PRU 1
Application and general requirements
PRU 1.1
to follow
- 31/12/2004
PRU 1.2
Adequacy of financial resources
- 31/12/2004
Application
PRU 1.2.1
See Notes
- 31/12/2004
PRU 1.2.2
See Notes
- (1) In relation to liquidity risk only, this section applies to a firm in PRU 1.2.3 R unless PRU 1.2.7 R applies.
- (2) Liquidity risk includes the systems, processes and resources required by this section in respect of liquidity risk.
- 31/12/2004
PRU 1.2.3
See Notes
The firms referred to in PRU 1.2.2 R (1) are:
- (1) a building society;
- (2) a bank or an own account dealer (other than a venture capital firm) that is a UK firm;
- (3) an incoming EEA firm which:
- (a) is a full BCD credit institution; and
- (b) has a branch in the United Kingdom;
- (4) an overseas firm which is a bank or an own account dealer (other than a venture capital firm) but which is not:
- (a) an incoming EEA firm; or
- (b) a lead-regulated firm;
- (5) an overseas firm which:
- (a) is a bank;
- (b) is a lead-regulated firm;
- (c) is not an incoming EEA firm; and
- (d) has a branch in the United Kingdom.
- 31/12/2004
PRU 1.2.4
See Notes
- 31/12/2004
PRU 1.2.5
See Notes
- 31/12/2004
PRU 1.2.6
See Notes
If a firm carries on:
- (1) long-term insurance business; and
- (2) general insurance business;
this section applies separately to each type of business.
- 31/12/2004
PRU 1.2.7
See Notes
This section does not apply to:
- (1) a non-directive friendly society; or
- (2) a Swiss general insurer; or
- (3) an EEA-deposit insurer; or
- (4) a UCITS qualifier; or
- (5) an ICVC; or
- (6) an incoming EEA firm (unless PRU 1.2.3 R applies); or
- (7) an incoming Treaty firm.
- 31/12/2004
PRU 1.2.8
See Notes
- 31/12/2004
PRU 1.2.9
See Notes
- 31/12/2004
PRU 1.2.10
See Notes
- 31/12/2004
PRU 1.2.11
See Notes
- 31/12/2004
PRU 1.2.12
See Notes
- 31/12/2004
Purpose
PRU 1.2.14
See Notes
- 31/12/2004
PRU 1.2.15
See Notes
- 31/12/2004
PRU 1.2.16
See Notes
- 31/12/2004
PRU 1.2.17
See Notes
- 31/12/2004
Outline of other related provisions
PRU 1.2.18
See Notes
- 31/12/2004
PRU 1.2.19
See Notes
- 31/12/2004
PRU 1.2.20
See Notes
- 31/12/2004
PRU 1.2.21
See Notes
- 31/12/2004
Main Requirements
PRU 1.2.22
See Notes
- 31/12/2004
PRU 1.2.23
See Notes
- 31/12/2004
PRU 1.2.24
See Notes
- 31/12/2004
PRU 1.2.25
See Notes
- 31/12/2004
PRU 1.2.26
See Notes
- 31/12/2004
PRU 1.2.27
See Notes
- 31/12/2004
PRU 1.2.28
See Notes
- 31/12/2004
PRU 1.2.29
See Notes
- 31/12/2004
PRU 1.2.30
See Notes
- 31/12/2004
PRU 1.2.31
See Notes
The processes and systems required by PRU 1.2.26 R must enable the firm to identify the major sources of risk to its ability to meet its liabilities as they fall due, including the major sources of risk in each of the following categories:
- (1) credit risk;
- (2) market risk;
- (3) liquidity risk;
- (4) operational risk; and
- (5) insurance risk.
- 31/12/2004
PRU 1.2.32
See Notes
In PRU 1.2.31 R:
- (1) operational risk refers to the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events; and
- (2) insurance risk refers to the inherent uncertainties as to the occurrence, amount and timing of insurance liabilities.
- 31/12/2004
PRU 1.2.33
See Notes
- 31/12/2004
PRU 1.2.34
See Notes
- 31/12/2004
PRU 1.2.35
See Notes
For each of the major sources of risk identified in accordance with PRU 1.2.31 R, the firm must carry out stress tests and scenario analyses that are appropriate to the nature of those major sources of risk, as part of which the firm must:
- (1) take reasonable steps to identify an appropriate range of realistic adverse circumstances and events in which the risk identified crystallises; and
- (2) estimate the financial resources the firm would need in each of the circumstances and events considered in order to be able to meet its liabilities as they fall due.
