Bank of England · Digital Securities Sandbox

Gate 2 Application Guide

A structured walkthrough of the Gate 2 submission process for Digital Securities Depositories (DSDs). Work through each section to prepare a complete, submission-ready application package.

Corporate Entity Stage 2 → Go-Live In Progress
Progress 0 / 13
Getting Started
Gate 2 — What It Is & How to Prepare
Understand the full scope before completing any documents
Pre-Requisite Check

You must have passed Gate 1 and hold a Sandbox Approval Notice (SAN) before applying for Gate 2. Your SAN must list your permitted FMI activities. You may not undertake any live activity until Gate 2 approval is granted.

What the Bank Is Assessing

The Bank's Gate 2 review is calibrated to the realities of a new firm using relatively untested technology. The Bank does not expect DSD-level maturity from day one — it expects a minimum level of preparedness to operate safely and wind down in an orderly way.

The Bank focuses on three primary systemic risks:

🔴 Cyber Contagion 🟡 Significant Asset Losses 🔵 Disorderly Wind-Down

Your Document Package

📋Gate 2 Questionnaire

Main narrative application. 9 sections covering your firm, technology, governance, operations, risk, and wind-down plan.

RequiredPDF Submission
🔐CQUEST — Cyber Resilience

50 structured questions across 6 NIST-aligned domains. Ratings A–D with mandatory written rationale.

Requireddsscquest.xlsx
📜Self-Attestation

Article-by-article compliance statement against the DSS Rules Instrument 2024. 76 articles, each requiring a compliance status and explanation.

Requiredselfattestationtemplate.xlsx
👤Controller Forms

Fit & proper declarations for all individuals and entities with significant influence or 10%+ ownership. Corporate form applies to your entity type.

Requireddss-corporate-controller-form.docx

The Application Process

  1. Confirm Gate 1 status
    Verify your SAN is active and lists the FMI activities you intend to conduct. Your SAN will specify: notary service, central maintenance, and settlement service (at minimum).
  2. Complete the Gate 2 Questionnaire
    Work through all 9 sections in this guide. This is the core narrative document describing your firm's readiness. Allow 4–6 weeks for thorough completion.
  3. Complete the CQUEST
    Rate each of 50 cyber questions A–D and write a rationale for each. If gaps exist vs. A, document your improvement plan before go-live.
  4. Complete the Self-Attestation Template
    Work through 76 articles of the DSS Rules Instrument. For each, state Compliant / Partially Compliant / Non-Compliant and explain how you meet (or plan to meet) each article.
  5. Submit Controller Forms
    Complete a corporate controller form for the entity and individual forms for each person who holds 10%+ or exercises significant influence.
  6. Engage with the Bank before submission
    The Bank strongly encourages pre-submission engagement. Contact your supervisory contact to discuss gaps, questions, and expected timelines.
  7. Submit and await review
    The Bank will assess your submission and may request follow-up information. If approved, your SAN is updated and you may begin live activity within your assigned asset limits.
Important Deadline Context

The DSS application window is expected to close around March 2027. The DSS itself runs until December 2028 (extendable). Apply early enough to allow for review rounds and any required remediation before go-live.

Gate 2 Questionnaire · Section 1
Firm Details
Basic legal and entity information about your organisation

What the Bank is looking for

A clear, accurate picture of your legal entity, its registration, ownership structure, and the specific FMI activities you intend to carry on in the DSS. Ensure this is consistent with your SAN.

1.1 What is the full legal name, company registration number, and registered address of the applicant entity?
GuidanceUse the exact name as registered at Companies House. Include your registered office address and principal place of business if different. This must match your SAN.
1.2 What FMI activities does your SAN permit you to undertake, and which of these do you intend to conduct at go-live?
GuidanceList the specific core services from Section A of Chapter 4 in your SAN (notary, central maintenance, settlement). Also list any ancillary FMI activities. Distinguish between what you are approved to do and what you plan to start with.
1.3 Describe the ownership structure of the applicant, including all entities or individuals holding 10% or more of shares or voting rights.
GuidanceProvide a simplified org chart or ownership table. Controllers will need to submit separate controller forms. If backed by VC/PE, list the fund and its GP. Note any significant changes since Gate 1.
1.4 Is the applicant part of a group? If so, describe the group structure and identify any other regulated entities within the group.
GuidanceIf part of a group, the Bank needs to understand potential contagion risks, conflicts of interest, and any intra-group outsourcing arrangements. Reference Article 26.7 of the DSS Rules (group governance obligations).
Controller Forms Reminder

For every individual or corporate entity identified in questions 1.3 and 1.4 as a controller, a separate controller form must be submitted. For your corporate entity type, use dss-corporate-controller-form.docx for corporate controllers and dss-individual-controller-form.docx for individuals.

