SYSC 1
Application and purpose
SYSC 1.1A
Application
- 01/04/2009
[Note: ESMA has also issued guidelines under article 16(3) of the ESMA Regulation covering:
- various topics relating to automated trading and direct electronic access. See
- certain aspects of the MiFID suitability requirements which also deal with the system and control aspects of suitability. See http://www.esma.europa.eu/content/Guidelines-certain-aspects-MiFID-suitability-requirements.]
SYSC 1.1A.1
See Notes
Type of firm | Applicable chapters |
Insurer | Chapters 2, 3, 11 to 18, 21 |
Managing agent | Chapters 2, 3, 11, 12, 18, 21 |
Society | Chapters 2, 3, 12, 18, 21 |
Every other firm | Chapters 4 to 12, 18, 19A, 21 |
- 01/04/2013
SYSC 1.1A.2
See Notes
The provisions in SYSC should be read in conjunction with GEN 2.2.23 R to GEN 2.2.25 G. In particular:
- (1) Provisions made by both the FCA and PRA may contain obligations for or references to FCA-authorised persons. GEN 2.2.23 R limits the application of those provisions so that the PRA will only apply them in respect of PRA-authorised persons and not to such FCA-authorised persons as are included within the provision.
- (2) Provisions made by both the FCA and PRA may be applied by both regulators to PRA-authorised persons. Such provisions are applied by each regulator to the extent of its powers and regulatory responsibilities.
- 01/04/2013
SYSC 1.2
Purpose
- 01/12/2004
SYSC 1.2.1A
See Notes
The purposes of SYSC are:
- (1) to encourage firms' directors and senior managers to take appropriate practical responsibility for their firms' arrangements on matters likely to be of interest to the PRA because they impinge on the PRA's functions under the Act;
- (2) to encourage firms to vest responsibility for effective and responsible organisation in specific directors and senior managers; and
- (3) to create a common platform of organisational and systems and controls requirements for all firms.
- 19/06/2014
SYSC 1.4
Application of SYSC 11 to SYSC 21
- 01/05/2011
What?
SYSC 1.4.1
See Notes
- 01/04/2013
SYSC 1.4.1A
See Notes
- 01/04/2013
SYSC 1.4.1B
See Notes
- 01/04/2013
SYSC 1 Annex 1
Detailed application of SYSC
- 01/04/2009
Part 1 | Application of SYSC 2 and SYSC 3 to an insurer, a managing agent and the Society | ||||
Who? | |||||
1.1 | R | SYSC 2 and SYSC 3 only apply to an insurer, a managing agent and the Society except that: | |||
(1) | for an incoming EEA firm or an incoming Treaty firm: | ||||
(a) | SYSC 2.1.1 R and SYSC 2.1.2 G do not apply; | ||||
(b) | SYSC 2.1.3 R to SYSC 2.2.3 G apply, but only in relation to allocation of the function in SYSC 2.1.3 R (2) and only in so far as responsibility for the matter in question is not reserved by an EU instrument to the firm's Home State regulator; and | ||||
(c) | SYSC 3 applies, but only in so far as responsibility for the matter in question is not reserved by an EU instrument to the firm's Home State regulator; | ||||
(2) | for an incoming EEA firm which has permission only for cross border services and which does not carry on regulated activities in the United Kingdom, SYSC 2 and SYSC 3 do not apply; | ||||
(3) | for an incoming Treaty firm which has permission only for cross border services and which does not carry on regulated activities in the United Kingdom, SYSC 3.2.6A R to SYSC 3.2.6J G do not apply; | ||||
(4) | for a sole trader: | ||||
(a) | SYSC 2 applies but only if he employs any person who is required to be approved under section 59 of the Act (Approval for particular arrangements); | ||||
(b) | SYSC 3.2.6I R does not apply if he has no employees; and | ||||
(5) | SYSC 2 and SYSC 3 do not apply to an incoming ECA provider acting as such. | ||||
1.2 | G | (1) | Question 12 in SYSC 2.1.6 G contains guidance on SYSC 1 Annex 1.1.1R(1)(b) and SYSC 1 Annex 1.1.1R(1)(c). | ||
(2) | SYSC 1 Annex 1.1.8R further restricts the territorial application of SYSC 2 and SYSC 3 for an incoming EEA firm or an incoming Treaty firm. | ||||
(3) | SYSC 1 Annex 1.1.1R(3) puts an incoming EEA firm on an equal footing with unauthorised overseas persons who utilise the overseas persons exclusions in article 72 of the Regulated Activities Order. | ||||
(4) | Further guidance on which matters are reserved to a firm'sHome State regulator can be found at SUP 13A Annex 2. | ||||
What? | |||||
1.3 | R | SYSC 2 and SYSC 3 apply with respect to the carrying on of: | |||
(1) | regulated activities; | ||||
(2) | activities that constitute dealing in investments as principal, disregarding the exclusion in article 15 of the Regulated Activities Order (Absence of holding out etc); and | ||||
(3) | ancillary activities in relation to designated investment business, home finance activity and insurance mediation activity; | ||||
except that SYSC 3.2.6A R to SYSC 3.2.6J G do not apply as described in SYSC 1 Annex 1.1.4R. | |||||
1.6 | R | SYSC 2 and SYSC 3, except SYSC 3.2.6A R to SYSC 3.2.6J G, also: | |||
(1) | apply with respect to the carrying on of unregulated activities in a prudential context; and | ||||
(2) | take into account any activity of other members of a group of which the firm is a member. | ||||
1.7 | G | SYSC 1 Annex 1.1.6R(2) does not mean that inadequacy of a group member's systems and controls will automatically lead to a firm contravening, for example, SYSC 3.1.1 R. Rather, the potential impact of a group member's activities, including its systems and controls, and any systems and controls that operate on a group basis, will be relevant in determining the appropriateness of the firm's own systems and controls. | |||
Where? | |||||
1.8 | R | SYSC 2 and SYSC 3 apply with respect to activities carried on from an establishment maintained by the firm (or its appointed representative or, where applicable, its tied agent) in the United Kingdom unless another applicable rule which is relevant to the activity has a wider territorial scope, in which case SYSC 2 and SYSC 3 apply with that wider scope in relation to the activity described in that rule. | |||
1.9 | R | SYSC 2 and SYSC 3, except SYSC 3.2.6A R to SYSC 3.2.6J G, also apply in a prudential context to a UK domestic firm with respect to activities wherever they are carried on. | |||
1.10 | R | SYSC 3, except SYSC 3.2.6A R to SYSC 3.2.6J G, also applies in a prudential context to an overseas firm (other than an incoming EEA firm or an incoming Treaty firm) with respect to activities wherever they are carried on. | |||
1.11 | G | (1) | In considering whether to take regulatory action under SYSC 2 or SYSC 3 in relation to activities carried on outside the United Kingdom, the appropriate regulator will take into account the standards expected in the market in which the firm is operating. | ||
(2) | Most of the rules in SYSC 3 are linked to other requirements and standards under the regulatory system which have their own territorial limitations so that those SYSC rules are similarly limited in scope. | ||||
Actions for damages |
Part 2 | Application of the common platform requirements (SYSC 4 to 10) | ||||
Who? | |||||
2.1 | R | The common platform requirements apply to every firm apart from an insurer, a managing agent and the Society unless provided otherwise in a specific rule. | |||
