Important Business Service identification is the foundation of every operational resilience programme. It is also the element that FCA thematic review activity in the investment management sector has most consistently identified as inadequate in mid-tier firms.

 

The inadequacy is rarely a failure of intent. Investment managers and wealth firms completed IBS identification exercises during the initial implementation phase, produced registers, and secured board acknowledgement. The problem is that the services most commonly selected sit at a level of abstraction that makes it impossible to map their dependencies, set meaningful tolerances, or design scenario tests that genuinely stress their resilience position. The IBS list looks complete because it names all of the firm's activities. What it does not do is identify the specific services where a disruption would cause genuine, material harm to real clients.

That distinction is precisely what the FCA's supervisory lens is now focused on. This article sets out what defensible IBS identification looks like for investment management and wealth firms, where the most common failures in current selections arise, and what the specific evidencing standard requires.

What FCA SYSC 15A.2 Actually Requires

FCA SYSC 15A.2 establishes the IBS identification requirement. The obligation is not to list all the services a firm provides. It is to identify those services where a disruption would cause intolerable harm to clients or counterparties, threaten market integrity, or create risks to the FCA's statutory objectives.

Three elements of that requirement carry specific implications for investment management and wealth firms that are frequently not reflected in initial implementation work.

The first is the customer harm test. An IBS is defined not by what the firm does, but by what would happen to clients if the service were disrupted. For an investment manager, the question is not "do we manage portfolios?" It is "what would happen to our clients if portfolio management were disrupted for 24 hours, 48 hours, or beyond? At what point does disruption cause harm that would be intolerable, irreversible, or that would constitute a material breach of our regulatory obligations?" Identifying an IBS requires working backwards from that harm analysis, not forwards from a service catalogue.

The second is the operational meaningfulness test. FCA SYSC 15A.2.4 requires IBS mapping to trace specific dependencies: people, processes, technology, facilities, and third-party relationships. A service that is defined so broadly that it encompasses multiple distinct operational processes, technology systems, and dependency chains cannot be meaningfully mapped. If an IBS cannot be mapped to a specific set of dependencies that can be stressed in a scenario test, it is too broad to serve the regulatory purpose. The IBS must be defined at a level of granularity that makes dependency mapping tractable.

The third is the review and maintenance obligation. FCA SYSC 15A requires firms to review and update their IBS identification as their operating model evolves. An investment manager that has restructured its client servicing model, migrated to a new portfolio management system, or changed its outsourcing arrangements since completing initial identification in 2022 has a material obligation to confirm that its current IBS selection still reflects its current operating model. The IBS register that was accurate in 2022 and has been carried forward without structured review is not compliant with the ongoing obligation.

The Three Most Common IBS Identification Failures in Investment and Wealth Firms

FCA thematic review activity in the investment management sector in 2025 and 2026 has consistently identified three failure patterns in IBS identification at mid-tier firms. Each pattern appears in a different type of firm, but all three share the same root cause: the IBS was selected for comprehensiveness rather than for customer harm relevance.

Over-broad service categories. The most common pattern across investment managers and platforms is IBS selection at the category level rather than the service level. "Investment Management" as an IBS encompasses portfolio construction, trade execution, settlement, client reporting, and custody reconciliation. Each of these activities has a distinct dependency chain, a distinct failure mode, and a distinct impact on clients. An IBS defined at the category level cannot be mapped to specific dependencies, cannot support meaningful tolerance setting, and cannot be tested in a scenario that genuinely stresses the harm it represents. The FCA specifically reviews whether IBS are defined at a level of granularity that makes the mapping and testing obligations tractable. Category-level selection fails that test.

Services selected for completeness, not harm. Several firms define IBS by mapping their service catalogue and asking "which of these activities should be in the register?" The right question is "which of these activities, if disrupted, would cause harm to clients that we could not tolerate or remediate within a reasonable timeframe?" The answer to the first question produces a long list of operationally important activities. The answer to the second question produces a shorter list of services where the client harm dimension is genuinely material. For a discretionary wealth manager, the second question will typically produce a different list to the first: client on-boarding may be operationally important without being harm-critical, while access to client funds or execution of time-sensitive instructions may be harm-critical even if they represent a small volume of the firm's activity.

Third-party dependencies excluded from selection scope. Investment managers, fund administrators, and platform operators carry material dependencies on custodians, transfer agents, fund accounting providers, and market data suppliers. The services that depend on these third parties are often where the highest harm exposure sits. Firms that selected IBS based on their own activities without examining where third-party failure would create client harm have a selection gap that the FCA's dependency mapping review will surface. The IBS identification process must include a review of where third-party failures would create harm the firm cannot absorb within its tolerance, and those services must be in scope.

