CON-20-115 Consultancy & Skilled Persons Framework

• Value: £1M

Advice, skills and technical expertise in client assets and safeguarding. This will include skills, experience and expertise in areas such as, but not limited to: •Client Assets (CASS) and SUP 16 in the appropriate regulator’s Handbook, including governance, regulatory reporting and systems and controls arrangements associated with client assets. •Safeguarding requirements as set out in the Payment Services Regulations 2017 and E-money Regulations 2011, and the FCA Payment Services and Electronic Money Approach Document.

• Value: £2M

Advice, skills and technical expertise in assessing whether firms have effective purpose, governance arrangements, leadership and approaches to people and how these support a healthy culture that mitigates potential harm to customers or markets and/or safety and soundness and/or operational resilience This should include, but not be limited to knowledge of relevant national and international regulatory requirements, standards, guidelines and industry best practice and experience and expertise in assessing: • governance frameworks (including policies and procedures) and whether they result in effective governance; • board effectiveness, decision making and influential and accountable leadership; • people policies and practices (including remuneration, training and competence, psychological safety and diversity and inclusion) and whether these result in behaviours that drive good outcomes; • leadership and the Senior Managers and Certification Regime, (including the assessment of the fitness and propriety of Senior Managers and certified staff, the embedding and application of the Conduct Rules, and individual accountability); • firms’ purpose, risk appetite, business model, strategies, change management programmes (during transition, implementation, delivery); • governance arrangements for recovery and resolution plans; • approaches to operational resilience and business continuity; • Board reporting and management information; and • involvement across all levels of firms that encourages effective challenge and prevents harm by promoting a range of views in the decision-making process.

• Value: £4M

Advice, skills and technical expertise in assessing whether firms have effective controls and risk management frameworks, including identification and control arrangements to identify and mitigate risks in their business models (including outsourcing arrangements); taking a risk based approach to deliver fair outcomes for customers and/or safety and soundness and/or operational resilience. This should include but not be limited to knowledge of relevant regulatory requirements, standards, guidelines and industry best practice and experience and expertise in assessing: • firm’s capacity and effectiveness to self-identify potential harm to consumers and markets; so that it can implement controls to minimise the risk of harm; • internal control effectiveness across the three lines of defence, operational risk and resilience; • stress testing frameworks; • all types of enterprise-wide risk (including operational risk, credit risk, traded risk, liquidity risk, compliance/legal risk, conduct risk, valuation risk, people risk, climate risk and reputational risk management); • outsourcing arrangements; • effectiveness and independence of the Risk, Compliance and Internal Audit functions; • management information (MI) that effectively tracks and monitors risk trends and analysis that would enable pro-active mitigation of risk; thereby minimising risk to business plans, strategic delivery, market impact and customer detriment; including how the MI is used to remedy both emerging and crystallised risk; •effectiveness of the risk management framework in identifying, mitigating and escalating new or developing risks; and •model expertise, where risks arise from the use of complex derivatives, to ensure adequate management reporting. Additional information: To respond to this opportunity please click here: https://fca.delta-esourcing.com/respond/8YV8A8WNK8

• Value: £3M

Advice, skills and technical expertise in assessing: •the fair treatment of customers, including: design and distribution of financial products, pricing, marketing and advertising, customer communications, quality of advice, sales practices, management of conflicts of interest, complaints handling, conduct of business rules and guidance, collections and arrears management, pre- and post-sale service and retail conduct risks associated with each stage of the retail product life-cycle. Ability to adapt their approach and resource where necessary to ensure a proportionate approach to smaller regulated firms. •wholesale market conduct, including: upholding market integrity, ensuring effective market abuse systems and controls, managing conflicts and ensuring markets remain orderly in a range of market conditions, appropriate implementation of whistleblowing processes and procedures including assessing the adequacy of investigations, and products and services provide fair value and meet clients’ investment needs. This will include skills, experience and expertise in a wide variety of product types and in areas such as, but not limited to: COBS, ICOBS, MCOB, BCOBS, CONC, DISP, CMCOB, MAR, COLL and FUND in the FCA handbook, IDD, MiFID, market conduct codes, the requirements of other legislation such as the Competition Act 1998, PSR and EMR, the 2010 Equality Act, and expertise in past business reviews and overseeing redress exercises.

• Value: £2M

Advice, skills and technical expertise in financial crime, anti-money laundering, anti-bribery and corruption, sanctions, cryptocurrency and payments solutions, tax evasion, market abuse (including insider dealing and market manipulation), and governance of these areas. This will include skills, experience and expertise in the provision of advice, assessing the adequacy of firms’ systems and controls, and the investigation of areas including, but not limited to: the Market Abuse Regulation (MAR), the Suspicious Transaction and Order Reports (STOR) regime, the Money Laundering Regulations, the Bribery Act 2010, the Criminal Finances Act 2017, relevant SYSC rules, the Joint Money Laundering Steering Group guidance, the Payment Services Regulations 2017 (PSR) and the Electronic Money Regulations 2011 (EMR).