2.2 | R | For an incoming EEA firm or an incoming Treaty firm: | |||
(1) | the rule on responsibility of senior personnel (SYSC 4.3) does not apply; | ||||
(2) | the common platform requirements apply only in so far as responsibility for the matter in question is not reserved by an EU instrument to the firm's Home State regulator; | ||||
(3) | for an incoming EEA firm which has permission only for cross-border services and which does not carry on regulated activities in the United Kingdom, the common platform requirements do not apply; | ||||
(4) | for an incoming Treaty firm which has permission only for cross-border services and which does not carry on regulated activities in the United Kingdom, the common platform requirements on financial crime do not apply. | ||||
2.6 | R | The common platform requirements do not apply to an incoming ECA provider acting as such. | |||
2.6A | R | The common platform requirements do not apply to a firm (including an incoming EEA firm) in relation to its carrying on of auction regulation bidding, except for: | |||
(1) | SYSC 6.1.1 R which only applies to the extent that it relates to the obligation to establish, implement and maintain adequate policies and procedures for countering the risk that the firm (including its managers, employees and appointed representatives) might be used to further financial crime; and | ||||
(2) | SYSC 6.3 (Financial crime). | ||||
What? | |||||
2.8 | R | The common platform organisational requirements apply with respect to the carrying on of the following (unless provided otherwise within a specific rule): | |||
(1) | regulated activities; | ||||
(2) | activities that constitute dealing in investments as principal, disregarding the exclusion in article 15 of the Regulated Activities Order (Absence of holding out etc); | ||||
(3) | ancillary activities; | ||||
(4) | in relation to MiFID business, ancillary services; and | ||||
(5) | collective portfolio management. | ||||
2.9 | G | The application of the provisions on the conflicts of interest in SYSC 10 is set out in SYSC 10.1.1 R and SYSC 10.2.1 R | |||
2.13 | R | The common platform organisational requirements, except the common platform requirements on financial crime, also: | |||
(1) | apply with respect to the carrying on of unregulated activities in a prudential context; and | ||||
(2) | take into account any activity of other members of a group of which the firm is a member. | ||||
2.14 | G | SYSC 1 Annex 1.2.13R(2) does not mean that inadequacy of a group member's systems and controls will automatically lead to a firm contravening any of the common platform organisational requirements. Rather, the potential impact of a group member's activities, including its systems and controls, and any systems and controls that operate on a group basis, will be relevant in determining the appropriateness of the firm's own systems and controls. | |||
Where? | |||||
2.15 | R | The common platform requirements, except the common platform record-keeping requirements, apply to a firm in relation to activities carried on by it from an establishment in the United Kingdom. | |||
2.16 | R | The common platform requirements, except the common platform requirements on financial crime and the common platform record-keeping requirements, apply to a firm that is not a UK UCITS management company in relation to passported activities carried on by it from a branch in another EEA State. | |||
2.17 | R | The common platform record-keeping requirements apply to activities carried on by a firm from an establishment maintained in the United Kingdom, unless another applicable rule which is relevant to the activity has a wider territorial scope, in which case the common platform record-keeping requirements apply with that wider scope in relation to the activity described in that rule. | |||
[Note: article 13(9) of MiFID] | |||||
2.18 | R | The common platform organisational requirements, except the common platform requirements on financial crime, also apply in a prudential context to a UK domestic firm and to an overseas firm (other than an incoming EEA firm or an Incoming Treaty firm) with respect to activities wherever they are carried on. | |||
Actions for damages |
Part 3 | Tables summarising the application of the common platform requirements to different types of firm | ||||
3.1 | G | The common platform requirements apply in the following four ways (subject to the provisions in Part 2 of this Annex). | |||
3.2 | G | For a common platform firm, they apply in accordance with Column A in the table below. | |||
3.2B | R | For a full-scope UK AIFM of an authorised AIF, they apply in line with Column A++ in the table below. | |||
3.3 | G | For all other firms apart from insurers, managing agents, the Society and full-scope UK AIFMs of unauthorised AIFs, they apply in accordance with Column B in the table below. For these firms, where a rule is shown modified in Column B as 'Guidance', it should be read as guidance (as if "should" appeared in that rule instead of "must") and should be applied in a proportionate manner, taking into account the nature, scale and complexity of the firm's business. |
Provision SYSC 4 |
COLUMN A Application to a common platform firm other than to a UCITS investment firm |
COLUMN A+ Application to a UCITS management company |
COLUMN A++ Application to a full-scope UK AIFM of an authorised AIF |
COLUMN B Application to all other firms apart from insurers, managing agents the Society, and full-scope UK AIFMs of unauthorised AIFs |
SYSC 4.1.1 R | Rule | Rule | Rule | Rule |
SYSC 4.1.1A R | Not applicable | Not applicable | Rule | Not applicable |
SYSC 4.1.2 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Rule | Guidance |
SYSC 4.1.2A G | Not applicable | Guidance for a UCITS firm; not applicable to a UCITS investment firm | Not applicable | Guidance |
SYSC 4.1.2D R | Not applicable | Not applicable | Rule | Not applicable |
SYSC 4.1.3 R | [deleted] | [deleted] | [deleted] | [deleted] |
SYSC 4.1.4 R | Rule | Rule | Not applicable | (1) and (3) Guidance (2) Rule |
SYSC 4.1.4A G | Not applicable | Not applicable | Not applicable | Guidance |
SYSC 4.1.5 R | Rule applies only to a MiFID investment firm | Rule | Not applicable | Not applicable |
SYSC 4.1.6 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 4.1.7 R | Rule | Rule | Not applicable | Guidance |
SYSC 4.1.7A G | Not applicable | Not applicable | Not applicable | Guidance |
SYSC 4.1.8 G | Guidance | Guidance | Guidance | Guidance |
SYSC 4.1.9 R | Rule | Rule | Not applicable | Not applicable |
SYSC 4.1.10 R | Rule | Rule | Not applicable | Guidance - except reference to SYSC 4.1.9 R which does not apply to these firms |
SYSC 4.1.10A G | Not applicable | Not applicable | Not applicable | Guidance |
SYSC 4.1.11 G | Guidance | Guidance | Guidance | Guidance |
SYSC 4.1.13 G | Guidance | Guidance | Guidance | Guidance |
SYSC 4.1.14 G | Guidance | Guidance | Guidance | Guidance |
SYSC 4.2.1 R | Rule | Rule | Rule | - UK branch of non-EEA bank - rule applies. - Other firms - Guidance |
