Related links

PS7/15 - The PRA Rulebook: Part 2 https://www.bankofengland.co.uk/prudential-regulation/publication/2014/the-pra-rulebook-part-2
Admin Instrument (No 2) 2015 - PRA Rulebook: Administration Instrument (No 2) 2015 https://www.bankofengland.co.uk/prudential-regulation/publication/2015/pra-rulebook-administration-instrument-no-2-2015
ESMA: Guidelines on certain aspects of the MiFID compliance function requirements https://www.esma.europa.eu/sites/default/files/library/2015/11/2012-388_en.pdf
SS20/15 - Supervising building societies’ treasury and lending activities http://www.bankofengland.co.uk/pra/Pages/publications/ss/2017/ss2015update.aspx
SS28/15 - Strengthening individual accountability in banking http://www.bankofengland.co.uk/pra/Pages/publications/ss/2016/ss2815update2.aspx

Chapters

  • 1 Application and Definitions
  • 2 General Requirements
  • 3 Persons Who Effectively Direct the Business
  • 4 Responsibility of Senior Personnel
  • 5 Management Body
  • 6 Nomination Committee

1

Application and Definitions

1.1

Unless otherwise stated, this Part applies to a CRR firm;

  1. (1) with respect to the carrying on of the following from an establishment in the UK:
    1. (a) regulated activities;
    2. (b) activities that constitute dealing in investments as principal, disregarding the exclusion in article 15 of Regulated Activities Order;
    3. (c) ancillary activities;
    4. (d) in relation to MiFID business, ancillary services; and
    5. (e) unregulated activities in a prudential context; and
  2. (2) with respect to the carrying on of passported activities by it from a branch in another EEA state;
  3. (3) in a prudential context with respect to activities wherever they are carried on; and
  4. (4) taking into account any activity of other members of a group of which the firm is a member.

1.2

In this Part, the following definitions shall apply:

chief executive function

means PRA controlled function CF3 in the table of PRA controlled functions, described more fully in SUP 10B.6.7R of the PRA Handbook.

PRA controlled function

means a function, relating to the carrying on of a regulated activity by a firm, which is specified by the PRA (in the table of PRA controlled functions), under section 59 of FSMA.

table of PRA controlled functions

means the table of PRA controlled functions in SUP 10B.4.3R of the PRA Handbook.

2

General Requirements

2.1

A firm must have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.

[Note: Art. 74(1) of the CRD, Art. 13(5) second paragraph of MiFID]

2.2

The arrangements, processes and mechanisms referred to in 2.1 must be comprehensive and proportionate to the nature, scale and complexity of the risks inherent in the business model and of the firm's activities and must take into account the specific technical criteria described in 2.6, Skills, Knowledge and Expertise 3.2, Risk Control and Remuneration.

2.3

A firm must, taking into account the nature, scale and complexity of the business of the firm, and the nature and range of the financial services and activities undertaken in the course of that business establish, implement and maintain:

  1. (1) decision-making procedures and an organisational structure which clearly and in a documented manner specifies reporting lines and allocates functions and responsibilities;
  2. (2) adequate internal control mechanisms designed to secure compliance with decisions and procedures at all levels of the firm; and
  3. (3) effective internal reporting and communication of information at all relevant levels of the firm.

[Note: Arts. 5(1) final paragraph, 5(1)(a), 5(1)(c) and 5(1)(e) of the MiFID implementing Directive]

2.4

A firm must establish, implement and maintain systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question.

[Note: Art. 5(2) of the MiFID implementing Directive]

2.5

A firm must take reasonable steps to ensure continuity and regularity in the performance of its regulated activities. To this end the firm must employ appropriate and proportionate systems, resources and procedures.

[Note: Art. 13(4) of MiFID]

2.6

A firm must establish, implement and maintain an adequate business continuity policy aimed at ensuring, in the case of an interruption to its systems and procedures, that any losses are limited, the preservation of essential data and functions, and the maintenance of its regulated activities, or, where that is not possible, the timely recovery of such data and functions and the timely resumption of those activities.

[Note: Art. 5(3) of the MiFID implementing Directive and Art 85(2) of the CRD]

2.7

A firm must establish, implement and maintain accounting policies and procedures that enable it, at the request of the PRA, to deliver in a timely manner to the PRA financial reports which reflect a true and fair view of its financial position and which comply with all applicable accounting standards and rules.

[Note: Art. 5(4) of the MiFID implementing Directive]

2.8

A firm must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with 2.3 to 2.7 and take appropriate measures to address any deficiencies.

[Note: Art. 5(5) of the MiFID implementing Directive]

2.9

  1. (1) A firm must have in place appropriate procedures for its employees to report breaches internally through a specific, independent and autonomous channel.
  2. (2) The channel in (1) may be provided through arrangements provided for by social partners.

[Note: Art. 71 (3) of the CRD]

3

Persons Who Effectively Direct the Business

3.1

The senior personnel of a firm must be of sufficiently good repute and sufficiently experienced as to ensure the sound and prudent management of the firm.

[Note: Art. 9(1) of MiFID, Art. 13(1) of the CRD]

3.2

A firm must ensure that its management is undertaken by at least two persons meeting the requirements laid down in 3.1.

[Note: Art. 9(4) first paragraph of MiFID and Art. 13(1) of the CRD]

4

Responsibility of Senior Personnel

4.1

A firm, when allocating functions internally, must ensure that senior personnel and, where appropriate, the supervisory function, are responsible for ensuring that the firm complies with its obligations under the regulatory system. In particular, senior personnel and, where appropriate, the supervisory function must assess and periodically review the effectiveness of the policies, arrangements and procedures put in place to comply with the firm’s obligations under the regulatory system and take appropriate measures to address any deficiencies.