Gate 2 Questionnaire · Section 2
Business Model & Technology (DLT)
Describe how your platform works and why DLT is central to your model

What the Bank is looking for

The Bank wants to understand your technology stack, how DLT is used to perform FMI functions, what instruments you will support, and what your go-live timeline looks like. The DSS exists specifically to accommodate new technology — be precise and candid about how yours works.

  • How DLT enables notary, maintenance, and/or settlement functions
  • What asset types and instrument classes you plan to support
  • Whether you are a standalone DSD or hybrid entity (DSD + trading venue)
  • Realistic go-live timeline and initial operating scope
2.1 Provide a high-level description of your business model. What problem does your platform solve and who are your target participants/users?
GuidanceKeep this concise (1–2 paragraphs). Focus on the economic rationale for using DLT in this context, not just the technology itself. Identify your target participant types (e.g. institutional investors, broker-dealers, issuers).
2.2 Describe the DLT architecture underpinning your platform. What type of DLT is used, how is consensus achieved, and who can participate in the network?
GuidanceDistinguish between permissioned and permissionless. Explain consensus mechanism. The Bank is particularly focused on whether the architecture creates systemic risks (e.g., uncontrolled nodes, public chain dependency). Reference how your technology choices relate to the integrity of the issue (Article 37) and asset protection (Article 38).
2.3 What financial instruments will be issued, recorded, or settled on your platform at go-live? Are these instruments eligible under the DSS Regulations?
GuidanceEligible instruments are those listed in Part 1 of Schedule 2 to the RAO, excluding paragraphs 4–10 (so derivatives are generally excluded unless they also qualify under paragraph 1). Be explicit about instrument eligibility. The Bank will scrutinise this carefully.
2.4 What is your intended go-live timeline and initial operating scope? What asset volume limits do you expect to operate within?
GuidanceThe Bank assigns individual asset value limits to each DSD. At Gate 2 the overall DSS limits apply. Your application should show you understand these limits and have planned operations within them. The Bank takes a conservative approach to limit-setting at this stage.
Gate 2 Questionnaire · Section 3
Governance & Senior Management
Covering Articles 26, 27, 29, 32 of the DSS Rules Instrument 2024

What the Bank is looking for

Robust governance is a hard requirement. The Bank needs to be satisfied that senior management are of good repute, the firm has appropriate policies, there is a sound risk management culture, and there is no unresolved conflicts of interest. Article 26 obligations are non-negotiable.

3.1 Describe the governance structure of the firm, including the composition of the management body, and how roles and responsibilities are defined. Art. 26.1 / 27.5
GuidanceProvide a board/management body composition table. Include executive directors, non-executive directors (if any), and senior management. Describe the key committees (e.g. risk committee, audit committee, technology committee) and their remits. The Bank must be able to request management body minutes.
3.2 Confirm that senior management are of sufficiently good repute and experience to ensure sound and prudent management. Art. 27.1
GuidanceSummarise the relevant experience of each member of senior management. Focus on FMI experience, financial services regulation, technology, and risk management. Note that individual controller forms will capture fitness and propriety in more detail.
3.3 Describe how conflicts of interest are identified, managed, and resolved within the firm. Art. 26.3
GuidanceThis is especially important for hybrid entities (DSD + trading venue) or where directors have external board positions. Describe your conflicts of interest policy, register, and escalation procedure.
3.4 Describe your whistleblowing arrangements for employees to report potential infringements internally. Art. 26.5
GuidanceThe DSS Rules require a specific internal channel. This can be as simple as a documented reporting line to a designated officer or NED, supplemented by an external FCA whistleblowing channel.
3.5 What are the firm's clearly defined goals and objectives, including around level of service and business priorities? Art. 32.1
GuidanceThe Bank wants to see that you have articulated realistic, achievable goals — not aspirational statements. Include service level targets, participant commitment timelines, and how you measure success.
Gate 2 Questionnaire · Section 4
Settlement & Custody Arrangements
Covering Articles 36–39 of the DSS Rules Instrument 2024

What the Bank is looking for

This section is at the heart of what a DSD does. The Bank needs confidence that you have thought through the integrity of every security issue, that assets are properly segregated, that settlement is final and timely, and that DVP is enforced. These obligations are not modifiable at Gate 2.