SYSC 4.2.1A G | Not applicable | Not applicable | Not applicable | Guidance |
SYSC 4.2.2 R | Rule | Rule | Rule | - UK branch of a non-EEA bank - Rule applies - Other firms - this provision does not apply |
SYSC 4.2.3 G - 4.2.5 G | Guidance | Guidance | Guidance | - UK branch of a non-EEA bank - Guidance - Other firms - these provisions do not apply |
SYSC 4.2.6 R | Rule | Rule for a UCITS investment firm; otherwise not applicable | Not applicable | - UK branch of a non-EEA bank - Rule applies - Other firms - this provision does not apply |
SYSC 4.2.7 R | Not applicable | Not applicable | Rule | Not applicable |
SYSC 4.2.8 G | Not applicable | Not applicable | Rule | Not applicable |
SYSC 4.2.9G | Not applicable | Not applicable | Guidance | Not applicable |
SYSC 4.3.1 R | Rule | Rule | Not applicable | Rule (but not applicable to incoming EEA firms, incoming Treaty firms or UCITS qualifiers) |
SYSC 4.3.2 R | Rule | Rule | Not applicable | Guidance (but not applicable to incoming EEA firms, incoming Treaty firms or UCITS qualifiers) |
SYSC 4.3.2A G | Not applicable | Not applicable | Not applicable | Guidance (but not applicable to incoming EEA firms, incoming Treaty firms or UCITS qualifiers) |
SYSC 4.3.3 G | Guidance | Guidance | Not applicable | Guidance (but not applicable to incoming EEA firms, incoming Treaty firms or UCITS qualifiers) |
SYSC 4.3A.1 R | Rule applicable to CRR firms |
Rule for a CRR firm that is a UCITS investment firm |
Not applicable |
Not applicable |
SYSC 4.3A.2 R | Rule applicable to CRR firms |
Rule for a CRRfirm that is a UCITS investment firm |
Not applicable |
Not applicable |
SYSC 4.3A.3 R | Rule applicable to CRR firms |
Rule for a CRRfirm that is a UCITS investment firm |
Not applicable |
Not applicable |
SYSC 4.3A.4 R | Rule applicable to CRR firms |
Rule for a CRRfirm that is a UCITS investment firm |
Not applicable |
Not applicable |
SYSC 4.3A.5 R | Rule applicable to CRR firms | Rule for a CRRfirm that is a UCITS investment firm |
Not applicable | Not applicable |
SYSC 4.3A.6 R | Rule applicable for CRR firms | Rule for a CRR firm that is a UCITS investment firm | Not applicable | Not applicable |
SYSC 4.3A.7 R | Rule applicable to CRR firms | Rule for a CRR firm that is a UCITS investment firm | Not applicable | Not applicable |
SYSC 4.3A.8 R | Rule applicable to CRR firms | Rule for a CRR firm that is a UCITS investment firm | Not applicable | Not applicable |
SYSC 4.3A.9 R | Rule applicable to CRR firms | Rule for a CRR firm that is a UCITS investment firm | Not applicable | Not applicable |
SYSC 4.3A.10 R | Rule applicable to CRR firms | Rule for a CRR firm that is a UCITS investment firm | Not applicable | Not applicable |
SYSC 4.3A.11 R | Rule applicable to CRR firms | Rule for a CRR firm that is a UCITS investment firm | Not applicable | Not applicable |
SYSC 4.4.1 R | Not applicable | Not applicable | Not applicable | Rule applies this section only to: (1) an authorised professional firm in respect of its non-mainstream regulated activities unless the firm is also conducting other regulated activities and has appointed approved persons to perform the governing functions with equivalent responsibilities for the firm'snon-mainstream regulated activities and other regulated activities; 2) activities carried on by a firm whose principal purpose is to carry on activities other than regulated activities and which is: (a) an oil market participant; (b) a service company; (c) an energy market participant; (d) a wholly-owned subsidiary of: (i) a local authority; (ii) a registered social landlord; (e) a firm with permission to carry on insurance mediation activity in relation to non-investment insurance contracts but no other regulated activity; 3) an incoming Treaty firm, an incoming EEA firm and a UCITS qualifier, (but only SYSC 4.4.5 R (2) applies for these firms); and (4) a sole trader, but only if he employs any person who is required to be approved under section 59 of the Act (Approval for particular arrangements). |
SYSC 4.4.2 G | Not applicable | Not applicable | Not applicable | Guidance only applying to the firms specified in SYSC 4.4.1 R or SYSC 4.4.1A R |
SYSC 4.4.3 R | Not applicable | Not applicable | Not applicable | Rule only applying to the firms specified in SYSC 4.4.1 R or SYSC 4.4.1A R |
SYSC 4.4.4 G | Not applicable | Not applicable | Not applicable | Guidance only applying to the firms specified in SYSC 4.4.1 R or SYSC 4.4.1A R |
SYSC 4.4.5 R | Not applicable | Not applicable | Not applicable | Rule only applying to the firms specified in SYSC 4.4.1 R or SYSC 4.4.1A R |
SYSC 4.4.6 G | Not applicable | Not applicable | Not applicable | Guidance only applying to the firms specified in SYSC 4.4.1 R or SYSC 4.4.1A R |
Provision SYSC 5 |
COLUMN A Application to a common platform firm other than to a UCITS investment firm |
COLUMN A+ Application to a UCITS management company |
COLUMN A++ Application to a full-scope UK AIFM of an authorised AIF |
COLUMN B Application to all other firms apart from insurers, managing agents the Society, and full-scope UK AIFMs of unauthorised AIFs |
SYSC 5.1.1 R | Rule | Rule | Not applicable | Rule |
SYSC 5.1.2 G | Guidance | Guidance | Guidance | Guidance |
SYSC 5.1.3 G | Guidance | Guidance | Not applicable | Guidance |
SYSC 5.1.4A G | Guidance | Guidance | Guidance | Guidance |
SYSC 5.1.5 G | Guidance | Guidance | Guidance | Guidance |
SYSC 5.1.5A G | Guidance | Guidance | Guidance | Guidance |
SYSC 5.1.6 R | Rule | Rule | Guidance | Guidance |
SYSC 5.1.7 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Guidance | Guidance |
SYSC 5.1.7A G | Not applicable | Not applicable to a UCITS investment firm; otherwise guidance | Guidance | Guidance |
SYSC 5.1.8 G | Guidance | Guidance | Guidance | Guidance |
SYSC 5.1.9 G | Guidance | Guidance | Guidance | Guidance |
SYSC 5.1.10 G | Guidance | Guidance | Guidance, but not applicable for the segregation of risk management functions | Guidance |
SYSC 5.1.11 G | Guidance | Guidance | Guidance | Guidance |
SYSC 5.1.12 R | Rule | Rule | Not applicable | Guidance |
SYSC 5.1.12A G | Not applicable | Not applicable | Not applicable | Guidance |
SYSC 5.1.13 R | Rule | Rule | Not applicable | Rule |
SYSC 5.1.14 R | Rule | Rule | Not applicable | Guidance |
SYSC 5.1.15 G | Not applicable | Not applicable | Not applicable | Guidance |
Provision SYSC 6 |
COLUMN A Application to a common platform firm other than to a UCITS investment firm |
COLUMN A+ Application to a UCITS management company |
COLUMN A++ Application to a full-scope UK AIFM of an authorised AIF |
COLUMN B Application to all other firms apart from insurers, managing agents, the Society and full-scope UK AIFMs of unauthorised AIFs |
SYSC 6.1.1 R | Rule | Rule | Rule but only regarding the obligation to establish, implement and maintain adequate policies and procedures for countering the risk that the firm (including its managers and employees) might be used to further financial crime | Rule |
SYSC 6.1.1A G | Guidance | Guidance | Guidance | Guidance |
SYSC 6.1.2 R | Rule | Rule | Not applicable | Guidance |
SYSC 6.1.2A G | Not applicable | Not applicable | Not applicable | Guidance |
