Prudential Regulation Authority Rulebook

A firm must implement policies and processes to evaluate and manage the exposure to operational risk, including model risk and risks resulting from outsourcing and to cover low-frequency high severity events. Without prejudice to the definition of operational risk, a firm must articulate what constitutes operational risk for the purposes of those policies and procedures.

A firm must have in place adequate contingency and business continuity plans aimed at ensuring that in the case of a severe business disruption the firm is able to operate on an ongoing basis and that any losses are limited.