- 31/12/2004
PRU 1.2.36
See Notes
- 31/12/2004
PRU 1.2.37
See Notes
A firm must make a written record of its assessment of the adequacy of its financial resources, including:
- (1) the major sources of risk identified in accordance with PRU 1.2.31 R;
- (2) how it intends to deal with those risks; and
- (3) details of the stress tests and scenario analyses carried out and the resulting financial resources estimated to be required in accordance with PRU 1.2.35 R.
- 31/12/2004
PRU 1.2.38
See Notes
- 31/12/2004
PRU 1.2.39
See Notes
- 31/12/2004
Stress tests and scenario analyses
PRU 1.2.40
See Notes
- 31/12/2004
PRU 1.2.41
See Notes
- 31/12/2004
PRU 1.2.42
See Notes
- 31/12/2004
PRU 1.2.43
See Notes
- 31/12/2004
PRU 1.2.44
See Notes
- 31/12/2004
PRU 1.2.45
See Notes
PRU 1.2.35 R requires a firm, as part of carrying out stress tests and scenario analyses, to take reasonable steps to identify an appropriate range of realistic circumstances and events in which a risk would crystallise. In particular:
- (1) a firm need only carry out stress tests and scenario analyses in so far as the circumstances or events are reasonably foreseeable, that is to say, their occurrence is not too remote a possibility; and
- (2) a firm should also take into account the relative costs and benefits of carrying out the stress tests and scenario analyses in respect of the circumstances and events identified.
- 31/12/2004
PRU 1.2.46
See Notes
- 31/12/2004
PRU 1.2.47
See Notes
Both stress testing and scenario analyses are prospective analysis techniques, which seek to anticipate possible losses that might occur if an identified risk crystallises. In applying them, a firm needs to decide how far forward to look. This should depend upon:
- (1) how quickly it would be able to identify events or changes in circumstances that might lead to a risk crystallising resulting in a loss; and
- (2) after it has identified the event or circumstance, how quickly and effectively it could act to prevent or mitigate any loss resulting from the risk crystallising and to reduce exposure to any further adverse event or change in circumstance.
- 31/12/2004
PRU 1.2.48
See Notes
The time horizon over which stress tests and scenario analysis would need to be carried out for the market risk arising from the holding of investments, for example, should depend upon:
- (1) the extent to which there is a regular, open and transparent market in those assets, which would allow fluctuations in the value of the investment to be more readily and quickly identified; and
- (2) the extent to which the market in those assets is liquid (and would remain liquid in the changed circumstances contemplated in the stress test or scenario analysis) which would allow the firm, if needed, to sell its holding so as to prevent or reduce exposure to future price fluctuations.
- 31/12/2004
PRU 1.2.49
See Notes
In identifying scenarios, and assessing their impact, a firm should take into account, where material, how changes in circumstances might impact upon:
- (1) the nature, scale and mix of its future activities; and
- (2) the behaviour of counterparties, and of the firm itself, including the exercise of choices (for example, options embedded in financial instruments or contracts of insurance).
- 31/12/2004
PRU 1.2.50
See Notes
In determining whether it would have adequate financial resources in the event of each identified realistic adverse scenario, a firm should:
- (1) only include financial resources that could reasonably be relied upon as being available in the circumstances of the identified scenario; and
- (2) take account of any legal or other restriction on the purposes for which financial resources may be used.
- 31/12/2004
PRU 1.2.51
See Notes
- 31/12/2004
PRU 1.2.52
See Notes
- 31/12/2004
PRU 1.2.53
See Notes
- 31/12/2004
PRU 1.2.54
See Notes
- 31/12/2004
PRU 1.2.55
See Notes
- 31/12/2004
PRU 1.3
Valuation
- 31/12/2004
Application
PRU 1.3.1
See Notes
PRU 1.3 applies to an insurer, unless it is:
- (1) a non-directive friendly society; or
- (2) an incoming EEA firm; or
- (3) an incoming Treaty firm.
- 31/12/2004
PRU 1.3.2
See Notes
- 31/12/2004
PRU 1.3.3
See Notes
- (1) PRU 1.3 applies to a firm in relation to the whole of its business.