SYSC 6.1.3 R | Rule | Rule | Not applicable | - Guidance This provision shall be read with the following additional sentence at the start. "Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to have a separate compliance function. Where a firm has a separate compliance function, the firm should also take into account 6.1.3 R and 6.1.4 R as guidance." |
SYSC 6.1.3A G | Not applicable | Not applicable | Not applicable | Guidance |
SYSC 6.1.4 R | Rule | Rule | Not applicable | (1) (3) and (4) Guidance (2) - Rule for firms which carry on designated investment business with or for retail clients or professional clients. - Guidance for all other firms. |
SYSC 6.1.4A G | Not applicable | Not applicable | Rule | Guidance |
SYSC 6.1.5 R | Not applicable | - Guidance - "investment services and activities" shall be read as "financial services and activities" | ||
SYSC 6.1.6 R | Not applicable | Not applicable | Not applicable | Guidance |
SYSC 6.2.1 R | Rule | Rule | Not applicable | Guidance |
SYSC 6.2.1A G | Not applicable | Not applicable | Not applicable | Guidance |
SYSC 6.2.2 G | Guidance | Guidance | Not applicable | Guidance |
Provision SYSC 7 |
COLUMN A Application to a common platform firm other than to a UCITS investment firm |
COLUMN A+ Application to a UCITS management company |
COLUMN A++ Application to a full-scope UK AIFM of an authorised AIF |
COLUMN B Application to all other firms apart from insurers, managing agents, the Society, and full-scope UK AIFMs of unauthorised AIFs |
SYSC 7.1.1 G | Guidance | Guidance | Not applicable | Guidance |
SYSC 7.1.2 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 7.1.2A G | Not applicable | Not applicable to a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 7.1.2B G | Not applicable | Guidance | Not applicable | Not applicable |
SYSC 7.1.3 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 7.1.4 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 7.1.4A G | Not applicable | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 7.1.4B G | Not applicable | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 7.1.5 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 7.1.6 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 7.1.7 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 7.1.7A G | Not applicable | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 7.1.7B G | Guidance applies only to a BIPRU firm | Rule for a UCITS investment firm; otherwise guidance | Guidance | Guidance |
SYSC 7.1.7C G | Guidance | Guidance | Guidance | Guidance |
SYSC 7.1.8 G | [deleted] | [deleted] | [deleted] | [deleted] |
SYSC 7.1.9 R | Rule applies to a BIPRU firm | Rule for a UCITS investment firm; otherwise not applicable | Not applicable | Not applicable |
SYSC 7.1.10 R | Rule applies to a BIPRU firm | Rule for a UCITS investment firm; otherwise not applicable | Not applicable | Not applicable |
SYSC 7.1.11 R | Rule applies to a BIPRU firm | Rule for a UCITS investment firm; otherwise not applicable | Not applicable | Not applicable |
SYSC 7.1.12 G | Guidance applies to a BIPRU firm | Rule for a UCITS investment firm; otherwise not applicable | Not applicable | Not applicable |
SYSC 7.1.13 R - 7.1.16 R | Rule applies to a BIPRU firm | Rule for a UCITS investment firm; otherwise not applicable | Not applicable | Not applicable |
SYSC 7.1.17 R | Rule applies to a CRR firm | Rule for a UCITS investment firm that is a CRR firm, otherwise not applicable | Not applicable | Not applicable |
SYSC 7.1.18 R | Rule applies to a CRR firm | Rule for a UCITS investment firm that is a CRR firm, otherwise not applicable | Not applicable | Not applicable |
SYSC 7.1.19 R | Rule applies to a CRR firm | Rule for a UCITS investment firm that is a CRR firm, otherwise not applicable | Not applicable | Not applicable |
SYSC 7.1.20 R | Rule applies to a CRR firm | Rule for a UCITS investment firm that is a CRR firm, otherwise not applicable | Not applicable | Not applicable |
SYSC 7.1.21 R | Rule applies to a CRR firm | Rule for a UCITS investment firm that is a CRR firm, otherwise not applicable | Not applicable | Not applicable |
SYSC 7.1.22 R | Rule applies to a CRR firm | Rule for a UCITS investment firm that is a CRR firm, otherwise not applicable | Not applicable | Not applicable |
Provision SYSC 8 |
COLUMN A Application to a common platform firm other than to a UCITS investment firm |
COLUMN A+ Application to a UCITS management company |
COLUMN A++ Application to a full-scope UK AIFM of an authorised AIF |
COLUMN B Application to all other firms apart from insurers, managing agents, the Society, and full-scope UK AIFMs of unauthorised AIFs |
SYSC 8.1.1 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 8.1.1A G | Not applicable | Not applicable to a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 8.1.2 G | Guidance | Guidance | Not applicable | Guidance |
SYSC 8.1.3 G | Guidance | Guidance | Not applicable | Guidance |
SYSC 8.1.4 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 8.1.5 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 8.1.5A G | Not applicable | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 8.1.6 R | Rule | Rule | Not applicable | Rule |
SYSC 8.1.7 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 8.1.8 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 8.1.9 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 8.1.10 R | Rule |
Rule for a UCITS investment firm; otherwise guidance |
Not applicable | Guidance |
SYSC 8.1.11 R | Rule | Rule for a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 8.1.11A G | Not applicable | Not applicable to a UCITS investment firm; otherwise guidance | Not applicable | Guidance |
SYSC 8.1.12 G | Guidance | Guidance | Not applicable | Guidance |
Provision SYSC 9 |
COLUMN A Application to a common platform firm other than to a UCITS investment firm |
COLUMN A+ Application to a UCITS management company |
COLUMN A++ Application to a full-scope UK AIFM of an authorised AIF |
COLUMN B Application to all other firms apart from insurers, managing agents, the Society, and full-scope UK AIFMs of unauthorised AIFs |
SYSC 9.1.1 R | Rule | Rule | Rule but only for the requirement to arrange for orderly records to be kept of its business and internal organisation which do not relate to portfolio transactions and subscription and redemptions orders | Rule |
SYSC 9.1.2 R | Rule applies only in relation to MiFID business | Rule applies only in relation to MiFID business of a UCITS investment firm | Rule but only for records specified by the modified application of SYSC 9.1.1 R | Not applicable |
SYSC 9.1.3 R | Rule applies only in relation to MiFID business | Rule applies only in relation to MiFID business of a UCITS investment firm | Not applicable | Not applicable |
SYSC 9.1.4 G | Guidance | Guidance | Guidance | Guidance |
SYSC 9.1.5 G | Guidance | Guidance | Not applicable | Guidance |
SYSC 9.1.6 G | Guidance | Guidance | Not applicable | Guidance |
SYSC 9.1.7 G | Guidance applies only in relation to MiFID business | Guidance applies only in relation to MiFID business of a UCITS investment firm | Not applicable | Not applicable |