• Value: £2M

Advice, skills and technical expertise in assessing whether firms have effective prudential arrangements and how these support safety and soundness and/or operational resilience. This should include, but not be limited to knowledge of relevant national and international regulatory requirements, standards, guidelines and industry best practice and experience and expertise in: • assessing and modelling risks (including, credit risk; traded risk; interest rate risk, liquidity and treasury risk; operational risk; and settlement risk); • calculating prudential requirements (including for capital, liquidity, large exposures, and non-financial resources); • reviewing the preparation and reporting of regulatory returns; • business, capital and liquidity planning (including ICAAPs, ILAAPs and stress tests, and for mergers, acquisitions and transfer of business); and • recovery and resolution planning, implementation and reporting (including Resolution Assessments).

• Value: £3M

Advice, skills and technical expertise in assessing whether firms have effective prudential arrangements and how these support safety and soundness and/or operational resilience, and/or policyholder protection. This should include, but not be limited to knowledge of relevant national and international regulatory requirements, standards, guidelines and industry best practice and experience and expertise in: • in assessing risks arising from life and/or non-life insurance business, (including credit risk, market risk, operational risk, liquidity risk and climate risk). • business, capital and liquidity planning (including stress tests and mergers, acquisitions and transfer of business). • reserving and technical provisions; • underwriting, claims handling and pricing; • capital modelling – build and review, including the ability to assess insurance firms’ validation of internal models; • reinsurance modelling and exposure management, including catastrophe risk; • actuarial modelling; • asset-liability modelling; • insurance Special Purpose Vehicles, insurance linked securities and valuation of assets; • merger and acquisition due diligence; • reviewing the preparation and reporting of regulatory returns; and • recovery and resolution planning, implementation and reporting.

• Value: £1M

Advice, skills and technical expertise in evaluating whether solo-regulated firms are accurately assessing adequate financial resources to ensure they meet threshold conditions and on-going regulatory requirements. This will require skills, experience and expertise across different prudential regimes, the FCA Handbook, International Accounting Standards, International Financial Reporting Standards and UK Generally Accepted Accounting Practice. This should include but not be limited to knowledge of relevant regulatory requirements, standards, guidelines and industry best practice and experience and expertise in assessing: •Firm’s skills, systems and processes to calculate and hold appropriate level and type of capital and/or liquid resources to cover potential harm and to put things right when they go wrong. •Firm’s capacity and effectiveness of assessing the likelihood and impact of potential harm to consumer and markets; thereby determining the amount of financial resources (capital and liquidity). The skills, experience and technical expertise should include but not be limited to: • Non-trading book: operational risk, credit risk, counterparty credit risk, credit valuation adjustment, settlement risk and/or the modelling of these risks, as well as regulatory reporting • Trading book: market risk, settlement risk, large exposures and/or the modelling of these risks, as well as regulatory reporting • Any other risks that are inherent to the firm’s business model and that can lead to impair its ability to compensate for harm done • Firm’s skills, systems and processes to evaluate the viability and sustainability of their own business model and strategy; whereby firms consider forward-looking financial projections and strategic plans, under both business-as-usual and adverse circumstances that are outside their normal and direct control. The assessment of tail risk analysis should include elements like the stress test, reverse stress test and wind-down planning, together with the adequacy of the scenarios, its modelling and the governance of these areas.

• Value: £1M

Advice, skills and technical expertise in assessing whether firms have effective technology and information management systems, and how these support an appropriate culture and/or safety and soundness policy holder protection and/or operational resilience. This should include but not be limited to knowledge of national and international regulatory requirements, standards, guidelines and industry good practice, such as: • Configuration of IT infrastructure standards such IPSEC; • IT control frameworks, such as COBIT, ISO standards and ITIL; • Cyber and information security standards and frameworks such as NIST; • Project and programme management good practices such as PRINCE2 and MSP; • Software development life cycles such as SSADM and RAD; and • Relevant IT infrastructure, systems and application software. and experience and expertise in: • IT strategy, governance and culture; • IT risk management; • Cyber and information security; • Threat and vulnerability management; • Service mapping and design, Systems architecture, development and maintenance; • Incident and problem management; • Project and change management; • Performance and capacity management; • Data integrity, quality and migration; • Identity and accesses management; • Physical Environment security; • Service continuity, testing and disaster recovery management; • Third party governance (outsourced and off-shore activities, including cloud services); and •Regulatory Technology (RegTech), including regulatory compliance and reporting.

• Value: £2M

The provision of services by a supplier with CREST accreditation for the delivery of CBEST-Threat Intelligence services

• Value: £1M

The provision of services by a supplier with CREST accreditation for the delivery of CBEST- Penetration Testing services

• Value: £2M

The provision of credit opinions to the standard of public issue credit ratings on financial assets. The service is to be provided by a credit rating agency that is registered or certified in accordance with CRA regulation.

• Value: £80M

This lot is divided into specialisms. Suppliers will not need to be able to deliver all specialisms and may be awarded a place on the framework for specific specialisms. The specialisms are as follows: Risk/Risk Management; HR Strategy; Financial, Economical and Policy Related; Business Consultancy; Technology; Forensic Accountancy / General Investigations; Resource Augmentation; and Economic Regulation and Analysis