Your most dangerous resilience gap is not inside your firm. It is in your supply chain.

FourthLine builds TPRM frameworks, supplier due diligence programmes, and tested exit capability for mid-tier UK financial services firms - aligned to DORA Article 28, PRA SS2/21, and FCA operational resilience expectations. Supplier failure cannot breach your impact tolerances if you have evidence it cannot. 

Book a Scoping Call with Kieran
Download the TPRM Guide

THE PROBLEM THIS SOLVES

Most mid-tier firms have a supplier register. Many have a standard due diligence questionnaire. Very few have a TPRM framework that genuinely connects supplier risk to IBS impact tolerances and fewer still have tested whether their supplier exit plans would actually work under stress.

DORA has raised the bar significantly. PRA SS2/21 has required it for years. The common gap is not documentation. It is evidence that the documentation is operationally sound.

What we deliver

  • TPRM framework, policy, and governance architecture
  • Supplier segmentation and materiality assessment
  • Supplier register design and population
  • Due diligence questionnaire and assessment methodology
  • IBS-aligned supplier criticality mapping
  • Supplier exit plan development per critical and important supplier<
  • Stressed exit testing programme - tabletop and live testing
  • Regulatory-grade evidence pack (DORA Article 28 and PRA SS2/21 aligned)
  • TPRM managed service retainer option: ongoing oversight and annual DD cycle

Programme Structure

Start: Diagnostic Assessment | £15k–£25k

Module A: Framework & Mapping: From £58k

Module B: Due Diligence & Exit Planning: From £57k

Managed Service Retainer: From £41k p.a.

Fee basis: Fixed fee throughout

Delivered by: Named senior certified industry aligned practitioners 

HOW this connects to the wider programme

TPRM builds directly on your Op Res & BCM programme.

Suppliers identified as critical dependencies in the BCM programme are the same suppliers whose exit plans this module tests. No duplication. No rework. TPRM can also be engaged as a standalone programme where BCM foundations are already in place 

FourthLine understood from day one that we had two regulatory obligations to satisfy simultaneously, not one. They built a programme architecture that addressed both PRA SS1/21 and FCA SYSC 15A without duplicating effort. The board reporting they produced gave our NEDs genuine oversight of where we stood, in language they could act on 

Chief Operating Officer, SMF24, Private Bank.
View Case study

Test whether your supplier exit plans actually work

Start with a TPRM Diagnostic Assessment. A structured 4–6 week review of your firm's supplier risk framework and exit capability against DORA Article 28 and PRA SS2/21 requirements. Board-ready gap report. Fixed fee: £15k–£25k 

WHY FOURTHLINE FOR THIS PRODUCT

delivery

Senior delivery

Not senior oversight. The practitioner you meet in scoping is the practitioner who delivers. No hand-off to junior resource after the sale.

regulatory

Regulatory specificity

Every deliverable maps directly to the framework your regulator applies. Not a generic consulting output adapted for compliance.

orange-icon-3

Proportionate cost

Big Four-standard rigour. Without Big Four overhead. Fixed fees. No open-ended billing.

The Problem this solves

The Diagnostic Assessment is not a standalone exercise.
It is the starting point for an Annual Resilience Retainer engagement giving both parties a fully
evidenced scope before committing to the full programme.

1

Diagnostic Assessment

4–6 weeks

Current state analysis against FCA/PRA/DORA

2

Gap register and remediation roadmap

Deliverable

Priority-rated remediation plan

3

Annual Resilience Retainer

12 months

 Optional continuation 

4

Ongoing senior-led resilience programme

Embedded resilience capability with continuous regulatory intelligence and supervisory readiness