Provision SYSC 10 |
Column A Application to a common platform firm other than to a UCITS investment firm |
COLUMN A+ Application to a UCITS management company |
COLUMN A++ Application to a full-scope UK AIFM of an authorised AIF |
Column B Application to all other firms apart from insurers, managing agents, the Society, and full-scope UK AIFMs of unauthorised AIFs |
SYSC 10.1.1 R | Rule | Rule | Not applicable | Rule |
SYSC 10.1.2 G | Guidance | Guidance | Not applicable | Guidance |
SYSC 10.1.3 R | Rule | Rule | Not applicable | Rule |
SYSC 10.1.4 R | Rule | Rule | Not applicable | Guidance - but applies as a rule in relation to the production or arrangement of investment research in accordance with COBS 12.2, or the production or dissemination of non-independent research in accordance with COBS 12.3 |
SYSC 10.1.4A G | Not applicable | Not applicable | Not applicable | Guidance |
SYSC 10.1.5 G | Guidance | Guidance | Not applicable | Guidance |
SYSC 10.1.6 R | Rule | Rule | Not applicable | Guidance - but applies as a rule in relation to the production or arrangement of investment research in accordance with COBS 12.2, or the production or dissemination of non-independent research in accordance with COBS 12.3 |
SYSC 10.1.6A G | Not applicable | Not applicable | Not applicable | Guidance |
SYSC 10.1.7 R | Rule | Rule | Not applicable | Rule |
SYSC 10.1.8 R | Rule | Rule | Not applicable | Rule |
SYSC 10.1.8A R | Rule | Rule | Not applicable | Rule |
SYSC 10.1.9 G | Guidance | Guidance | Not applicable | Guidance |
SYSC 10.1.10 R | Rule | Rule | Not applicable | Guidance - but applies as a rule in relation to the production or arrangement of investment research in accordance with COBS 12.2, or the production or dissemination of non-independent research in accordance with COBS 12.3 |
SYSC 10.1.11 R | Rule | Rule | Not applicable | Guidance - but applies as a rule in relation to the production or arrangement of investment research in accordance with COBS 12.2, or the production or dissemination of non-independent research in accordance with COBS 12.3 |
SYSC 10.1.11A G | Not applicable | Not applicable | Not applicable | Guidance |
SYSC 10.1.12 G - SYSC 10.1.15 G |
Guidance | Guidance for SYSC 10.1.12 G; not applicable for SYSC 10.1.13 G - SYSC 10.1.15 G | Guidance for SYSC 10.1.12 G; not applicable for SYSC 10.1.13 G to SYSC 10.1.15 G | Guidance |
SYSC 10.1.22 R | Not applicable | Rule | Rule | Not applicable |
SYSC 10.1.23 R to SYSC 10.1.26 R | Not applicable | Not applicable | Rule | Not applicable |
- 04/08/2014
SYSC 2
Senior management arrangements
SYSC 2.1
Apportionment of Responsibilities
- 01/12/2004
SYSC 2.1.1
See Notes
A firm must take reasonable care to maintain a clear and appropriate apportionment of significant responsibilities among its directors and senior managers in such a way that:
- (1) it is clear who has which of those responsibilities; and
- (2) the business and affairs of the firm can be adequately monitored and controlled by the directors, relevant senior managers and governing body of the firm.
- 01/04/2013
SYSC 2.1.1A
See Notes
- 01/04/2013
SYSC 2.1.2
See Notes
- 01/04/2013
SYSC 2.1.3
See Notes
A firm must appropriately allocate to one or more individuals, in accordance with SYSC 2.1.4 R, the functions of:
- (1) dealing with the apportionment of responsibilities under SYSC 2.1.1 R; and
- (2) overseeing the establishment and maintenance of systems and controls under SYSC 3.1.1 R.
- 01/04/2013
SYSC 2.1.4
See Notes
Allocation of functions
This table belongs to SYSC 2.1.3 R
1: Firm type | 2: Allocation of both functions must be to the following individual, if any (see Note): | 3: Allocation to one or more individuals selected from this column is compulsory if there is no allocation to an individual in column 2, but is otherwise optional and additional: |
(1) A firm which is a body corporate and is a member of a group, other than a firm in row (2) | (1) the firm's chief executive (and all of them jointly, if more than one); or |
the firm's and its group's: (1) directors; and (2) senior managers |
(2) a director or senior manager responsible for the overall management of: |
||
(a) the group; or (b) a group division within which some or all of the firm's regulated activities fall |
||
(2) An incoming EEA firm or incoming Treaty firm (note: only the function in SYSC 2.1.3 R (2) must be allocated) | (not applicable) | the firm's and its group's: (1) directors; and (2) senior managers |
(3) Any other firm | the firm's chief executive (and all of them jointly, if more than one) | the firm's and its group's: (1) directors; and (2) senior manager's |
Note: Column 2 does not require the involvement of the chief executive or other executive director or senior manager in an aspect of corporate governance if that would be contrary to generally accepted principles of good corporate governance. |
- 01/04/2013
SYSC 2.1.5
See Notes
- 01/04/2013
SYSC 2.1.6
See Notes
Frequently asked questions about allocation of functions in SYSC 2.1.3 R
This table belongs to SYSC 2.1.5 G
Question | Answer | |
1 | Does an individual to whom a function is allocated under SYSC 2.1.3 R need to be an approved person? | An individual to whom a function is allocated under SYSC 2.1.3 R will be performing the apportionment and oversight function (CF 8, see SUP 10A.7.1 R) and an application must be made under section 59 of the Act for approval of the individual before the function is performed.There are exceptions from this in SUP 10A.1 (Approved persons - Application). |
2 | If the allocation is to more than one individual, can they perform the functions, or aspects of the functions, separately? | If the functions are allocated to joint chief executives under SYSC 2.1.4 R, column 2, they are expected to act jointly.If the functions are allocated to an individual under SYSC 2.1.4 R, column 2, in addition to individuals under SYSC 2.1.4 R, column 3, the former may normally be expected to perform a leading role in relation to the functions that reflects his position.Otherwise, yes. |
3 | What is meant by "appropriately allocate" in this context? | The allocation of functions should be compatible with delivering compliance with Principle 3, SYSC 2.1.1 R and SYSC 3.1.1 R. The appropriate regulator considers that allocation to one or two individuals is likely to be appropriate for most firms. |
4 | If a committee of management governs a firm or group, can the functions be allocated to every member of that committee? | Yes, as long as the allocation remains appropriate (see Question 3).If the firm also has an individual as chief executive, then the functions must be allocated to that individual as well under SYSC 2.1.4 R, column 2 (see Question 7). |
5 | Does the definition of chief executive include the possessor of equivalent responsibilities with another title, such as a managing director or managing partner? | Yes. |
6 | Is it possible for a firm to have more than one individual as its chief executive? | Although unusual, some firm may wish the responsibility of a chief executive to be held jointly by more than one individual. In that case, each of them will be a chief executive and the functions must be allocated to all of them under SYSC 2.1.4 R, column 2 (see also Questions 2 and 7). |