4.1 How do you ensure the integrity of each securities issue — that the number of securities recorded equals the sum across all accounts? Reconciliation must occur at least daily. Art. 37.1
GuidanceDescribe your reconciliation process, its frequency, how discrepancies are detected and resolved, and what automated controls prevent securities overdrafts. Article 37.3 strictly prohibits securities overdrafts — describe how your system enforces this.
4.2 How do you segregate participant assets from each other and from your own assets? Describe omnibus and individual segregation capabilities. Art. 38.1–38.4
GuidanceThe DSS Rules require you to: (a) segregate participant assets from your own; (b) enable participants to segregate their clients' assets; (c) support omnibus client segregation; (d) support individual client segregation on request. Be specific about how your DLT architecture achieves this.
4.3 Describe your settlement finality arrangements — when are transfer orders entered and irrevocable? How is finality achieved in real time or intra-day, and no later than end of settlement date? Art. 39.2–39.5
GuidanceSettlement finality is a core legal protection for participants. Clearly define the moment of entry and irrevocability in your rules. The Bank will look for alignment with the Financial Markets and Insolvency (Settlement Finality) Regulations 1999 (FMI SFR) where relevant.
4.4 Describe your participant default rules and procedures. Art. 41.1
GuidanceYou need clearly defined and documented rules for what happens when a participant defaults. This should cover how transactions are handled, how assets are ring-fenced, and how the default is communicated to other participants.
Gate 2 Questionnaire · Section 5
Cash Settlement
Covering Articles 39.7 and 40 of the DSS Rules Instrument 2024

What the Bank is looking for

All securities-vs-cash transactions must settle on a DVP basis (Article 39.7). For GBP settlements, the Bank strongly prefers settlement through accounts at the Bank of England itself where practical. If you settle through commercial bank accounts or your own accounts, Articles 54–60 apply. This is one of the most commercially sensitive areas — be very precise about your cash leg arrangements.

5.1 How is the cash leg of securities settlement handled? Through which accounts will cash payments be settled? Art. 40.1 / 40.2
GuidanceChoose one of the three paths and explain it clearly: (a) BoE accounts for GBP [preferred]; (b) credit institution accounts under Arts 54–60; or (c) own accounts under Arts 54–60. If using a credit institution, name them (or explain that you are in discussion). Many DSDs at Gate 2 will be using commercial bank accounts — this is acceptable but requires detailed compliance with Arts 54–60.
5.2 What information do you provide to market participants about the risks and costs of your cash settlement arrangements? Art. 40.3
GuidanceThe DSS Rules require this disclosure to be clear, fair, and not misleading, and to be sufficient for clients to identify and evaluate the risks and costs. This should be in your rulebook/participant documentation.
Gate 2 Questionnaire · Section 6
Risk Management Framework
Covering Articles 42–46 of the DSS Rules Instrument 2024

What the Bank is looking for

A comprehensive risk management framework covering legal, business, operational, and other risks — including fraud and negligence. For a Gate 2 DSD, the Bank calibrates its expectations to your stage of development, but expects a credible and documented framework to be in place before go-live.

6.1 Describe your risk management framework. How do you identify, monitor, manage, and report the risks to which the firm is exposed? Art. 42.1 / 43.1
GuidanceCover: legal risk (clear rules and contracts, enforceable across relevant jurisdictions), business risk, operational risk (Article 45), and investment risk on liquid assets (Article 46). Describe your three lines of defence model if applicable.
6.2 Describe your operational resilience arrangements, including IT systems, business continuity, and disaster recovery. Art. 45.1–45.4
GuidanceArticle 45 requires rules and procedures for operational risk, adequate IT systems, and business continuity plans. The Bank will look for: system redundancy, tested BCP, RTO/RPO targets, and incident management processes. Note that cyber resilience is covered separately in the CQUEST.
6.3 Describe your outsourcing arrangements, if any. How do you maintain responsibility for all outsourced functions? Art. 30.1–30.3
GuidanceIf you outsource any core service to a third party (cloud infrastructure, smart contract development, node operation), Article 30 requires you to remain fully responsible. List all material outsourcing. Note that outsourcing a core service that is not already permitted in your SAN requires a prior modification request (Article 19.1).
Gate 2 Questionnaire · Section 7
Wind-Down Plan
One of the Bank's three core Gate 2 concerns — reviewed in detail
High Priority — Bank Scrutiny