[Note: Art. 9(1) of the MiFID implementing Directive]

4.2

A firm must ensure that:

  1. (1) its senior personnel receive on a frequent basis, and at least annually, written reports on the matters covered by Compliance and Internal Audit 2.2 to 2.4 and 3.1, and Risk Control 2.1, 2.2 and 2.4 to 2.6, indicating in particular whether the appropriate remedial measures have been taken in the event of any deficiencies; and
  2. (2) the supervisory function, if any, receives on a regular basis written reports on the same matters.

[Note: Art. 9(2) and Art. 9(3) of the MiFID implementing Directive]

5

Management Body

5.1

A firm must ensure that the management body defines, oversees and is accountable for the implementation of governance arrangements that ensure effective and prudent management of the firm, including the segregation of duties in the organisation and the prevention of conflicts of interest. The firm must ensure that the management body:

  1. (1) has overall responsibility for the firm;
  2. (2) approves and oversees implementation of the firm’s strategic objectives, risk strategy and internal governance;
  3. (3) ensures the integrity of the firm’s accounting and financial reporting systems, including financial and operational controls and compliance with the regulatory system;
  4. (4) oversees the process of disclosure and communications;
  5. (5) has responsibility for providing effective oversight of senior management; and
  6. (6) monitors and periodically assesses the effectiveness of the firm’s governance arrangements and takes appropriate steps to address any deficiencies.

[Note: Art. 88(1) of the CRD]

5.2

A firm must ensure that the members of the management body of the firm:

  1. (1) are of sufficiently good repute;
  2. (2) possess sufficient knowledge, skills and experience to perform their duties;
  3. (3) possess adequate collective knowledge, skills and experience to understand the firm’s activities, including the main risks;
  4. (4) reflect an adequately broad range of experiences;
  5. (5) commit sufficient time to perform their functions in the firm; and
  6. (6) act with honesty, integrity and independence of mind to effectively assess and challenge the decisions of senior management where necessary and to effectively oversee and monitor management decision-making.

[Note: Art. 91(1)-(2) and (7)-(8) of the CRD]

5.3

A firm must devote adequate human and financial resources to the induction and training of members of the management body.

[Note: Art. 91(9) of the CRD]

5.4

A firm must ensure that the members of the management body of the firm do not hold more directorships than is appropriate taking into account individual circumstances and the nature, scale and complexity of the firm’s activities.

[Note: Art. 91(3) of the CRD]

5.5

  1. (1) A firm that is significant must ensure that the members of the management body of the firm do not hold more than one of the following combinations of directorship in any organisation at the same time:
    1. (a) one executive directorship with two non-executive directorships; and
    2. (b) four non-executive directorships.
  2. (2) Paragraph (1) does not apply to members of the management body that represent the UK.

[Note: Art. 91(3) of the CRD]

5.6

For the purposes of 5.4 and 5.5:

  1. (1) directorships in organisations which do not pursue predominantly commercial objectives shall not count; and
  2. (2) the following shall count as a single directorship:
    1. (a) executive or non-executive directorships held within the same group; or
    2. (b) executive or non-executive directorships held within:
      1. (i) firms that are members of the same institutional protection scheme provided that the conditions set out in Article 113(7) of the CRR are fulfilled; or
      2. (ii) undertakings (including non-financial entities) in which the firm holds a qualifying holding.

[Note: Art. 91(4) and (5) of the CRD]

5.7

firm must ensure that the chairman of the firm’s management body does not exercise simultaneously the chief executive function within the same firm, unless justified by the firm and authorised by the PRA. [Note: Art. 88(1)(e) CRD]

5.8

A firm that maintains a website must explain on the website how it complies with the requirements of this Chapter.

[Note: Art. 96 of the CRD]

6

Nomination Committee

6.1

A firm that is significant must:

  1. (1) establish a nomination committee composed of members of the management body who do not perform any executive function in the firm;
  2. (2) ensure that the nomination committee is able to use any forms of resources the nomination committee deems appropriate, including external advice; and
  3. (3) ensure that the nomination committee receives appropriate funding.

[Note: Art. 88(2) of the CRD]

6.2

A firm that has a nomination committee must ensure that the nomination committee:

  1. (1) engage a broad set of qualities and competences when recruiting members to the management body and for that purpose puts in place a policy promoting diversity on the management body;
  2. (2) identifies and recommends for approval, by the management body or by general meeting, candidates to fill management body vacancies, having evaluated the balance of knowledge, skills, diversity and experience of the management body;
  3. (3) prepares a description of the roles and capabilities for a particular appointment, and assesses the time commitment required;
  4. (4) decides on a target for the representation of the underrepresented gender in the management body and prepares a policy on how to increase the number of the underrepresented gender in the management body in order to meet that target;
  5. (5) periodically, and at least annually, assesses the structure, size, composition and performance of the management body and makes recommendations to the management body with regard to any changes;
  6. (6) periodically, and at least annually, assesses the knowledge, skills and experience of individual members of the management body and of the management body collectively, and reports this to the management body;
  7. (7) periodically reviews the policy of the management body for selection and appointment of senior management and makes recommendations to the management body; and
  8. (8) in performing its duties, and to the extent possible, on an ongoing basis, takes account of the need to ensure that the management body’s decision making is not dominated by any one individual or small group of individuals in a manner that is detrimental to the interest of the firm as a whole.

[Note: Art. 88(2) and Art. 91(10) of the CRD]

6.3

A firm that does not have a nomination committee must engage a broad set of qualities and competences when recruiting members to the management body. For that purpose a firm that does not have a nomination committee must put in place a policy promoting diversity on the management body.

[Note: Art. 91(10) of the CRD]

6.4

A firm that maintains a website must explain on the website how it complies with the requirements of this Chapter.

[Note: Art. 96 of the CRD]