7 | If a firm has an individual as chief executive, must the functions be allocated to that individual? | Normally, yes, under SYSC 2.1.4 R, column 2. But if the firm is a body corporate and a member of a group, the functions may, instead of to the firm's chief executive, be allocated to a director or senior manager from the group responsible for the overall management of the group or of a relevant group division, so long as this is appropriate (see Question 3). Such individuals may nevertheless require approval under section 59 (see Question 1). If the firm chooses to allocate the functions to a director or senior manager responsible for the overall management of a relevant group division, the appropriate regulator would expect that individual to be of a seniority equivalent to or greater than a chief executive of the firm for the allocation to be appropriate. See also Question 14. |
8 | If a firm has a chief executive, can the functions be allocated to other individuals in addition to the chief executive? | Yes. SYSC 2.1.4 R, column 3, permits a firm to allocate the functions, additionally, to the firm's (or where applicable the group's) directors and senior managers as long as this is appropriate (see Question 3). |
9 | What if a firm does not have a chief executive? | Normally, the functions must be allocated to one or more individuals selected from the firm's (or where applicable the group's) directors and senior managers under SYSC 2.1.4 R, column 3. But if the firm: (1) is a body corporate and a member of a group; and (2) the group has a director or senior manager responsible for the overall management of the group or of a relevant group division; then the functions must be allocated to that individual (together, optionally, with individuals from column 3 if appropriate) under SYSC 2.1.4 R, column 2. |
10 | What do you mean by "group division within which some or all of the firm's regulated activities fall"? | A "division" in this context should be interpreted by reference to geographical operations, product lines or any other method by which the group's business is divided. If the firm's regulated activities fall within more than one division and the firm does not wish to allocate the functions to its chief executive, the allocation must, under SYSC 2.1.4 R, be to: (1) a director or senior manager responsible for the overall management of the group; or (2) a director or senior manager responsible for the overall management of one of those divisions; together, optionally, with individuals from column 3 if appropriate. (See also Questions 7 and 9.) |
11 | How does the requirement to allocate the functions in SYSC 2.1.3 R apply to an overseas firm which is not an incoming EEA firm, incoming Treaty firm or UCITS qualifier? | The firm must appropriately allocate those functions to one or more individuals, in accordance with SYSC 2.1.4 R, but: (1) The responsibilities that must be apportioned and the systems and controls that must be overseen are those relating to activities carried on from a UK establishment with certain exceptions (see SYSC 1 Annex 1.1.7 R). Note that SYSC 1 Annex 1.1.10 R does not extend the territorial scope of SYSC 2 for an overseas firm. (2) The chief executive of an overseas firm is the person responsible for the conduct of the firm's business within the United Kingdom (see the definition of "chief executive"). This might, for example, be the manager of the firm's UK establishment, or it might be the chief executive of the firm as a whole, if he has that responsibility. The apportionment and oversight function applies to such a firm, unless it falls within a particular exception from the approved persons regime (see Question 1). |
12 | How does the requirement to allocate the functions in SYSC 2.1.3 R apply to an incoming EEA firm or incoming Treaty firm? | SYSC 1 Annex 1.1.1R and SYSC 1 Annex 1.1.8 R restrict the application of SYSC 2.1.3 R for such a firm. Accordingly: (1) Such a firm is not required to allocate the function of dealing with apportionment in SYSC 2.1.3 R (1). (2) Such a firm is required to allocate the function of oversight in SYSC 2.1.3 R (2). However, the systems and controls that must be overseen are those relating to matters which the appropriate regulator , as Host State regulator, is entitled to regulate (there is guidance on this in SUP 13A Annex 2 G ). Those are primarily, but not exclusively, the systems and controls relating to the conduct of the firm's activities carried on from its UK branch. (3) Such a firm need not allocate the function of oversight to its chief executive; it must allocate it to one or more directors and senior managers of the firm or the firm's group under SYSC 2.1.4 R, row (2). (4) An incoming EEA firm which has provision only for cross border services is not required to allocate either function if it does not carry on regulated activities in the United Kingdom; for example if they fall within the overseas persons exclusions in article 72 of the Regulated Activities Order. See also Questions 1 and 15. |
13 | What about a firm that is a partnership or a limited liability partnership? | The appropriate regulator envisages that most if not all partners or members will be either directors or senior managers, but this will depend on the constitution of the partnership (particularly in the case of a limited partnership) or limited liability partnership. A partnership or limited liability partnership may also have a chief executive (see Question 5). A limited liability partnership is a body corporate and, if a member of a group, will fall within SYSC 2.1.4 R, row (1) or (2). |
14 | What if generally accepted principles of good corporate governance recommend that the chief executive should not be involved in an aspect of corporate governance? | The Note to SYSC 2.1.4 R provides that the chief executive or other executive director or senior manager need not be involved in such circumstances. For example, the UK Corporate Governance Code recommends that the board of a listed company should establish an audit committee of non-executive directors to be responsible for oversight of the audit. That aspect of the oversight function may therefore be allocated to the members of such a committee without involving the chief executive. Such individuals may require approval under section 59 in relation to that function (see Question 1). |
15 | What about electronic commerce activities carried on from an establishment in another EEA State with or for a person in the United Kingdom? | SYSC does not apply to an incoming ECA provider acting as such. |
- 01/04/2013
SYSC 2.2
Recording the apportionment
- 01/12/2004
SYSC 2.2.1
See Notes
- (1) A firm must make a record of the arrangements it has made to satisfy SYSC 2.1.1 R (apportionment) and SYSC 2.1.3 R (allocation) and take reasonable care to keep this up to date.
- (2) This record must be retained for six years from the date on which it was superseded by a more up-to-date record.
