UK financial-services evidence
FCA/PRA Evidence Pack Dependency Register
Last updated: 2026-06-10 06:23:18 UTC. Applies to controller.intelxview.com.
This register ties the ACP proof-pack, provider-provenance, scenario, audit, and operational-resilience dependencies into one review-ready status view. It is technical and operational evidence only, not FCA/PRA certification or legal advice.
Latest Proof-Pack Evidence
- Latest successful proof-pack run: generated 2026-06-10T06:23:18Z.
- Overall status: pass (all foundation-proof steps).
- Cryptographically signed manifest, retained 365 days as the release-gate source.
Auto-updated from the latest successful Proof Pack — Nightly run (revalidates hourly).
Architecture & Governance
How the AI Control Plane governs an AI action and turns it into tamper-evident, signed evidence that risk, compliance, and audit can review. These diagrams are a conceptual overview for external review and intentionally exclude implementation and deployment detail.
Dependency Status
| Dependency | State | Evidence | Residual action |
|---|---|---|---|
| OpenAI/Anthropic live provider proof | Complete | Live OpenAI and Anthropic request IDs plus audit provenance recorded with fallback_used=false. | Refresh before formal submission if freshness is required. |
| Provider-proof blocker | Complete | Auth path, tenant/project inputs, and source-of-truth decision recorded. | Runtime secrets-store reconciliation remains separate hardening, not a blocker. |
| FCA synthetic scenarios | Complete | Scenario fixtures, tests, run script, sample evidence path, and Rego coverage are checked off. | Firm-specific scenarios still require review before formal use. |
| Audit-log evidence | Complete with review caveat | Durable, persisted audit storage and a key-rotation runbook are in place; additional closeout evidence is retained privately. | Capture a fresh non-empty audit excerpt before formal regulator submission. |
| Firm operational-resilience mapping | Complete for anonymised pilot appendix | Appendix RB-OR-2026-A maps service position, impact tolerance, severe scenarios, material dependencies, owners, cadence, and boundary. | Replace anonymised fields with the firm's named facts before production or formal regulator submission. |
| Compliance signoff boundary | Recorded | Pack states that ACP provides technical/operational evidence only. | The regulated firm must complete its own compliance/legal review. |
Regulatory Evidence Matrix
| Theme | Status | Boundary |
|---|---|---|
| AI governance and accountability | Usable technical evidence | Formal governance mapping remains firm-specific. |
| Consumer Duty outcome evidence | Complete for synthetic scenarios | Production outcome metrics must be firm-owned. |
| Operational resilience | Complete for anonymised pilot appendix | Named-firm service mapping and formal impact tolerance remain firm-owned. |
| Provider dependency management | Complete for generic provider proof | The firm must classify materiality and reporting duties. |
| Evidence-chain integrity | Pass | Retain artifact references for each pack version. |
| Audit, retention, and redaction | Complete with caveat | Capture a fresh audit-log excerpt before formal submission. |
Firm-Specific Mapping
Generic ACP evidence cannot define a regulated firm's important business service, impact tolerance, severe-but-plausible scenarios, or SMF ownership. Those items are tracked separately for each firm's deployment.
The anonymised pilot appendix is published at /fca-pra-operational-resilience-mapping.
Formal Boundary
Use this page as a technical evidence index supporting firm and regulator review. A regulated firm must still run its own compliance and legal review before treating the pack as formal FCA/PRA evidence.
Source register: FCA/PRA evidence dependency register, maintained under version control and available on request.