Compliance
FCA Handbook mapping
Every Bedrock capability mapped to the specific FCA Handbook rule it satisfies, with citations.
This page is the source of truth for “which Bedrock thing addresses which FCA rule.” It exists because compliance officers need to give the answer to that question without reading the engineering docs, and engineers need to give it without reading the FCA Handbook. Both groups should be able to point at the same row.
By rule
| Rule | Name | Bedrock features |
|---|---|---|
PRIN 2A.2 | Products & services outcome | Impact assessments, Model registry |
PRIN 2A.3 | Price & value outcome | Bias monitoring |
PRIN 2A.4 | Consumer understanding outcome | Explainability, Certificates |
PRIN 2A.5 | Consumer support outcome | Vulnerability routing, SLA enforcement, Bias monitoring, Drift detection, Model registry |
PRIN 2A.6 | Cross-cutting obligations | Vulnerability routing, Chain integrity |
PRIN 6 | Customers' interests | SLA enforcement |
PRIN 7 | Communications with clients | Explainability, Certificates |
PRIN 11 | Relations with regulators | Incident response |
SYSC 6.1 | Compliance arrangements | Checklists, Incident response |
SYSC 7.1 | Risk control | Impact assessments |
SYSC 8 | Outsourcing | Model registry, Drift detection |
SYSC 9 | Record-keeping | Ledger, Chain integrity, Certificates |
SUP 9 | Records available to the FCA | Ledger, Certificates |
COBS 9.2 | Suitability assessment | Checklists, Explainability |
COBS 9.4 | Suitability reports | Certificates |
DISP 1 | Complaints handling | Incident response |
FG21/1 | Fair treatment of vulnerable customers | Vulnerability routing |
Cross-cutting evidence
Two Bedrock capabilities act as evidence for almost every rule above: the ledger (because every other capability writes its evidence into it), and the certificate (because every signed certificate ties a specific decision to a specific reviewer with a verifiable timestamp). The other capabilities answer specific rules; these two answer the meta-question “can you prove it?” for any of them.
What this isn't
This mapping is not legal advice and is not a substitute for your own compliance function. It is a starting point for the conversation between your engineering and compliance teams about which controls satisfy which obligations. The marketing site's compliance page covers the wider context.