- 01/04/2013
SYSC 2.2.2
See Notes
- (1) A firm will be able to comply with SYSC 2.2.1 R by means of records which it keeps for its own purposes provided these records satisfy the requirements of SYSC 2.2.1 R and provided the firm takes reasonable care to keep them up to date. Appropriate records might, for this purpose, include organisational charts and diagrams, project management documents, job descriptions, committee constitutions and terms of reference provided they show a clear description of the firm's major functions.
- (2) Firms should record any material change to the arrangements described in SYSC 2.2.1 R as soon as reasonably practicable after that change has been made.
- 01/04/2013
SYSC 2.2.3
See Notes
- 01/04/2013
SYSC 3
Systems and Controls
SYSC 3.1
Systems and Controls
- 01/12/2004
SYSC 3.1.1
See Notes
- 01/04/2013
SYSC 3.1.2
See Notes
- (1) The nature and extent of the systems and controls which a firm will need to maintain under SYSC 3.1.1 R will depend upon a variety of factors including:
- (a) the nature, scale and complexity of its business;
- (b) the diversity of its operations, including geographical diversity;
- (c) the volume and size of its transactions; and
- (d) the degree of risk associated with each area of its operation.
- (2) To enable it to comply with its obligation to maintain appropriate systems and controls, a firm should carry out a regular review of them.
- (3) The areas typically covered by the systems and controls referred to in SYSC 3.1.1 R are those identified in SYSC 3.2. Detailed requirements regarding systems and controls relevant to particular business areas or particular types of firm are covered elsewhere in the Handbook.
- 01/04/2013
SYSC 3.1.2A
See Notes
- 01/04/2013
SYSC 3.1.3
See Notes
- 01/04/2013
SYSC 3.1.5
See Notes
- 01/04/2013
SYSC 3.1.6
See Notes
- 01/04/2013
SYSC 3.1.7
See Notes
- 01/04/2013
SYSC 3.1.10
See Notes
- 01/04/2013
SYSC 3.2
Areas covered by systems and controls
- 01/12/2004
Introduction
SYSC 3.2.1
See Notes
- 01/04/2013
Organisation
SYSC 3.2.2
See Notes
- 01/04/2013
SYSC 3.2.3
See Notes
- (1) A firm's governing body is likely to delegate many functions and tasks for the purpose of carrying out its business. When functions or tasks are delegated, either to employees or to appointed representatives or, where applicable, its tied agents, appropriate safeguards should be put in place.
- (2) When there is delegation, a firm should assess whether the recipient is suitable to carry out the delegated function or task, taking into account the degree of responsibility involved.
- (3) The extent and limits of any delegation should be made clear to those concerned.
- (4) There should be arrangements to supervise delegation, and to monitor the discharge of delegates functions or tasks.
- (5) If cause for concern arises through supervision and monitoring or otherwise, there should be appropriate follow-up action at an appropriate level of seniority within the firm.
- 01/04/2013
SYSC 3.2.4
See Notes
- (1) The guidance relevant to delegation within the firm is also relevant to external delegation ('outsourcing'). A firm cannot contract out its regulatory obligations. So, for example, under Principle 3 a firm should take reasonable care to supervise the discharge of outsourced functions by its contractor.
- (2) A firm should take steps to obtain sufficient information from its contractor to enable it to assess the impact of outsourcing on its systems and controls.
- 01/04/2013
SYSC 3.2.5
See Notes
- 01/04/2013
The compliance function
SYSC 3.2.7
See Notes
- (1) Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to have a separate compliance function. The organisation and responsibilities of a compliance function should be documented. A compliance function should be staffed by an appropriate number of competent staff who are sufficiently independent to perform their duties objectively. It should be adequately resourced and should have unrestricted access to the firm's relevant records as well as ultimate recourse to its governing body.
- (2) [deleted]
- (3) [deleted]
- 01/04/2013
Risk assessment
SYSC 3.2.10
See Notes
- (1) Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to have a separate risk assessment function responsible for assessing the risks that the firm faces and advising the governing body and senior managers on them.
- (2) The organisation and responsibilities of a risk assessment function should be documented. The function should be adequately resourced and staffed by an appropriate number of competent staff who are sufficiently independent to perform their duties objectively.
- (3) The term 'risk assessment function' refers to the generally understood concept of risk assessment within a firm, that is, the function of setting and controlling risk exposure. The risk assessment function is not a controlled function itself, but is part of the systems and controls function (CF28).
- 01/04/2013
Management information
SYSC 3.2.11B
See Notes
- (1) A firm's arrangements should be such as to furnish its governing body with the information it needs to play its part in identifying, measuring, managing and controlling risks of regulatory concern. Three factors will be the relevance, reliability and timeliness of that information.
- (2) Risks of regulatory concern are those risks which relate to the safety and soundness of PRA-authorised persons.
- 01/04/2013
SYSC 3.2.12
See Notes
- 01/04/2013
Employees and agents
SYSC 3.2.13
See Notes
- 01/04/2013
SYSC 3.2.14
See Notes
- (1) SYSC 3.2.13 G includes assessing an individual's honesty, and competence. This assessment should normally be made at the point of recruitment. An individual's honesty need not normally be revisited unless something happens to make a fresh look appropriate.
- (2) Any assessment of an individual's suitability should take into account the level of responsibility that the individual will assume within the firm. The nature of this assessment will generally differ depending upon whether it takes place at the start of the individual's recruitment, at the end of the probationary period (if there is one) or subsequently.
- (3) [deleted]
- (4) The requirements on firms with respect to approved persons are in Part V of the Act (Performance of regulated activities) and SUP 10.
- 01/04/2013
Audit committee
SYSC 3.2.15
See Notes
- 01/04/2013
Internal audit
SYSC 3.2.16
See Notes
- (1) Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to delegate much of the task of monitoring the appropriateness and effectiveness of its systems and controls to an internal audit function. An internal audit function should have clear responsibilities and reporting lines to an audit committee or appropriate senior manager, be adequately resourced and staffed by competent individuals, be independent of the day-to-day activities of the firm and have appropriate access to a firm's records.
- (2) The term 'internal audit function' refers to the generally understood concept of internal audit within a firm, that is, the function of assessing adherence to and the effectiveness of internal systems and controls, procedures and policies. The internal audit function is not a controlled function itself, but is part of the systems and controls function (CF28).
- 01/04/2013
Business strategy
SYSC 3.2.17
See Notes
A firm should plan its business appropriately so that it is able to identify, measure, manage and control risks of regulatory concern (see SYSC 3.2.11 G (2)). In some firms, depending on the nature, scale and complexity of their business, it may be appropriate to have business plans or strategy plans documented and updated on a regular basis to take account of changes in the business environment.
- 01/04/2013
Remuneration policies
SYSC 3.2.18
See Notes
It is possible that firms' remuneration policies will from time to time lead to tensions between the ability of the firm to meet the requirements and standards under the regulatory system and the personal advantage of those who act for it. Where tensions exist, these should be appropriately managed.