- (2) Where a firm carries on both long-term insurance business and general insurance business, PRU 1.3 applies separately to each type of business.
- 31/12/2004
Purpose
PRU 1.3.4
See Notes
- 31/12/2004
General requirements: accounting principles to be applied
PRU 1.3.5
See Notes
Except where a rule in PRU provides for a different method of recognition or valuation, whenever a rule in PRU refers to an asset, liability, equity or income statement item, a firm must, for the purpose of that rule, recognise the asset, liability, equity or income statement item and measure its value in accordance with:
- (1) the insurance accounts rules, or the Friendly Societies (Accounts and Related Provisions) Regulations 1994;
- (2) Financial Reporting Standards and Statements of Standard Accounting Practice issued or adopted by the Accounting Standards Board; and
- (3) Statements of Recommended Practice, issued by industry or sectoral bodies recognised for this purpose by the Accounting Standards Board;
- 31/12/2004
PRU 1.3.6
See Notes
PRU 1.3.5 R provides that unless a rule in PRU provides for a different method of recognition or valuation, the applicable provisions of the Companies Act 1985, the Companies Act (Northern Ireland) Order 1986 or the Friendly Societies (Accounts and Related Provisions) Regulations 1994, as supplemented by Financial Reporting Standards, Statements of Standard Accounting Practice, and Statements of Recommended Accounting Practice, should be used to determine the recognition and valuation of assets, liabilities, equity and income statement items for the purposes of PRU, including:
- (1) whether, and when, to recognise or de-recognise an asset or liability;
- (2) the amount at which to value an asset, liability, equity or income statement item;
- (3) which description to place on an asset, liability, equity or income statement item.
- 31/12/2004
PRU 1.3.7
See Notes
In particular, unless an exception applies, PRU 1.3.5 R should be applied for the purposes of PRU to determine how to account for:
- (1) netting of amounts due to or from the firm;
- (2) the securitisation of assets and liabilities (see also PRU 1.3.8 G);
- (3) leased tangible assets;
- (4) assets transferred or received under a sale and repurchase or stock lending transaction; and
- (5) assets transferred or received by way of initial or variation margin under a derivative or similar transaction.
- 31/12/2004
PRU 1.3.8
See Notes
- 31/12/2004
PRU 1.3.9
See Notes
- 31/12/2004
PRU 1.3.10
See Notes
- 31/12/2004
Investments, derivatives and quasi-derivatives
PRU 1.3.11
See Notes
Subject to PRU 1.3.31 R, for the purposes of PRU, a firm must apply PRU 1.3.12 R to PRU 1.3.30 R in order to determine how to account for:
- (1) investments that are, or amounts owed arising from the disposal of:
- (a) debt securities, bonds and other money- and capital-market instruments; or
- (b) loans; or
- (c) shares and other variable yield participations; or
- (d) units in UCITS schemes, non-UCITS retail schemes, recognised schemes and any other collective investment scheme that invests only in admissible assets (including any derivatives or quasi-derivatives held by the scheme); and
- (2) derivatives and quasi-derivatives.
- 31/12/2004
Marking to market
PRU 1.3.12
See Notes
- 31/12/2004
PRU 1.3.13
See Notes
- 31/12/2004
PRU 1.3.14
See Notes
- 31/12/2004
Marking to model
PRU 1.3.15
See Notes
- 31/12/2004
PRU 1.3.16
See Notes
When the model used is developed by the firm, that model must be:
- (1) based on appropriate assumptions which have been assessed and challenged by suitably qualified parties independent of the development process; and
- (2) independently tested, including validation of the mathematics, assumptions, and software implementation.
- 31/12/2004
PRU 1.3.17
See Notes
- 31/12/2004
PRU 1.3.18
See Notes
- 31/12/2004
PRU 1.3.19
See Notes
- 31/12/2004
PRU 1.3.20
See Notes
- 31/12/2004
PRU 1.3.21
See Notes
- 31/12/2004
PRU 1.3.22
See Notes
- 31/12/2004
PRU 1.3.23
See Notes
- 31/12/2004
Independent price verification
PRU 1.3.24
See Notes
- 31/12/2004
PRU 1.3.25
See Notes
- 31/12/2004
Valuation adjustments or reserves
PRU 1.3.26
See Notes
- 31/12/2004
PRU 1.3.27
See Notes
- 31/12/2004
PRU 1.3.28
See Notes
- 31/12/2004
PRU 1.3.29
See Notes
The requirements referred to in PRU 1.3.26 R and PRU 1.3.28 R are:
- (1) a firm must consider the following adjustments or reserves: unearned credit spreads, close-out costs, operational risks, early termination, investing and funding costs, future administrative costs and, where appropriate, model risk; and
- (2) a firm must consider several factors when determining whether a valuation reserve is necessary for less liquid items. These factors include the amount of time it would take to hedge out the position/risks within the position; the average and volatility of bid/offer spreads; the availability of market quotes (number and identity of market makers); and the average and volatility of trading volumes.
