45+ regulations and standards across five tiers - every one converging on the same demand: prove your resilience through tested, evidenced scenario exercises. Filter the universe below, and open any framework for detail.
The Regulatory Universe
45+ frameworks. Five tiers. One evidence layer.
Region
Obligation
45 frameworks of 45
Tier 1Explicit scenario-testing requirements
Regulations that name scenario exercises, tabletops, or BCM/DR testing as a direct obligation.
Landscape compiled from publicly available regulatory and standards materials. Always confirm current obligations with your compliance function or counsel.
The Common Thread
What every regulator is actually asking for
Strip away the geography and the framework names, and the underlying capability demands converge on six things.
Continuity under disruption
Operate through severe-but-plausible events without breaching tolerance thresholds.
Response & recovery readiness
Demonstrate tested capability to detect, contain, and recover from major incidents.
Third-party disruption preparedness
Critical service provider failures tested as scenarios - not assumed to be managed contractually.
Crisis communications
Internal escalation and external notification pathways validated under realistic pressure.
Testing discipline & cadence
Documented testing programs with defined frequency, scope, assumptions, and participants.
Remediation based on findings
Evidence that gaps identified in exercises are tracked, prioritised, and closed.