How to choose a skilled person: practical considerations under Section 166
How to choose a skilled person: practical considerations under Section 166 When the FCA requires a firm to commission a Section 166 skilled person review, the firm nominates the skilled person subject to the FCA’s approval. In practice, the firm has meaningful influence over who …
Surviving a Section 166 review: a CFO/COO action plan
Surviving a Section 166 review: a CFO/COO action plan A Section 166 skilled person review is one of the most significant regulatory interventions an FCA-regulated firm can face. Unlike a routine supervisory visit or a request for information, a Section 166 review under the Financial …
ICT incident reporting under DORA: timelines and templates
ICT incident reporting under DORA: timelines and templates DORA’s ICT incident reporting regime is one of the most operationally demanding aspects of the regulation for in-scope firms. Unlike the existing notification frameworks in most EU member states — which require prompt notification of significant events …
DORA vs FCA operational resilience: comparing the two regimes
DORA vs FCA operational resilience: comparing the two regimes UK financial services firms that operate across the UK and EU face two distinct but related operational resilience regulatory frameworks. The FCA’s operational resilience framework — established under Policy Statement PS21/3 and now fully in force …
Critical ICT third-party provider designation: what UK firms need to know
Critical ICT third-party provider designation: what UK firms need to know The Digital Operational Resilience Act introduces a new category of regulated entity in the EU financial services landscape: the Critical ICT Third-Party Provider. Designated CTPPs are subject to direct supervisory oversight by the European …
FCA impact tolerances: setting, testing and reviewing
FCA impact tolerances: setting, testing and reviewing An impact tolerance is the maximum disruption to an important business service that a firm is prepared to accept. Setting impact tolerances is the most technically demanding element of the FCA’s operational resilience framework under PS21/3 — it …
Important business services: how to identify them in practice
Important business services: how to identify them in practice The concept of the important business service sits at the centre of the FCA’s operational resilience framework. Under Policy Statement PS21/3, firms must identify the services they provide to external clients which, if disrupted, would cause …
The SMF18 oversight role: governance over CASS in practice
The SMF18 oversight role: governance over CASS in practice SMF18 — the Other Overall Responsibility function under the FCA’s Senior Managers and Certification Regime — is the catch-all senior manager designation that captures significant areas of a firm’s activity not allocated to one of the …
CASS audits in 2026: what FRC standards now require
CASS audits in 2026: what FRC standards now require The annual Client Assets audit is a statutory obligation for FCA-regulated investment firms that hold client money or custody assets. The audit is required under CASS 6.6 and CASS 7.15, must be conducted by an approved …
Hiring a Head of Regulatory Reporting: capability framework and salary benchmarks
Hiring a Head of Regulatory Reporting: capability framework and salary benchmarks The Head of Regulatory Reporting is one of the most technically demanding senior finance roles at an FCA-regulated firm. It combines deep knowledge of the applicable prudential framework — MIFIDPRU for investment firms, COREP …
Accredited Member of GBC
Accredited Member of LWF
Carbon Offset via TreeNation