- 31/12/2004
PRU 1.3.30
See Notes
- 31/12/2004
Shares in, and debts due from, related undertakings
PRU 1.3.31
See Notes
PRU 1.3.11 R does not apply to shares in, and debts due from, a related undertaking that is:
- (1) a regulated related undertaking; or
- (2) an ancillary services undertaking; or
- (3) any other subsidiary undertaking, the shares of which a firm elects to value in accordance with PRU 1.3.35 R.
- 31/12/2004
PRU 1.3.32
See Notes
- 31/12/2004
PRU 1.3.33
See Notes
- 31/12/2004
PRU 1.3.34
See Notes
- 31/12/2004
PRU 1.3.35
See Notes
For the purposes of PRU 1.3.33 R, the value of the shares held in an undertaking referred to in PRU 1.3.31 R (1) or PRU 1.3.31R (3) is the sum of:
- (1) the regulatory surplus value of that undertaking; less
- (2) for the purposes of PRU 2.2.90 R, the book value of the total investments in the tier one capital resources and tier two capital resources of that undertaking by the firm and its related undertakings; or
- (3) for other purposes in PRU, the sum of:
- (a) the book value of the investments by the firm and its related undertakings in the tier two capital resources of the undertaking; and
- (b) if the undertaking is an insurance undertaking, its ineligible surplus capital and any restricted assets of the undertaking which have been excluded under PRU 8.3.41 R (1).
- 31/12/2004
PRU 1.3.36
See Notes
For the purposes of PRU 1.3.35 R (1), the regulatory surplus value of an undertaking referred to in PRU 1.3.31 R (1) or PRU 1.3.31R (3) is, subject to PRU 1.3.37 R, the sum of:
- (1) the tier one capital resources of the undertaking; plus
- (2) the tier two capital resources of the undertaking; less
- (3) the individual capital resources requirement of the undertaking.
- 31/12/2004
PRU 1.3.37
See Notes
- (1) Subject to PRU 1.3.38 R, for the purposes of PRU 1.3.36 R, only the relevant proportion of the:
- (a) tier one capital resources of the undertaking;
- (b) tier two capital resources of the undertaking;
- (c) individual capital resources requirement of the undertaking;
- is to be taken into account.
- (2) In (1), the relevant proportion is the proportion of the total number of shares issued by the undertaking held, directly or indirectly, by the firm.
- 31/12/2004
PRU 1.3.38
See Notes
- 31/12/2004
PRU 1.3.39
See Notes
For the purposes of PRU 1.3.35 R to PRU 1.3.38 R:
- (1) in relation to an undertaking referred to in PRU 1.3.31 R (1):
- (a) individual capital resources requirement has the meaning given by PRU 8.3.34 R;
- (b) the following expressions are to be construed in accordance with PRU 8.3.37 R:
- (i) tier one capital resources; and
- (ii) tier two capital resources;
- (c) ineligible surplus capital has the meaning given by PRU 8.3.67 R;
- (2) in relation to an undertaking referred to in PRU 1.3.31 R (3), the following expressions are to be construed as if that undertaking were an insurance holding company:
- (a) individual capital resources requirement;
- (b) tier one capital resources; and
- (c) tier two capital resources.