What Defensible IBS Identification Contains

The following sets out the minimum documentation and evidencing standard for IBS identification that would withstand direct FCA supervisory review for an investment management or wealth firm. Each element is required. The absence of any element creates a gap that a thematic review would identify.

The IBS selection rationale document. For each service identified as an IBS, a written rationale that explains why this service was selected, with reference to the customer harm analysis that supported the selection, the FCA SYSC 15A criteria applied, and any services that were considered and excluded. The exclusion rationale is as important as the inclusion rationale: a supervisor reviewing an IBS register will ask whether the right services are in scope, and the answer must be demonstrable from the documentation, not reconstructed from memory.

Customer harm analysis per IBS. A structured analysis for each IBS that describes what would happen to clients at each stage of a disruption timeline, identifies the point at which harm becomes intolerable, and connects that harm threshold to the firm's impact tolerance statement. For an investment manager, this analysis must address both retail and institutional clients separately where the harm profiles differ, and must reflect the firm's current client base and service model rather than a generic template.

Dependency map per IBS. Tracing each IBS to its specific people, processes, technology systems, facilities, and third-party relationships, with single points of failure identified and the criticality of each dependency rated. For investment and wealth firms, third-party dependencies, particularly custodians, transfer agents, fund accounting systems, and market data providers, must be mapped at the individual provider and system level, not at the category level.

Review and change log. A documented record of each structured IBS identification review, confirming whether the selection remains appropriate given the current operating model, whether any changes to the selection were made, and the basis for any changes or confirmations. The review must be dated, signed off at the appropriate governance level, and connected to any material change events such as system migrations, outsourcing changes, or regulatory developments that might alter the harm profile of existing IBS.

Proportionality statement. For smaller investment managers and wealth firms, a documented explanation of how the firm has applied the SYSC 15A proportionality principle to its IBS selection and impact tolerance setting. The FCA expects proportionality, but it expects it to be applied thoughtfully and documented explicitly, not used as a general justification for a less rigorous programme.

How IBS Selection Connects to Tolerance and Testing

A common failure in the "What Good Looks Like" standard for investment and wealth firms is treating IBS identification as a standalone exercise that feeds into tolerance setting and scenario testing sequentially. In practice, the three elements must be designed as a coherent system.

An IBS defined too broadly cannot support meaningful tolerance setting, because the tolerance must describe a specific, measurable harm threshold for a specific client experience. A tolerance set without reference to a specific harm analysis will be a duration metric with no harm anchor, which is precisely the pattern FCA supervisors identify as inadequate.

A tolerance without a harm anchor cannot support scenario design, because the scenario must be designed to stress the harm pathway, not simply to test the service's recovery capability in the abstract. If the harm analysis has not been done, the scenario designer does not know which dependencies to stress or what outcome to evaluate the test against.

For investment and wealth firms, the specific harm pathways that most commonly require scenario testing are: the inability to execute client instructions during a market event when execution is time-sensitive; the inability to provide clients with access to information about their holdings during a period when the market is moving materially; the failure of a custody or settlement process that results in client assets being incorrectly recorded or unavailable; and the failure of a third-party administrator that creates a client-facing service gap the firm cannot bridge within its tolerance.

Each of these pathways requires an IBS that is defined specifically enough to be mapped, a tolerance that is calibrated to the actual client harm, and a scenario that tests the firm's ability to maintain the service within that tolerance under realistic conditions. The IBS identification standard described above is the foundation that makes all three achievable.

Using This Standard as a Gap Assessment Tool

The most practical use of the content above is to review each IBS currently in the firm's register against the defensible identification standard, asking three questions for each entry.

Can this IBS be described specifically enough to trace its dependency chain to individual people, systems, and third-party providers? If the IBS is defined at a category level that encompasses multiple distinct dependency chains, it requires disaggregation.

Is the customer harm analysis documented and specific to the current client base? If the harm analysis is generic or was produced for a different client profile, it does not meet the standard.

Has the selection been reviewed following any material change to the operating model since original identification? If not, there is a maintenance gap regardless of the quality of the original identification.

FourthLine has delivered FCA SYSC 15A compliant operational resilience programmes for investment management and wealth sector clients including Interactive Investor, Ruffer Investment Management, and Novia Financial. For firms that want an independent, structured assessment of their current IBS identification against the FCA standard, the Diagnostic Assessment is the starting point.

 

 
 

 

 

 

 
.