudential sourcebook for MiFID investment firms — MIFIDPRU — came into force in January 2022, replacing the Capital Requirements Directive and Regulation framework that had previously applied to non-systemic investment firms. For …
Quality vs quantity in SAR filing: what NCA reviewers look for
Quality vs quantity in SAR filing: what NCA reviewers look for The UK Financial Intelligence Unit received approximately 901,000 Suspicious Activity Reports in the 2022–23 reporting year. The volume of SARs filed by regulated firms has increased substantially over the past decade. The quality of …
DAML requests in practice: how the consent regime actually works
DAML requests in practice: how the consent regime actually works The Defence Against Money Laundering request — universally referred to as a DAML — is one of the most misunderstood mechanisms in the UK’s financial crime framework. It is distinct from a standard Suspicious Activity …
Customer due diligence for crypto firms: what differs from traditional CDD
Customer due diligence for crypto firms: what differs from traditional CDD The Money Laundering Regulations 2017 apply to cryptoasset businesses registered with the FCA in the same way they apply to banks, payment firms and investment businesses. The obligation to conduct customer due diligence, enhanced …
Accredited Member of GBC
Accredited Member of LWF
Carbon Offset via TreeNation
