A refresh of the 2023/4 Strategic Risk Register to capture the most relevant risks facing the financial sector in 2025. The register has reflected the Operational Resilience Collaboration Group's (ORCG) Threat Monitoring Framework, the Dynamic Scenario Library, National Risk Register and the Authorities’ recommendations to provide an informed view of the threat landscape.

This document outlines a ‘principles-based’ approach to implementing effective business continuity responses across UK retail firms and which can be referred to during operational disruption, affecting Mortgage advances and property completions.

This is the CMORG Artefact Library as of May 2025.

The concept of a Voluntary Sterling Settlement Postponement (VSSP) first arose during the 1987 Storm when many London staff were unable to travel to work and the high street banks agreed with the Bank of England (‘the Bank’) that it was not possible to run an orderly settlement day and closed.

It was then documented as part of the sector’s contingency toolkit for SIMEX16 ahead of UK Finance accelerating further planning for Covid-19 including delivering supporting some operational artefacts. The legal analysis output formed the Phase 1 Closure Report to support industry awareness. A VSSP Phase 2 Working Group was established under governance of the Cross Market Operational Resilience Group, which has developed this playbook.

This playbook is a Cross Market Operational Resilience Group (CMORG) capability, delivered under the governance of the CMORG Cyber Coordination Group in collaboration with the Financial Sector Cyber Collaboration Centre (FSCCC). It is intended to support effective sector coordination and information
sharing in response to a major third party zero day or critical vulnerability.

The playbook is aligned with FSCCC strategic objectives to define collaborative methods between members to improve industry’s ability to respond to cyber threats and/or incidents with actual or potential systemic impacts to the UK financial sector.

Please find here the latest portfolio of workstreams overseen by CMORG. This is to support firms and groups in understanding the wider portfolio of activity and the work being developed across CMORG, and to promote engagement with these workstreams.

Please find here the meeting minutes for CMORG meetings to inform firms and groups of the discussions and decisions made at the CMORG group level.

The guidance incorporates the key requirements set out by the UK regulators for implementing operational resilience into firms. The content should be considered as high-level principles that can be used proportionately by a firm accordingly to their size, scale and complexity. It is not intended to be prescriptive or mandatory, but rather to support completion of individual firm documentation that aligns to the organisation’s specific corporate governance requirements and templates.

The Single Company Exercise (SCE) has been designed so that SIMEX’s value could be extended to as wide a range of firms as possible. SCE has been produced to allow any firm, but especially smaller firms without specific exercising experience or expertise, to deliver an effective internal exercise. The materials are based on a severe but plausible scenario and can be used to exercise a range of capabilities and test important business services.