Adding FCA UK Chapter 15 Operational resilience framework #1464
Conversation
New format is <branch>-<timestamp>-<artifact name>
…-uploaded-artifacts
) Co-authored-by: eric-intuitem <[email protected]>
* feat: check required libraries after domain creation * feat: improve error handling * chore: format
* Add a progress field on applied controls * changed save model function & regionalize * inverse colors and add a validator on the progress field model
* fix: diffentiate cell's tooltips using matrixName% * fix: typo and code readability
* Increase limit_request_line param for gunicorn Increase limit_request_line param for gunicorn, this allows some IDP (such as GoAuthentik) provider to work as the request line often goes beyond the default value of 4094. * Update startup.sh Forgot backslash...
…1451) * put entityy mendatory with red star UI * changed implementation
…faster (intuitem#1375) * Improve the e2e-tests.sh script to make local functional tests faster Minor correction Minor adjustment * Fix poetry 2.x compability * Update the poetry version in the README requirements * Handle filenames with spaces
* feat: begin to add possibility to draft risk acceptances This is not finished yet, some little things remain to be done. * dynamic translations * fix: better ui + possibility to switch draft and submitted states * fix: removed backend translations * fix: add possibility to remove the defined approver * fix(api): prevent non-approvers to reject/revoke/accept * fix(UI): tooltip instead of text for approver missing * fix: coderabbits reviews --------- Co-authored-by: Mohamed-Hacene <[email protected]>
…#1456) * starting point to rearange applied control form * Cleaner look for Applied controls forms * Improve audit creation form * Adjust tests for applied control * fixup * fixup * fixup
…up (intuitem#1391) * Add word confirmation when deleting domain/import a backup * New promptModal & fix modal boolean validation & fix flash errors * ruff format * added promptmodal for the supression of a domain and corrected useless action.ts delete hidden input on forms * tolowercase yes to have m.yes = Yes instead of yes * corrected tests * changed tests and test-ids * corrected tests * correct tests --------- Co-authored-by: Mohamed-Hacene <[email protected]>
WalkthroughThe YAML file now defines a comprehensive framework for FCA UK - Chapter 15A on operational resilience. It adds detailed metadata, a new framework object with a defined scoring system (ranging from 1 to 5), and several requirement nodes. These nodes outline criteria for identifying important business services, establishing impact tolerances, scenario testing, and supervisory review. The file serves as a structured regulatory guide for ensuring that firms meet resilience standards. Changes
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
|
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅ |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (4)
tools/fca-uk-sysc15a/fca-uk-ps21-3-chapter15-requirements.yaml (4)
60-69: Implementation Groups DefinitionThe implementation groups (Basic, Intermediate, Advanced) are defined with their ref_ids and names. However, the descriptions are currently set to null. If additional context or guidance is available, consider providing a brief description for each group to help users understand the distinctions.
70-98: Application Requirement Nodes ReviewThe "Application" requirement nodes establish the applicability of the framework to different firm types and scenarios. While the hierarchical structure with parent_urn references is correctly implemented, the repeated use of the name "Application" across child nodes might benefit from additional qualifiers to improve clarity.
211-340: Important Business Services & Impact Tolerance RequirementsThis section outlines the requirements for identifying important business services (nodes 15A.2.1 to 15A.2.4) and establishing impact tolerances (nodes 15A.2.5 to 15A.2.10). The hierarchical structure is clear, and the descriptions are detailed. Consider whether the recurring labels "Important business identification" and "Impact tolerance" could be refined to differentiate each specific requirement further.
387-406: Strategies, Processes and Systems RequirementsThe requirement nodes under "Strategies, processes and systems" clearly mandate that firms maintain robust internal strategies, processes, and systems. The descriptions effectively convey the need for comprehensiveness and proportionality. It might be useful to include examples or cross-references to other regulatory guidelines if applicable.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
tools/fca-uk-sysc15a/FCA-UK-PS21-3-Chapter15-Requirements.xlsxis excluded by!**/*.xlsx
📒 Files selected for processing (1)
tools/fca-uk-sysc15a/fca-uk-ps21-3-chapter15-requirements.yaml(1 hunks)
🔇 Additional comments (9)
tools/fca-uk-sysc15a/fca-uk-ps21-3-chapter15-requirements.yaml (9)
1-10: Metadata Block VerificationThe metadata section is clearly defined with all the essential fields (URN, locale, ref_id, name, description, copyright, version, publication_date, provider, and packager). Ensure that these values remain consistent with internal naming conventions and regulatory standards.
11-19: Framework Object StructureThe framework object under the "objects:" key is well organized. It correctly specifies the URN, ref_id, name, description, and scoring boundaries (min_score and max_score) along with a detailed scores_definition. Please confirm that the score range (1–5) aligns with the intended assessment criteria.
20-59: Scoring Definitions Consistency and FormattingThe scoring definitions provide comprehensive criteria for each score level from 1 (Initial) to 5 (Optimizing). One minor nitpick: the use of a comma in "0,5%" for the lowest percentage in score 5 might be confusing in an English locale where a dot is typically used (i.e. "0.5%"). Verify whether this format is intentional or should be adjusted for clarity.
407-446: Mapping Requirements EvaluationThe Mapping section is well articulated. It requires firms to document the essential components (people, processes, technology, facilities, and information) to support each important business service. The additional guidance for third-party reliance is clear. Ensure that the specified review frequency (e.g. annual review) aligns with internal policies and regulatory expectations.