The Bank states explicitly that it will carefully review entrants' wind-down plans. This section must demonstrate that in the event of failure or cessation, participants' assets can be returned, obligations discharged, and systemic disruption avoided. A vague or aspirational wind-down plan will not pass.

7.1 Describe your wind-down plan. Under what scenarios would wind-down be triggered, and what would the process be?
GuidanceTrigger scenarios: voluntary exit from DSS, insolvency, regulatory direction, loss of key technology, failure to meet minimum capital. Process: how are participants notified, how are assets returned, how are open transactions handled, what is the timeline, and who is responsible for executing the plan.
7.2 What financial resources have you set aside to fund an orderly wind-down? How long would these sustain operations during wind-down?
GuidanceThe Bank expects you to have quantified your wind-down costs and maintained adequate liquid resources. Article 44 (General Business Risk) and Article 47 (Capital Requirements) are directly relevant. Show your calculation methodology.
Gate 2 Questionnaire · Section 8
Financial Resources & Capital
Covering Articles 44, 46, and 47 of the DSS Rules Instrument 2024

What the Bank is looking for

Adequate financial resources to cover business risk and fund wind-down. Capital must be held in liquid, low-risk instruments. The Bank expects to see a documented capital policy and evidence that current resources meet requirements.

8.1 What are your current capital resources? How do these compare to your minimum capital requirements under Article 47?Art. 47.1 / 47.2
GuidanceUnder Article 47 of the DSS Rules Instrument, DSDs must hold capital. The requirement is calculated by reference to operating expenses. Provide your calculation and current capital position. Show headroom above minimum.
8.2 Describe your investment policy for liquid assets held as capital or reserves. Art. 46
GuidanceThe investment policy must ensure capital is held in low-risk, liquid instruments. Concentration limits, counterparty limits, and restrictions on asset types should all be documented.
Gate 2 Questionnaire · Section 9
Participation Criteria & Record Keeping
Covering Articles 29, 33, and 38 of the DSS Rules Instrument 2024
9.1 What are your criteria for participation in your Securities Settlement System? How are participants admitted, monitored, and removed? Art. 33.1
GuidanceParticipation criteria must be defined, documented, and available to the Bank on request. They should be objective, risk-based, and non-discriminatory. Describe onboarding KYC/AML, ongoing monitoring, and the process for revoking access.
9.2 Describe your record keeping arrangements. How do you maintain records for at least 5 years and make them available to the Bank? Art. 29.1 / 29.2
GuidanceRecords must cover all services and activities, for a minimum of 5 years. They must be available to the Bank and any other relevant public authority on request. Describe your data storage, format, integrity controls, and retrieval procedures.
Gate 2 Questionnaire — Complete

You have now worked through all 9 sections of the Gate 2 Questionnaire. Before submission, review all responses for consistency, then proceed to the CQUEST, Self-Attestation, and Controller Forms.

Cyber Resilience Questionnaire
CQUEST — Completion Guide
50 questions, 6 domains, A–D ratings with mandatory written rationale
File: dsscquest.xlsx — Assessment Tab

Open dsscquest.xlsx and work in the Assessment tab. For each question: select a response (A–D) in the Response column, then write your rationale in the Rationale column. If you reference information provided in the Gate 2 Questionnaire, signpost it rather than duplicating.

The 6 Domains

1. Governance & Leadership
Q1–8
2. Identify
Q9–14
3. Protect
Q15–30
4. Detect
Q31–37
5. Respond
Q38–44
6. Recover
Q45–50

Rating Guide

Rating What It Means Expectation
A Highest maturity — documented, independently verified, continuously operating Ideal — aim for this across most questions
B Good maturity — documented and operating, minor gaps in assurance or frequency Acceptable in most areas at Gate 2
C Partial — some controls in place but ad-hoc or not independently confirmed Needs improvement plan documented in rationale
D Not in place Must have a credible, time-bound action plan before go-live
Key Principle: Honesty Over Optimism

The Bank values candour. Selecting inflated ratings without supporting rationale will be identified during review and will undermine confidence in your application. If you are at C or D on any question, own it and describe a credible improvement plan. Planned improvements before go-live are acceptable — gaps at go-live are not.