- 31/12/2004
PRU 1.3.40
See Notes
- 31/12/2004
PRU 1.3.41
See Notes
- 31/12/2004
PRU 1.3.42
See Notes
- 31/12/2004
Community co-insurance operations: general insurance business
PRU 1.3.43
See Notes
Where a relevant insurer determines the amount of a liability in order to make provision for outstanding claims under a Community co-insurance operation, then, if the leading insurer has informed the relevant insurer of the amount of the provision made by the leading insurer for such claims, the amount determined by the relevant insurer:
- (1) must be at least as great as the amount of the provision made by the leading insurer; or
- (2) in a case where it is not the practice in the United Kingdom to make such provision separately, must be sufficient, when all liabilities are taken into account, to include provision at least as great as that made by the leading insurer for such claims;
- 31/12/2004
PRU 1.4
Prudential risk management and associated systems and controls
- 31/12/2004
Application
PRU 1.4.1
See Notes
PRU 1.4 applies to an insurer unless it is:
- (1) a non-directive friendly society; or
- (2) an incoming EEA firm; or
- (3) an incoming Treaty firm.
- 31/12/2004
PRU 1.4.2
See Notes
PRU 1.4 applies to:
- (1) an EEA-deposit insurer; and
- (2) a Swiss general insurer;
only in respect of the activities of the firm carried on from a branch in the United Kingdom.
- 31/12/2004
Purpose
PRU 1.4.3
See Notes
- 31/12/2004
PRU 1.4.4
See Notes
- 31/12/2004
PRU 1.4.5
See Notes
- 31/12/2004
How to interpret PRU 1.4
PRU 1.4.6
See Notes
- 31/12/2004
PRU 1.4.7
See Notes
- 31/12/2004
PRU 1.4.8
See Notes
Appropriate systems and controls for the management of prudential risk will vary from firm to firm. Therefore most of the material in PRU 1.4 is guidance. In interpreting this guidance, a firm should have regard to its own particular circumstances. Following from SYSC 3.1.2 G, this should include considering the nature, scale and complexity of its business, which may be influenced by factors such as:
- (1) the diversity of its operations, including geographical diversity;
- (2) the volume and size of its transactions; and
- (3) the degree of risk associated with each area of its operation.
- 31/12/2004
PRU 1.4.9
See Notes
- 31/12/2004
The role of systems and controls in a prudential context
PRU 1.4.10
See Notes
- 31/12/2004
The prudential responsibilities of senior management and the apportionment of those responsibilities
PRU 1.4.11
See Notes
Ultimate responsibility for the management of prudential risks rests with a firm's governing body and relevant senior managers, and in particular with those individuals that undertake the firm's governing functions and the apportionment and oversight function. In particular, these responsibilities should include:
- (1) overseeing the establishment of an appropriate business plan and risk management strategy;
- (2) overseeing the development of appropriate systems for the management of prudential risks;
- (3) establishing adequate internal controls; and
- (4) ensuring that the firm maintains adequate financial resources.
- 31/12/2004
The delegation of responsibilities within the firm
PRU 1.4.12
See Notes
- 31/12/2004
PRU 1.4.13
See Notes
- 31/12/2004
Firms subject to risk management on a group basis
PRU 1.4.14
See Notes
Some firms organise the management of their prudential risks on a stand-alone basis. In some cases, however, the management of a firm's prudential risks may be entirely or largely subsumed within a whole group or sub-group basis.
- (1) The latter arrangement may still comply with the FSA's prudential policy on systems and controls if the firm's governing body formally delegates the functions that are to be carried out in this way to the persons or bodies that are to carry them out. Before doing so, however, the firm's governing body should have explicitly considered the arrangement and decided that it is appropriate and that it enables the firm to meet the FSA's prudential policy on systems and controls. The firm should notify the FSA if the management of its prudential risks is to be carried out in this way.
- (2) Where the management of a firm's prudential risks is largely, but not entirely, subsumed within a whole group or sub-group basis, the firm should ensure that any prudential issues that are specific to the firm are:
- (a) identified and adequately covered by those to whom it has delegated certain prudential risk management tasks; or
- (b) dealt with by the firm itself.
- 31/12/2004
PRU 1.4.15
See Notes
- 31/12/2004
PRU 1.4.16
See Notes
- 31/12/2004
Business planning and risk management
PRU 1.4.17
See Notes
- 31/12/2004
PRU 1.4.18
See Notes
- 31/12/2004
PRU 1.4.19
See Notes
When establishing and maintaining its business plan and prudential risk management systems, a firm must document:
- (1) an explanation of its overall business strategy, including its business objectives;
- (2) a description of, as applicable, its policies towards market, credit (including provisioning), liquidity, operational, insurance and group risk (that is, its risk policies), including its appetite or tolerance for these risks and how it identifies, measures or assesses, monitors and controls these risks;
- (3) the systems and controls that it intends to use in order to ensure that its business plan and risk policies are implemented correctly;
- (4) a description of how the firm accounts for assets and liabilities, including the circumstances under which items are netted, included or excluded from the firm's balance sheet and the methods and assumptions for valuation;
- (5) appropriate financial projections and the results of its stress testing and scenario analysis (see PRU 1.2 Adequacy of financial resources); and
- (6) details of, and the justification for, the methods and assumptions used in financial projections and stress testing and scenario analysis.
