Oversight tasks
The supervision programme of a principal firm is a set of recurring tasks. The product ships with a default catalogue tied directly to the regulatory sources, and exposes the catalogue at /demo/principal/settings for principal-admin to customise per tenant. Frequency overrides, disable / enable, and tenant-specific custom tasks all flow through the same model.
Why a task model
Section titled “Why a task model”The PS22/11 supervision programme is a calendar problem. The regulator expects a specific cadence of reviews, attestations, data returns, and self-assessments, and expects each one to be evidenced. Asking the principal-admin to remember the cadence in their head, or to keep it in a spreadsheet, is the failure mode the product replaces. The tasks become rows in a register, due dates compute deterministically from the frequency, and every cycle’s outputs (file reviews, attestations, returns) link back to the task they discharged.
Task shape
Section titled “Task shape”// lib/types.ts (excerpt)export type TaskFrequency = | "weekly" | "monthly" | "quarterly" | "half-yearly" | "annual" | "ad-hoc";
export type TaskCategory = | "review" | "attestation" | "data-collection" | "filing" | "training" | "other";
export type TaskScope = "per-ar" | "firm-level";
export type TaskAppliesTo = "AR" | "IAR" | "all";
export type TaskRegulatorySource = | "ps22-11" | "sup-12.6" | "sup-12.6a" | "sup-15" | "disp-1" | "consumer-duty" | "sysc-15a" | "fg21-1" | "internal";
export interface OversightTask { id: Ulid; title: string; description: string; category: TaskCategory; scope: TaskScope; appliesTo: TaskAppliesTo; defaultFrequency: TaskFrequency; ownerRole: Role; /** Days after the cycle start the task is due. */ dueOffsetDays: number; source: TaskRegulatorySource; isCanonical: boolean;}
export interface OversightTaskOverride { taskId: Ulid; frequency: TaskFrequency | null; // null = inherit defaultFrequency enabled: boolean; notes: string | null;}Default catalogue
Section titled “Default catalogue”Fourteen tasks ship with the product. The full set lives in lib/oversight-tasks.ts. Summary by category:
Review
Section titled “Review”| Task | Default frequency | Owner | Applies to | Source |
|---|---|---|---|---|
| Annual review of each AR | Annual | Compliance officer | All | SUP 12.6A |
| File review — critical-band ARs | Monthly | Compliance officer | All | SUP 12.6 |
| File review — elevated and high-band ARs | Quarterly | Compliance officer | All | SUP 12.6 |
| File review — baseline sampling | Quarterly | Compliance officer | All | Internal |
Data collection
Section titled “Data collection”| Task | Default frequency | Owner | Applies to | Source |
|---|---|---|---|---|
| AR submits quarterly MI return | Quarterly | AR | All | SUP 12.6A |
| Vulnerable-customer MI roll-up | Quarterly | Compliance officer | All | FG21/1 |
Attestation
Section titled “Attestation”| Task | Default frequency | Owner | Applies to | Source |
|---|---|---|---|---|
| Supervision 1:1 with AR senior individual | Half-yearly | Compliance officer | AR only | SUP 12.6 |
| IAR scope-adherence attestation | Quarterly | AR (the IAR) | IAR only | SUP 12.6 |
| Policy attestation — AR refresher | Annual | AR | All | Consumer Duty |
| Operational resilience self-assessment | Annual | Principal admin | All | SYSC 15A |
Filing
Section titled “Filing”| Task | Default frequency | Owner | Applies to | Source |
|---|---|---|---|---|
| Annual AR oversight self-assessment | Annual | Principal admin | All | PS22/11 |
| REP025 annual data return | Annual | Principal admin | All | PS22/11 |
| DISP 1 complaints return | Half-yearly | Compliance officer | All | DISP 1 |
| Consumer Duty board report | Annual | Principal admin | All | Consumer Duty |
Customisation
Section titled “Customisation”Principal-admin can, per tenant:
- Change a task’s frequency to anything in the
TaskFrequencyenum. Common adjustments: monthly file reviews even for moderate-band ARs (more conservative), half-yearly MI returns instead of quarterly (a smaller network with low volumes), annual instead of half-yearly DISP 1 returns (where complaint volumes are below the threshold for half-yearly reporting). - Disable a task that doesn’t apply. For example, an entirely-IAR network can disable the supervision 1:1 task (which applies only to AR appointments) and the operational resilience self-assessment if no IAR supports an Important Business Service.
- Add a custom task not in the canonical catalogue. Common examples: internal anti-bribery attestation, financial-promotions sign-off cycle, AR-individual fitness-and-propriety re-check, principal-side data-protection officer review.
Versioning
Section titled “Versioning”Each frequency change writes a TaskFrequencyChange audit event with old and new values, attribution, and timestamp. Past cycles are not retroactively re-cadenced; the next cycle uses the new frequency. The annual self-assessment exports the full task register including the in-force frequency and any changes made during the period.
This matters because PS22/11 expects the principal to be able to evidence its supervision programme over time. A principal that increases file-review frequency after a near-miss should be able to show the regulator the change date, the rationale, and that the new cadence took effect from the next cycle.
Owner roles
Section titled “Owner roles”Each task has an owner role that determines whose to-do list the task lands on. The same role mapping is enforced at the RBAC layer (see Persona and tenant model).
| Role | Tasks owned |
|---|---|
| Principal admin | Self-assessment, REP025, Consumer Duty board report, operational resilience |
| Principal compliance officer | All file-review tasks, annual AR review, supervision 1:1, vulnerable-customer MI, DISP 1 |
| AR (AR-user persona) | Quarterly MI return, IAR scope attestation, policy attestation |
How frequency interacts with risk
Section titled “How frequency interacts with risk”The product does not auto-up-frequencies based on risk band. The principal-admin sets the policy; the risk model surfaces the AR-level signal. This separation is deliberate: an automatic up-cadence would be a regulatory intervention the product shouldn’t make on its own. What it does do is surface band changes on the principal home so the principal-admin can adjust policy explicitly.
A common pattern: file-review frequency is monthly for critical-band ARs, quarterly for elevated and high, half-yearly for moderate, annual (with random sampling) for low. The default catalogue ships with the first three of these baked in as separate tasks.
See also
Section titled “See also”- File-review rubrics — the scoring criteria each review task uses.
- Case-file contents — what the reviewer reads alongside each rubric item.
- Connectors and enrichment — where the data scored against these tasks comes from.
- PS22/11 — the source for the annual self-assessment, REP025, and the per-AR annual review.