Critical Questions for Cyber Contagion (Bank Priority)

These questions are directly tied to the Bank's primary concern of cyber contagion. Aim for A or B and ensure rationale is detailed:

Q# Topic Why Critical
Q1 Cyber strategy approved at board level Governance foundation
Q15 IAM / MFA standard Phishing attack prevention
Q16 Remote access strong authentication Network intrusion prevention
Q22 Supply chain security Third-party contagion risk
Q31 Network monitoring Detection of attacks
Q36 Detection integrated with incident response Response speed
Q38 Incident response planning Containment of contagion
Q41 Regulatory communications in response plan Obligation to notify the Bank
Q47 Data backups — encrypted, offline Asset data integrity
Self-Attestation Template
Article-by-Article Compliance Guide
selfattestationtemplate.xlsx — 76 articles across 18 topic areas
File: selfattestationtemplate.xlsx

For each article, complete two columns: Compliance Status (Compliant / Partially compliant, with actions required / Not compliant, with actions required) and Explanation of Compliance. Every article requires an explanation — do not leave any blank.

Article Groups & Complexity

Articles Topic Complexity Notes
5.3 Emergency notification LOW Confirm you will notify the Bank of any emergency promptly
6.1 SAN breach reporting LOW Confirm process for reporting SAN breaches immediately
19.1–19.6 Extension & outsourcing of activities MED If not outsourcing core services at go-live, most will be N/A
26.1–26.7 Governance — general provisions HIGH Core — cross-reference Section 3 of Gate 2 Q
27.1 / 27.5 Senior management MED Cross-reference controller forms
29.1–29.2 Record keeping (5 years) LOW Cross-reference Section 9 of Gate 2 Q
30.1–30.3 Outsourcing HIGH Cross-reference Section 6 of Gate 2 Q; detailed only if outsourcing
32.1 Conduct of business / goals LOW Cross-reference Section 3 Q3.5
33.1 Participation criteria LOW Cross-reference Section 9
36.1 DSD services — general MED Rules and procedures for SSS operation
37.1–37.3 Integrity of the issue HIGH Daily reconciliation, no overdrafts — cross-reference S4
38.1–38.7 Asset protection & segregation HIGH Core — cross-reference Section 4
39.1–39.7 Settlement finality + DVP HIGH Core — cross-reference Sections 4 & 5
40.1–40.3 Cash settlement HIGH Core — cross-reference Section 5
41.1 Default rules MED Cross-reference Section 4 Q4.4
42.1–47.2 Prudential + risk framework HIGH Cross-reference Sections 6, 7, 8
48.1–48.10A DSD links MED Only relevant if you plan DSD-to-DSD links; N/A otherwise
54–60 Banking-type ancillary services HIGH Only applies if settling through own accounts or acting as credit institution
Efficiency Tip — Cross-Reference Don't Duplicate

The Bank explicitly allows cross-referencing. Where your Gate 2 Questionnaire already addresses an article, write in the Explanation column: "See Gate 2 Questionnaire, Section [X], Question [Y]" and add any additional detail specific to the legal article. This saves time and keeps your submission consistent.

Controller Forms
Fit & Proper — Controller Declarations
Required for all entities and individuals with significant influence or 10%+ ownership

Who Must Submit a Controller Form?

  • Any corporate entity holding 10%+ of shares or voting rights in the applicant → dss-corporate-controller-form.docx
  • Any individual holding 10%+ of shares or voting rights → dss-individual-controller-form.docx
  • Any individual who exercises significant influence over the management of the applicant (regardless of ownership) → dss-individual-controller-form.docx
  • Any partnership with a controlling stake → dss-partnership-controller-form.docx
Honesty Obligation

Controller forms ask about criminal convictions, regulatory sanctions, civil proceedings, and financial history. These declarations are made directly to the Bank of England. Incomplete or inaccurate declarations are a serious regulatory matter. When in doubt, disclose and explain.

