Industry · Financial services

Financial-services-grade IT, with the evidence pack already written

Asset managers, wealth advisers, broker-dealers and quant funds run on IT that has to satisfy the FCA, the CSSF or the SEC at twenty minutes' notice. We run the network, the cloud, the SSO and the SOC so your COO can answer a SUP 15 incident notification with evidence already in hand.

Speak to a financial services specialist

What's at stake

FCA SYSC and SMCR-relevant controls

Senior Manager & Certification Regime makes named individuals personally accountable for IT failures. Without role-based access controls and an audit trail you can defend, that's your name on the line.

MNPI & market-data segregation

Material non-public information has to be ring-fenced by access, by network, and by audit log. The questions an FSA-style enforcement bites on are always the same: who saw what, when, and how do you know.

BCDR your auditor will accept

Documented RTO and RPO per service, with a tested last-run date no older than 12 months. "We have backups" is not an answer. "Last full failover test was 19 Feb 2026, RTO met at 27 min" is.

How we help

Identity, access & SMCR controls

SSO via Authentik or Entra ID, WebAuthn / passkey enforcement, JIT elevation for privileged sessions, quarterly access reviews, and termination propagation within 4 working hours of HR notice.

MNPI & trade-data segregation

Network and identity-layer ring-fencing for research, trading and back-office functions. Every access logged with subject, predicate, object and time. Logs immutable for 7 years.

BCDR with FCA-grade evidence

Per-service RTO/RPO, tested at agreed cadence, with an evidence pack ready for SUP 15 notification or a Section 166 review. If we miss the SLA, the breach credit lands automatically.

FinOps & cloud cost governance

Azure landing zone with cost-aware controls; tagging enforced at deploy time; monthly cost reviews with named owners. Stop your AWS or Azure bill becoming a risk paper.

Trade-floor managed network

Low-latency switching, dual-carrier internet with BGP failover, voice recording integration, and the ability to add a temporary trader laptop without paging IT.

Frameworks we map to

Cyber Essentials Plus UK GDPR FCA SYSC alignment (Q3 2026) FCA SMCR-aligned access controls (Q3 2026) FCA SUP 15 evidence pack (Q3 2026) SOC 2 Type 1 (Q4 2026)

See /trust/ for the full controls-to-frameworks mapping.

Selected client work

Available on request

Financial-services client work

Detailed writeups are shared under NDA on a 30-minute discovery call. Published case studies are coming soon, with each named client's explicit sign-off.

All case studies →

Frequently asked questions

How do you support FCA SYSC and SMCR-relevant access controls?

Role-based access controls mapped to your firm's SYSC matrix; named-individual accountability surfaced in the SSO, not buried in a spreadsheet. Quarterly access reviews with diff-able evidence (you can point to exactly what changed since the last review). Termination propagation within 4 working hours of HR notice, evidenced in the audit log.

What's your evidence pack for an FCA SUP 15 incident notification?

Pre-written SUP 15 incident-notification template (timeline, root cause, impacted clients, remediation), populated from our incident log within 4 hours of detection. We hold last-30-days' logs hot and 7-year retention for the immutable archive. Your compliance lead signs off; we don't notify the FCA on your behalf, but the pack is ready when they're asked.

Do you have BCDR with documented RTO/RPO and a tested last-run date?

Yes. Per-service RTO and RPO published in your service catalogue. Test cadence is quarterly for the Regulated tier (see /service-levels/), with a tested-OK timestamp on every test. Last full London-site failover test: 19 Feb 2026, RTO met at 27 min vs 30 min target.

How do you handle MNPI segregation and audit logging?

Network segmentation at the SDN layer (research, trading, back-office, corporate IT each in their own segment with explicit allow rules). Identity segmentation via groups + ABAC. All access to MNPI-classified data logged with subject, predicate, object, time and source IP — logs immutable for 7 years on object-locked storage. We can produce a who-saw-what-when report against any client list within 1 hour.

Can you operate a quote-and-trade-grade managed network?

Yes. Low-latency LAN with QoS for voice, dual-carrier internet with BGP failover (we've seen sub-2-second cutover on a real outage), integration with NICE / Verint trade recording, and the operational headroom to add a temporary trader workstation in under 30 min. London / EC1 footprint with carrier diversity already validated.

Speak to a financial services specialist

30-minute discovery call. No slide deck — we'll ask about your auditor, your incumbent supplier, and what would change if your IT actually understood your sector.

Book a consultation