Viewing as:

Regulatory Mapping

Nine regimes decomposed into provisions, mapped many-to-many to ORBIT's capabilities and to individual records. Jurisdiction lens: Meridian Commercial Bank — primary US, secondary CA-OSFI, UK-PRA. Expectations are paraphrased, never reproduced verbatim.

Jurisdiction lens:
UK PRA SS1/21 & PS6/21 — Operational Resilience

The PRA's operational resilience regime: identify important business services, set impact tolerances, map dependencies, test against severe but plausible scenarios, and remain within tolerances by the compliance deadline. The conceptual origin of the IBS model.

SS1/21 §2Identify important business services

Firms must identify the business services whose disruption could threaten safety and soundness, financial stability, or policyholder protection, and keep the inventory current as the business changes.

IBS inventory & lifecycleCriticality assessment & tiering
SS1/21 §3Set impact tolerances

For each important business service, the firm sets a tolerance defining the maximum tolerable level of disruption — expressed in time and, where relevant, other measures such as volume or value — at the first point where harm becomes intolerable.

Impact tolerances
SS1/21 §4Map resources and dependencies

Firms must identify and document the people, processes, technology, facilities, and information required to deliver each important business service, sufficient to identify vulnerabilities.

Process & dependency mappingMaterial points of failure
SS1/21 §6Lessons learned & vulnerabilities

Testing and incidents must feed an improvement cycle: identified vulnerabilities are remediated on a prioritized basis with accountable owners.

Vulnerability & remediation
SS1/21 §7Self-assessment & board approval

Firms maintain a written self-assessment of their operational resilience, approved by the board, evidencing the reasoning behind IBS selection, tolerances, and testing outcomes.

Self-assessmentBoard reportingThree-lines governance workflow
SS1/21 §8Governance & accountability

The board and senior management own operational resilience outcomes; clear accountability (SMF alignment) and management information support effective oversight.

Three-lines governance workflowBoard reportingAudit trail & versioning
PS6/21 Ch.3Embedding & deadlines

Firms were expected to have identified IBS, set tolerances and started mapping/testing by March 2022, and to remain within tolerances as soon as reasonably practicable and by March 2025.

IBS inventory & lifecycleScenario testing

Global search

Search services, processes, assets, scenarios, vulnerabilities, and regulatory provisions