447-572: Scenario Testing and Lessons Learned RequirementsThis segment covers the entire scenario testing process—from maintaining a testing plan and executing various testing methodologies to conducting lessons learned exercises. The inclusion of considerations for third-party dependencies is particularly strong. Just verify that the balance between rigorous testing requirements and operational feasibility is maintained.
572-613: Self-Assessment Documentation RequirementsThe self-assessment and lessons learned documentation requirements are comprehensive. They clearly articulate what records must be maintained and the retention period (at least 6 years). Confirm that these documentation practices align with the firm’s internal record-keeping policies and regulatory obligations.
613-627: Governance RequirementThe governance node mandates that the firm’s governing body approves and reviews the documentation established in the previous section. This is a sound control measure. It would be beneficial to ensure that internal procedures for these governance reviews are well defined.
628-663: Communications Strategy RequirementsThe communications requirements emphasize the need for both internal and external communication strategies during operational disruptions. The criteria for timely and effective information dissemination are clear. It may be worth verifying that the proposed communication methods are compatible with the firm’s existing channels.
664-702: Supervisory Review and Feedback RequirementsThe supervisory review and feedback section outlines the process through which the FCA may provide individual guidance and require corrective actions. The iterative nature of feedback between the FCA and the firm is well captured. Ensure that the language provides sufficient flexibility for cases where disputes arise, and that follow-up mechanisms are clear.
|
I have read the CLA Document and I hereby sign the CLA |
|
1/ A license agreement must be obtained: https://www.fca.org.uk/handbook-licence-agreement. |
|
Hello, |
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
tools/fca-uk-sysc15a/fca-uk-ps21-3-chapter15-requirements.yaml (1)
186-192: Replace special characters with standard Unicode.Several requirement nodes contain special characters (■) that might cause rendering issues. Consider replacing these with standard Unicode characters or removing them if they're not necessary.
Example occurrences:
- Line 186: "Notwithstanding ■ SYSC 15A.1.7R"
- Line 219: "compliance with ■ SYSC 15A.2.1R"
- Line 277: "compliance with ■ SYSC 15A.2.5R"
And others...Also applies to: 219-222, 277-281, 333-345, 423-424, 430-437, 560-562
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
tools/fca-uk-sysc15a/FCA-UK-PS21-3-Chapter15-Requirements.xlsxis excluded by!**/*.xlsx
📒 Files selected for processing (1)
tools/fca-uk-sysc15a/fca-uk-ps21-3-chapter15-requirements.yaml(1 hunks)
🔇 Additional comments (3)
tools/fca-uk-sysc15a/fca-uk-ps21-3-chapter15-requirements.yaml (3)
9-9: Verify the publication date.The publication date is set to February 12, 2025, which is in the future. Please confirm if this is intentional or if it should be adjusted to the actual publication date.
19-61: LGTM! Well-structured scoring system.The scoring system is well-implemented with:
- Clear progression from Initial (1) to Optimizing (5)
- Measurable criteria with specific percentages
- Comprehensive descriptions covering process documentation, implementation, and exceptions
62-695: LGTM! Well-organized requirement nodes.The requirement nodes effectively capture the regulatory framework with:
- Clear hierarchical structure using parent-child relationships
- Consistent use of URNs and reference IDs
- Appropriate flagging of assessable requirements
- Comprehensive descriptions with cross-references
|
License request sent. |
* Creating file for storing CLA Signatures * @eric-intuitem has signed the CLA in #34 * @nas-tabchiche has signed the CLA in #36 * @Mohamed-Hacene has signed the CLA in #37 * @Alexdev8 has signed the CLA in #49 * @monsieurswag has signed the CLA in #62 * @felixhaeberle has signed the CLA in #173 * @ab-smith has signed the CLA in #184 * @eltociear has signed the CLA in #269 * @protocolpaladin has signed the CLA in #350 * @krismas has signed the CLA in #379 * @tovam has signed the CLA in #463 * @ImanABS has signed the CLA in #495 * @AndrzejRPiotrowski has signed the CLA in #552 * @nka11 has signed the CLA in #602 * @PhilBall-DEFEND has signed the CLA in #608 * @Th3ju has signed the CLA in #643 * @fdicarlo has signed the CLA in #672 * @Coffee-007 has signed the CLA in #745 * @vincenttisseront has signed the CLA in #786 * @melinoix has signed the CLA in #847 * @Axxiar has signed the CLA in #865 * @AbdouSou has signed the CLA in #1006 * @quentinbdno has signed the CLA in #1013 * @atomikiss has signed the CLA in #1030 * @fastlorenzo has signed the CLA in #1107 * @QuiverX41 has signed the CLA in #1142 * @Nathanael-Mtd has signed the CLA in #1216 * @thidalgosalvador has signed the CLA in #1290 * @za has signed the CLA in #1305 * @rzivny has signed the CLA in #1324 * @h-4-t has signed the CLA in #1327 * @gbyx3 has signed the CLA in #1343 * @Patrick-PDV has signed the CLA in #1431 * @AisukoHakumei has signed the CLA in #1454 * @jledoze has signed the CLA in #1464 * @Pioupuch has signed the CLA in #1482 * @nparfait has signed the CLA in #1484 * @vnzgnn has signed the CLA in #1526 --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Summary by CodeRabbit