- 31/12/2004
PRU 1.4.20
See Notes
The prudential risk management systems referred to in PRU 1.4.18 R and PRU 1.4.19 R are the means by which a firm is able to:
- (1) identify the prudential risks that are inherent in its business plan, operating environment and objectives, and determine its appetite or tolerance for these risks;
- (2) measure or assess its prudential risks;
- (3) monitor its prudential risks; and
- (4) control or mitigate its prudential risks.
PRU 5.1.78 E is an evidential provision relating to PRU 1.4.18 R concerning risk management systems in respect of liquidity risk arising from substantial exposures in foreign currencies.
- 31/12/2004
PRU 1.4.21
See Notes
- 31/12/2004
PRU 1.4.22
See Notes
A firm's business plan and risk management systems should be:
- (1) effectively communicated so that all employees and contractors understand and adhere to the procedures related to their own responsibilities;
- (2) regularly updated and revised, in particular when there is significant new information or when actual practice or performance differs materially from the documented strategy, policy or systems.
- 31/12/2004
PRU 1.4.23
See Notes
- 31/12/2004
PRU 1.4.24
See Notes
- 31/12/2004
PRU 1.4.25
See Notes
- 31/12/2004
Internal controls: introduction
PRU 1.4.26
See Notes
- 31/12/2004
PRU 1.4.27
See Notes
- 31/12/2004
PRU 1.4.28
See Notes
The precise role and organisation of internal controls can vary from firm to firm. However, a firm's internal controls should normally be concerned with assisting its governing body and relevant senior managers to participate in ensuring that it meets the following objectives:
- (1) safeguarding both the assets of the firm and its customers, as well as identifying and managing liabilities;
- (2) maintaining the efficiency and effectiveness of its operations;
- (3) ensuring the reliability and completeness of all accounting, financial and management information; and
- (4) ensuring compliance with its internal policies and procedures as well as all applicable laws and regulations.
- 31/12/2004
PRU 1.4.29
See Notes
When determining the adequacy of its internal controls, a firm should consider both the potential risks that might hinder the achievement of the objectives listed in PRU 1.4.28 G, and the extent to which it needs to control these risks. More specifically, this should normally include consideration of:
- (1) the appropriateness of its reporting and communication lines (see SYSC 3.2.2 G);
- (2) how the delegation or contracting of functions or activities to employees, appointed representatives or other third parties (for example outsourcing) is to be monitored and controlled (see SYSC 3.2.3 G to SYSC 3.2.4 G, PRU 1.4.12 G to PRU 1.4.16 G and PRU 1.4.33 G; additional guidance on the management of outsourcing arrangements is also provided in SYSC 3A.9);
- (3) the risk that a firm's employees or contractors might accidentally or deliberately breach a firm's policies and procedures (see SYSC 3A.6.3 G);
- (4) the need for adequate segregation of duties (see SYSC 3.2.5 G and PRU 1.4.30 G to PRU 1.4.33 G);
- (5) the establishment and control of risk management committees (see PRU 1.4.34 G to PRU 1.4.37 G);
- (6) the need for risk assessment and the establishment of a risk assessment function (see SYSC 3.2.10 G and PRU 1.4.38 G to PRU 1.4.41 G); and
- (7) the need for internal audit and the establishment of an internal audit function and audit committee (see SYSC 3.2.15 G to SYSC 3.2.16 G and PRU 1.4.42 G to PRU 1.4.45 G).
- 31/12/2004
Internal controls: segregation of duties
PRU 1.4.30
See Notes
The effective segregation of duties is an important internal control in the prudential context. In particular, it helps to ensure that no one individual is completely free to commit a firm's assets or incur liabilities on its behalf. Segregation can also help to ensure that a firm's governing body receives objective and accurate information on financial performance, the risks faced by the firm and the adequacy of its systems. In this regard, a firm should ensure that there is adequate segregation of duties between employees involved in:
- (1) taking on or controlling risk (which could include risk mitigation);
- (2) risk assessment (which includes the identification and analysis of risk); and
- (3) internal audit.
