Critical Supplier Due Diligence Tool

Are you a CEO, COO, CRO, CIO, CISO or Head of Procurement with critical supplier oversight obligations to meet?

• You have material third-party arrangements that the PRA and FCA now expect you to evidence properly.
• You don't have time for last-minute surprises when your first PS7/26 register submission is due.
• And you can't afford supplier failures, regulatory findings or reputational damage.

Our new Critical Supplier Due Diligence Diagnostic provides a rapid, mutuals-calibrated assessment of whether one of your most material supplier arrangements is genuinely ready for the new regulatory environment, including insights into governance, contractual protections, concentration risk, exit credibility and ongoing monitoring. Start with the free online assessment, then talk to us if you want a full engagement. It takes around 15 minutes per supplier.

Preventing Supplier Oversight Failure

Understand where one of your most critical supplier relationships truly stands by self-assessing across our seven third-party risk domains.

The domains are anchored to FCA PS26/2, PRA PS7/26, PRA SS2/21, PRA SS1/21, FCA FG16/5, the Critical Third Parties regime under FSMA 2023, the FSB Toolkit on Third-Party Risk Management, Basel Committee TPRM Principles.

Why It Matters

Third-party failures continue to drive the headlines, with cyber incidents, hyperscaler outages and supplier insolvencies all causing real disruption to UK financial services in the last 12 months. Meanwhile, supervisory expectations have shifted hard. PRA PS7/26 and FCA PS26/2 introduce a formal register submission regime from 18 March 2027. The Critical Third Parties regime is live. Personal accountability under SM&CR for material outsourcing is now established precedent following the first SMF18 fine in 2024. And the supervisory focus is moving from "do you have a register" to "can you prove you understand and manage what is on it".

Firms that fall short face regulatory scrutiny, internal audit findings, supplier concentration risk crystallising at the worst possible moment, and significant remediation costs after the fact.

To ensure this doesn't happen to you, it's essential to evaluate your supplier arrangements early and objectively, before the regulator does.

The Tool gives you clarity on the questions that matter most to you:

• Have our most material supplier arrangements been correctly classified, and would the regulator agree?
• Do our contracts contain the protections supervisors now expect, including audit rights, sub-contractor visibility and enforceable exit?
• Have we mapped our nth-party dependencies to a useful depth, or are we exposed to suppliers we have never assessed?
• Would our exit plans actually work under stressed conditions, including a hostile or insolvent supplier?
• Is supplier cyber posture under continuous monitoring, or are we relying on annual questionnaires that miss real change?
• Is the named SMF accountable for this arrangement able to evidence the reasonable steps they have taken?
• What gaps would surface first under thematic review, and what would it cost to close them?

Start with your free online self-assessment across our seven third-party risk domains and 30 practical questions:

You'll receive an instant personalised report with:

• Your overall supplier readiness score, calibrated for building society proportionality
• A domain-by-domain breakdown showing strengths and material gaps
• The three priority gaps that matter most, ranked by weight under current supervisory expectations
• The evidence you already have in place that an independent assessor could leverage
• Board-level questions drawn from your specific gaps
• Practical next steps and runway view to your first PS7/26 register submission

If you would like to discuss a full Health Check working jointly with your own team you gain access to:

• Evidence-based assessment grounded in your actual contracts, register entries, sub-processor lists, exit plans, MI packs and Board minutes — not self-reported scores
• Sector-calibrated review reflecting building society proportionality, the Strong & Simple regime and the December 2025 mutuals report
• Concentration and nth-party dependency mapping to identify hidden exposures across your most material arrangements
• Stressed exit credibility assessment going beyond plan-on-paper to test the assumption that the supplier will not co-operate
• Regulatory benchmarking against PS26/2, PS7/26, SS2/21, SS1/21, FG16/5 and the wider supervisory direction of travel
• Board-ready written report with specific recommendations and SMF-level accountability framing
• Coaching for SMFs and NEDs on the right questions to ask, the kind of MI to demand, and the conversations to have with internal audit

We'll introduce this at the end of your readiness results, or you can contact us directly at info@greendolphintccr.com