Assurance Services

Providing the support your business needs to meet its regulatory requirements from initial assessment into business as usual.

In an increasingly complex regulatory landscape, our Assurance services focus on supporting your business to identify, assess and deliver significant change.


Our Assurance Services include

Data Protection

We provide a targeted Data Protection Health Check service to support all types of organisations and businesses. Our Health Checks provide a structured and informative review of compliance with GDPR and local data protection legislation using a tried-and-tested set of tools tailored to individual business needs.

They focus on both business and IT requirements, looking at what personal information is held and processed and what data protection risks exist. The output is a bespoke report and plan to allow your business to move towards compliance and ensure you maintain compliance.

Risk Management

We support organisations to understand their approach to, and execution of, risk governance. This helps drive better identification and management of risks, and ultimately assists organisations in making better decisions. Our team consists of highly experienced and skilled professionals who work collaboratively with our clients to positively influence their approach to risk governance.

Operational Resilience

We support organisations to develop a fit-for-purpose approach to evidence compliance with the Financial Conduct Authority’s (FCA)Operational Resilience rules. This includes the organisation’s approach to identifying and mapping important business services, setting impact tolerances, and delivery of scenario testing to meet regulatory requirements. Working alongside the client, our team supports organisations in building an effective and compliant operational resilience framework across the end-to-end business model.


We can support your organisation in developing what you need to establish and manage your outsourcing arrangements. We help clients to develop their outsourcing approach, engage with the regulators, select service providers, manage delivery, and establish processes for the ongoing management of their relationships. Ultimately, we focus on implementing appropriate oversight and control over outsourcing arrangements and working with you to align with the required regulatory standards.


We have the skills and experience to support organisations to design and implement regulatory change projects into business as usual.

Whether it’s delivering technology solutions, improving processes and procedures, or implementing new regulatory requirements, we can help by providing the project structure and business analysis expertise to successfully identify, assess and deliver regulatory change.

Our experience of regulatory and compliance projects includes:

  • Design and implementation of regulatory changes
  • Onboarding and compliance systems
  • Regulatory reporting
  • Post-M&A remediation and integration
  • Client data management and remediation
  • Regulatory Technology (RegTech) implementation

Assurance services articles

Case Study
CBO support Ravenscroft with Risk Management Framework

Context Ravenscroft engaged CBO’s assurance services to help them mature their Risk Management Framework (“RMF”) to ensure that it was fit for purpose to demonstrate effective risk management and risk oversight. Ravenscroft’s Chief Risk Officer (“CRO”) had a desire to mature the RMF, thereby documenting and evidencing how the elements of the RMF work together […]

Blog Post
Data Protection: Five years on from GDPR

Since GDPR and the Channel Islands data protection legislation were implemented 5 years ago, personal data has become increasingly valuable and its protection more critical than ever before. Getting it wrong can be costly – for your reputation and your pockets. We sat down with Ed Mason-Smith, data protection expert and director here at CBO, […]

Case Study
Operational Resilience project supports First Central Group to achieve regulatory compliance

Context In March 2021 the Financial Conduct Authority (FCA) issued its final rules requiring firms within the UK’s financial sector to ensure operational resilience. CBO supported First Central Group, a Guernsey-based UK motor insurance provider, to achieve and evidence compliance with the FCA’s rules. Approach CBO provided project management and business analysis resource to support […]

Case Study
Client data project helps financial services business meet regulatory requirements

CBO supported a locally-based independent fiduciary and fund administration business to deliver a project driven by regulatory requirements. After a period of sustained growth, the business identified the need to enhance the efficiency of its existing processes, policies and systems relating to client data management and reporting capabilities. Identifying an opportunity, the client engaged CBO […]

Case Study
The Medical Specialist Group

The Medical Specialist Group The Medical Speciality Group (MSG) is a Guernsey-based organisation providing secondary health care and services to islanders across a broad range of specialisms. In the provision of these medical services, the MSG processes a large volume of extremely sensitive personal data where adequate controls of data and processes are needed to […]

Case Study
Data protection health check for Guernsey Mind

Guernsey Mind Guernsey Mind is an independent mental health charity, promoting positive mental health for the community by providing free mental health services as well as raising overall awareness. In the day-to-day running of the charity, Guernsey Mind processes and holds a wide range of personal data. The effective protection, security, and controls over of […]

Fancy a chat? Get in touch with CBO today to discuss how we can help