- 31/12/2004
PRU 1.4.31
See Notes
- 31/12/2004
PRU 1.4.32
See Notes
- 31/12/2004
PRU 1.4.33
See Notes
Where a firm outsources a controlled function, such as internal audit, it should take reasonable steps to ensure that every individual involved in the performance of this service is independent from the individuals who perform its external audit. This should not prevent services from being undertaken by a firm's external auditors provided that:
- (1) the work is carried out under the supervision and management of the firm's own internal staff; and
- (2) potential conflicts of interest between the provision of external audit services and the provision of controlled functions are properly managed.
- 31/12/2004
Internal controls: risk management committees
PRU 1.4.34
See Notes
- 31/12/2004
PRU 1.4.35
See Notes
Where a firm decides to create one or more risk management committee(s), adequate internal controls should be put in place to ensure that these committees are effective and that their actions are consistent with the objectives outlined in PRU 1.4.28 G. This should normally include consideration of the following:
- (1) setting clear terms of reference, including membership, reporting lines and responsibilities of each committee;
- (2) setting limits on their authority;
- (3) agreeing routine reporting and non-routine escalation procedures;
- (4) agreeing the minimum frequency of committee meetings; and
- (5) reviewing the performance of these risk management committees.
- 31/12/2004
PRU 1.4.36
See Notes
- 31/12/2004
PRU 1.4.37
See Notes
The effective use of risk management committees can help to enhance a firm's internal controls. In establishing and maintaining its risk management committees, a firm should consider:
- (1) their membership, which should normally include relevant senior managers (such as the head of group risk, head of legal, and the heads of market, credit, liquidity and operational risk, etc.), business line managers, risk management personnel and other appropriately skilled people, for example, actuaries, lawyers, accountants, IT specialists, etc.;
- (2) using these committees to:
- (i) inform the decisions made by a firm's governing body regarding its appetite or tolerance for risk taking;
- (ii) highlight risk management issues that may require attention by the governing body;
- (iii) consider risk at the firm-wide level and, within delegated limits, to determine the allocation of risk limits and financial resources across business lines;
- (iv) consider how exposures may be unwound, hedged, or otherwise mitigated, as appropriate.
- 31/12/2004
Internal controls: risk assessment
PRU 1.4.38
See Notes
Risk assessment is the process through which a firm identifies and analyses (using both qualitative and quantitative methodologies) the risks that it faces. A firm's risk assessment activities should normally include consideration of:
- (1) its total exposure to risk at the firm-wide level (that is, its exposure across business lines and risk categories);
- (2) capital allocation and the need to calculate risk weighted returns for different business lines;
- (3) the potential correlations that can exist between the risks in different business lines; this should also include looking for risks to which a firm's business plan is particularly sensitive, such as interest rate risk, or multiple dealings with the same counterparty;
- (4) the use of stress tests and scenario analysis;
- (5) whether there are risks inherent in the firm's business that are not being addressed adequately;
- (6) the risk adjusted return that the firm is achieving; and
- (7) the adequacy and timeliness of management information on market, credit, insurance, liquidity, operational and group risks from the business lines, including risk limit utilisation.
- 31/12/2004
PRU 1.4.39
See Notes
- 31/12/2004
PRU 1.4.40
See Notes
- 31/12/2004
PRU 1.4.41
See Notes
- 31/12/2004
Internal audit
PRU 1.4.42
See Notes
A firm should ensure that it has appropriate mechanisms in place to assess and monitor the appropriateness and effectiveness of its systems and controls. This should normally include consideration of:
- (1) adherence to and effectiveness of, as appropriate, its market, credit, liquidity, operational, insurance, and group risk policies;
- (2) whether departures and variances from its documented systems and controls and risk policies have been adequately documented and appropriately reported, including whether appropriate pre-clearance authorisation has been sought for material departures and variances;
- (3) adherence to and effectiveness of its accounting policies, and whether accounting records are complete and accurate;
- (4) adherence to and effectiveness of its management reporting arrangements, including the timeliness of reporting, and whether information is comprehensive and accurate; and
- (5) adherence to FSA rules and regulatory prudential standards.