Corporate Controller Form — Key Sections

For your corporate entity, the form typically requires:

  • Full legal name, registration details, and registered address of the controlling entity
  • Description of the nature and extent of control or influence held
  • Details of the controlling entity's own ownership structure (UBOs)
  • Any regulatory authorisations or recognitions held by the controlling entity
  • Declarations on legal proceedings, financial soundness, and fitness
  • Signature of an authorised signatory of the controlling entity

Individual Controller Form — Key Sections

  • Personal details, address history (last 5 years), nationality
  • Employment history (last 10 years)
  • Regulatory approvals held (SMF/CF functions at other firms)
  • Criminal record declarations
  • Civil proceedings, regulatory sanctions, disciplinary history
  • Financial soundness (bankruptcy, IVAs, etc.)
  • Conflicts of interest
Privacy Notice

The dss-controller-form-privacy-notice.pdf in the project documents sets out how the Bank processes personal data in controller forms. Each individual submitting a form should be provided with this privacy notice before completing their form.

Final Step
Pre-Submission Checklist
Verify completeness before sending to the Bank of England
Engage the Bank Before You Submit

The Bank strongly encourages pre-submission engagement. Contact your supervisory point of contact to discuss your application, flag any areas of uncertainty, and agree a submission date. Do not submit cold without prior engagement.

Document Checklist

📋 Gate 2 Questionnaire

  • ☐ Section 1 — Firm details, SAN confirmation, ownership structure complete
  • ☐ Section 2 — Business model, DLT architecture, instrument eligibility addressed
  • ☐ Section 3 — Governance structure, senior management fit & proper, conflicts policy
  • ☐ Section 4 — Settlement finality rules, asset segregation, DVP mechanism, default rules
  • ☐ Section 5 — Cash settlement arrangements, DVP enforcement, participant disclosures
  • ☐ Section 6 — Risk management framework covering legal, business, operational risk
  • ☐ Section 7 — Wind-down plan with triggers, process, timeline, and financial resources
  • ☐ Section 8 — Capital position calculated and documented, investment policy in place
  • ☐ Section 9 — Participation criteria, record keeping arrangements confirmed

🔐 CQUEST (dsscquest.xlsx)

  • ☐ All 50 questions answered with A/B/C/D rating in Response column
  • ☐ Rationale written for every question (not just those with C or D)
  • ☐ Any C/D ratings have a credible improvement plan with timeline
  • ☐ Questions overlapping with Gate 2 Questionnaire are cross-referenced
  • ☐ Cyber contagion priority questions (Q1, 15, 16, 22, 31, 36, 38, 41, 47) reviewed by CISO / technical lead

📜 Self-Attestation (selfattestationtemplate.xlsx)

  • ☐ All 76 articles have a Compliance Status selected
  • ☐ All 76 articles have a written Explanation (no blanks)
  • ☐ Partially compliant / non-compliant articles have action plans
  • ☐ High-complexity articles (37, 38, 39, 40, 42–47) reviewed by legal counsel
  • ☐ Article 54–60 section: completed if settling through own/commercial bank accounts; N/A flagged if not applicable
  • ☐ Article 48 section: completed if DSD links planned; N/A flagged if not applicable
  • ☐ Explanations cross-reference Gate 2 Questionnaire sections consistently

👤 Controller Forms

  • ☐ Corporate controller form completed for all corporate controllers (10%+)
  • ☐ Individual controller form completed for all individual controllers (10%+)
  • ☐ Individual controller form completed for all persons exercising significant influence
  • ☐ Privacy notice provided to all individuals submitting forms
  • ☐ All forms signed by appropriate authorised signatories

Consistency Checks

  • ☐ Firm legal name is identical across all documents and matches Companies House
  • ☐ FMI activities described in Gate 2 Q match those in your SAN exactly
  • ☐ Ownership/controllers in Gate 2 Q Section 1 match controller forms submitted
  • ☐ Cash settlement approach is consistent across Gate 2 Q Section 5 and Self-Attestation Arts 40, 54–60
  • ☐ Wind-down financial resources in Section 7 are consistent with capital position in Section 8
  • ☐ Outsourcing arrangements in Section 6 are consistent with Self-Attestation Arts 19 and 30
You're Ready to Submit

Once all items above are checked, compile your full package and submit via the Bank of England's designated submission route. After submission, remain available for follow-up questions — the Bank typically responds with clarification requests before making a final determination. Keep a timestamped record of your submission.