Artefacts

We aim to deliver sectorwide operational resilience improvements to benefit the safety and security of customers through trusted and effective collaboration

Welcome to the CMORG Artefact library

This brings together all CMORG outputs that are accessible to industry participants. You can register to access all of these here, but to receive a response, you must provide an industry email address and be a direct industry participant.

Filter by:

Sector Response
Sector Response Framework (SRF) Summary
We are re-launching the public-facing Sector Response Framework (SRF) Summary that provides a clear and concise overview of how the sector responds to a systemic incident. This is intended for everyone in the sector, from firms to their service providers, and is relevant for all levels of the organisation, from C-suite executives to Operational Resilience, Incident Management and Business Continuity Leads.
Sector Response
Sector Response Framework (SRF) Mapping Template
The Firm Mapping Template is designed as an enabler for firms to integrate the Sector Response Framework (SRF) within their own crisis plans and processes. Firms may use this template to map their membership to the relevant groups within the SRF by recording the names and contact numbers of those individual(s) who are members of those groups. To note, not all firms need to be a member of every group and groups will have their own membership criteria. Firms should identify those groups most relevant to their business needs.
Resilience
CMORG Artefact Library
This is the CMORG Artefact Library as of November 2024.
Payments
Voluntary Sterling Settlement Postponement (VSSP) Playbook
The concept of a Voluntary Sterling Settlement Postponement (VSSP) first arose during the 1987 Storm when many London staff were unable to travel to work and the high street banks agreed with the Bank of England (‘the Bank’) that it was not possible to run an orderly settlement day and closed.

It was then documented as part of the sector’s contingency toolkit for SIMEX16 ahead of UK Finance accelerating further planning for Covid-19 including delivering supporting some operational artefacts. The legal analysis output formed the Phase 1 Closure Report to support industry awareness. A VSSP Phase 2 Working Group was established under governance of the Cross Market Operational Resilience Group, which has developed this playbook.
Third Party
Collaborative Scenario Testing of Third Parties - Effective Practices
This document is designed to provide a set of principles and broad expectations of the industry on how scenario testing with third parties should be conducted. The guidance here is intended to be used by financial firms of all maturities as either a guidance for building a framework for scenario testing with third parties, or to act as a check point for established programs.
Technology and cyber
Third Party Critical Vulnerability Response Playbook
This playbook is a Cross Market Operational Resilience Group (CMORG) capability, delivered under the governance of the CMORG Cyber Coordination Group in collaboration with the Financial Sector Cyber Collaboration Centre (FSCCC). It is intended to support effective sector coordination and information
sharing in response to a major third party zero day or critical vulnerability.

The playbook is aligned with FSCCC strategic objectives to define collaborative methods between members to improve industry’s ability to respond to cyber threats and/or incidents with actual or potential systemic impacts to the UK financial sector.
Resilience
CMORG Meeting Minutes
Please find here the meeting minutes for CMORG meetings to inform firms and groups of the discussions and decisions made at the CMORG group level.
Resilience
CMORG Portfolio
Please find here the latest portfolio of workstreams overseen by CMORG. This is to support firms and groups in understanding the wider portfolio of activity and the work being developed across CMORG, and to promote engagement with these workstreams.
Resilience
Guidance for Firm Operational Resilience
The guidance incorporates the key requirements set out by the UK regulators for implementing operational resilience into firms. The content should be considered as high-level principles that can be used proportionately by a firm accordingly to their size, scale and complexity. It is not intended to be prescriptive or mandatory, but rather to support completion of individual firm documentation that aligns to the organisation’s specific corporate governance requirements and templates.