- 31/12/2004
PRU 1.4.43
See Notes
- 31/12/2004
PRU 1.4.44
See Notes
- 31/12/2004
PRU 1.4.45
See Notes
- 31/12/2004
Management information
PRU 1.4.46
See Notes
- 31/12/2004
PRU 1.4.47
See Notes
The role of management information should be to help a firm's governing body and senior managers to understand risk at a firm-wide level. In so doing, it should help them to:
- 31/12/2004
PRU 1.4.48
See Notes
A firm should consider what information needs to be made available to its governing body and senior managers. Some possible examples include:
- (1) firm-wide information such as the overall profitability and value of a firm and its total exposure to risk;
- (2) reports from committees to which the governing body has delegated risk management tasks, if applicable;
- (3) reports from a firm's internal audit and risk assessment functions, if applicable, including exception reports, where risk limits and policies have been breached or systems circumvented;
- (4) financial projections under expected and abnormal (that is, stressed) conditions;
- (5) reconciliation of actual profit and loss to previous financial projections and an analysis of any significant variances;
- (6) matters which require a decision from the governing body or senior managers, for example a significant variation to a business plan, amendments to risk limits, the creation of a new business line, etc;
- (7) compliance with FSA rules and regulatory prudential standards;
- (8) risk weighted returns; and
- (9) liquidity and funding requirements.
- 31/12/2004
PRU 1.4.49
See Notes
The management information that is provided to a firm's governing body and senior managers should have the following characteristics:
- (1) it should be timely, its frequency being determined by factors such as:
- (a) the volatility of the business in which the firm is engaged (that is, the speed at which its risks can change);
- (b) any time constraints on when action needs to be taken; and
- (c) the level of risk that the firm is exposed to, compared to its available financial resources and tolerance for risk;
- (2) it should be reliable, having regard to the fact that it may be necessary to sacrifice a degree of accuracy for timeliness; and
- (3) it should be presented in a manner that highlights any relevant issues on which those undertaking governing functions should focus particular attention.
- 31/12/2004
PRU 1.4.50
See Notes
- 31/12/2004
Record keeping
PRU 1.4.51
See Notes
SYSC 3.2.20 R requires a firm to take reasonable care to make and retain adequate records. The following policy on record keeping supplements SYSC 3.2.20 R by providing some additional rules and guidance on record keeping in a prudential context. The purpose of this policy is to:
- (1) facilitate the prudential supervision of a firm by ensuring that adequate information is available regarding its past/current financial situation and business activities (which includes the design and implementation of systems and controls); and
- (2) help the FSA to satisfy itself that a firm is operating in a prudent manner and is not prejudicing the interests of its customers or market confidence.
- 31/12/2004
PRU 1.4.52
See Notes
- 31/12/2004
PRU 1.4.53
See Notes
- (1) A firm must make and regularly update accounting and other records that are sufficient to enable the firm to demonstrate to the FSA:
- (a) that the firm is financially sound and has appropriate systems and controls;
- (b) the firm's financial position and exposure to risk (to a reasonable degree of accuracy); and
- (c) the firm's compliance with the rules in PRU.
- (2) The records in (1) must be retained for a minimum of three years, or longer as appropriate.
- 31/12/2004
PRU 1.4.54
See Notes
- 31/12/2004
PRU 1.4.55
See Notes
- 31/12/2004
PRU 1.4.56
See Notes
- 31/12/2004
PRU 1.4.57
See Notes
- 31/12/2004
PRU 1.4.58
See Notes
- 31/12/2004
PRU 1.4.59
See Notes
- 31/12/2004
PRU 1.4.60
See Notes
A firm must keep the records required in PRU 1.4.53 R in the United Kingdom, except where:
- (1) they relate to business carried on from an establishment in a country or territory that is outside the United Kingdom; and
- (2) they are kept in that country or territory.
- 31/12/2004
PRU 1.4.61
See Notes
- 31/12/2004
PRU 1.4.62
See Notes
- 31/12/2004
PRU 1.4.63
See Notes
- 31/12/2004
PRU 1.4.64
See Notes
- 31/12/2004
PRU 1.5
to follow
- 31/12/2004
PRU 1.6
to follow
- 31/12/2004
PRU 1.7
to follow
- 31/12/2004
PRU 1.8
Actions for damages
- 31/12/2004