- 01/04/2013
Business continuity
SYSC 3.2.19
See Notes
A firm should have in place appropriate arrangements, having regard to the nature, scale and complexity of its business, to ensure that it can continue to function and meet its regulatory obligations in the event of an unforeseen interruption. These arrangements should be regularly updated and tested to ensure their effectiveness.
- 01/04/2013
Records
SYSC 3.2.20
See Notes
- (1) A firm must take reasonable care to make and retain adequate records of matters and dealings (including accounting records) which are the subject of requirements and standards under the regulatory system.
- (2) Subject to (3) and to any other record-keeping rule in the Handbook, the records required by (1) or by such other rule must be capable of being reproduced in the English language on paper.
- (3) If a firm's records relate to business carried on from an establishment in a country or territory outside the United Kingdom, an official language of that country or territory may be used instead of the English language as required by (2).
- 01/04/2013
SYSC 3.2.21
See Notes
A firm should have appropriate systems and controls in place to fulfil the firm's regulatory and statutory obligations with respect to adequacy, access, periods of retention and security of records. The general principle is that records should be retained for as long as is relevant for the purposes for which they are made.
- 01/04/2013
SYSC 4
General organisational requirements
SYSC 4.1
General requirements
- 01/01/2007
SYSC 4.1.1
See Notes
- (1) A firm must have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.
- (2) [deleted]
[Note: article 74 (1) of CRD, article 13(5) second paragraph of MiFID, article 12(1)(a) of the UCITS Directive, and article 18(1) of AIFMD]
- 01/01/2014
SYSC 4.1.2
See Notes
For a common platform firm, the arrangements, processes and mechanisms referred to in SYSC 4.1.1 R must be comprehensive and proportionate to the nature, scale and complexity of the risks inherent in the business model and of the common platform firm's activities and must take into account the specific technical criteria described in SYSC 4.1.7 R, SYSC 5.1.7 R, SYSC 7 and (for a firm to which SYSC 19A applies) SYSC 19A , or (for a full-scope UK AIFM) SYSC 19B.
[Note: article 74 (2) of CRD]
- 01/01/2014
SYSC 4.1.2A
See Notes
Other firms should take account of the comprehensiveness and proportionality rule (SYSC 4.1.2 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G.
- 01/04/2013
Mechanisms and procedures for a firm
SYSC 4.1.4
See Notes
A firm (with the exception of a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements)) must, taking into account the nature, scale and complexity of the business of the firm, and the nature and range of the financial services and activities undertaken in the course of that business:
- (1) (if it is a common platform firm or a management company) establish, implement and maintain decision-making procedures and an organisational structure which clearly and in a documented manner specifies reporting lines and allocates functions and responsibilities;
- (2) establish, implement and maintain adequate internal control mechanisms designed to secure compliance with decisions and procedures at all levels of the firm;
- (3) (if it is a common platform firm) establish, implement and maintain effective internal reporting and communication of information at all relevant levels of the firm; and
- (4) (if it is a management company) establish, implement and maintain effective internal reporting and communication of information at all relevant levels of the management company as well as effective information flows with any third party involved.
[Note: articles 5(1) final paragraph, 5(1)(a), 5(1)(c) and 5(1)(e) of the MiFID implementing Directive and articles 4(1) final paragraph, 4(1)(a), 4(1)(c) and 4(1)(d) of the UCITS implementing Directive]
- 01/04/2013
SYSC 4.1.4A
See Notes
A firm that is not a common platform firm or a management company should take into account the decision-making procedures and effective internal reporting rules (SYSC 4.1.4R (1), (3) and (4)) as if they were guidance (and as if "should" appeared in those rules instead of "must") as explained in SYSC 1 Annex 1.3.3 G.
- 01/04/2013
SYSC 4.1.5
See Notes
A MiFID investment firm and a management company must establish, implement and maintain systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question.
[Note: article 5(2) of the MiFID implementing Directive and article 4(2) of the UCITS implementing Directive]
- 01/04/2013
Business continuity
SYSC 4.1.6
See Notes
A common platform firm must take reasonable steps to ensure continuity and regularity in the performance of its regulated activities. To this end the common platform firm must employ appropriate and proportionate systems, resources and procedures.
[Note: article 13(4) of MiFID]
- 01/04/2013
SYSC 4.1.7
See Notes
A common platform firm and a management company must establish, implement and maintain an adequate business continuity policy aimed at ensuring, in the case of an interruption to its systems and procedures, that any losses are limited, the preservation of essential data and functions, and the maintenance of its regulated activities, or, in the case of a management company, its collective portfolio management activities, or, where that is not possible, the timely recovery of such data and functions and the timely resumption of those activities.
[Note: article 5(3) of the MiFID implementing Directive, annex V paragraph 13 of the Banking Consolidation Directive, article 4(3) of the UCITS implementing Directive and article 85(2) of the CRD]
- 01/01/2014
SYSC 4.1.7A
See Notes
Other firms should take account of the business continuity rules (SYSC 4.1.6 R and 4.1.7 R) as if they were guidance (and as if "should" appeared in those rules instead of "must") as explained in SYSC 1 Annex 1.3.3 G.
- 01/04/2013
SYSC 4.1.8
See Notes
The matters dealt with in a business continuity policy should include:
- (1) resource requirements such as people, systems and other assets, and arrangements for obtaining these resources;
- (2) the recovery priorities for the firm's operations;
- (3) communication arrangements for internal and external concerned parties (including the appropriate regulator, clients and the press);
- (4) escalation and invocation plans that outline the processes for implementing the business continuity plans, together with relevant contact information;
- (5) processes to validate the integrity of information affected by the disruption; and
- (6) regular testing of the business continuity policy in an appropriate and proportionate manner in accordance with SYSC 4.1.10 R.
- 01/04/2013
Accounting policies
SYSC 4.1.9
See Notes
A common platform firm and a management company must establish, implement and maintain accounting policies and procedures that enable it, at the request of the appropriate regulator, to deliver in a timely manner to the appropriate regulator financial reports which reflect a true and fair view of its financial position and which comply with all applicable accounting standards and rules.
[Note: article 5(4) of the MiFID implementing Directive and article 4(4) of the UCITS implementing Directive]
- 01/04/2013
Regular monitoring
SYSC 4.1.10
See Notes
A common platform firm and a management company must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with SYSC 4.1.4 R to SYSC 4.1.9 R and take appropriate measures to address any deficiencies.
[Note: article 5(5) of the MiFID implementing Directive and article 4(5) of the UCITS implementing Directive]
- 01/04/2013
SYSC 4.1.10A
See Notes
Other firms should take account of the regular monitoring rule (SYSC 4.1.10 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G, but ignoring the cross-reference to SYSC 4.1.5 R and 4.1.9 R.
- 01/04/2013
Audit committee
SYSC 4.1.11
See Notes
Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to form an audit committee. An audit committee could typically examine management's process for ensuring the appropriateness and effectiveness of systems and controls, examine the arrangements made by management to ensure compliance with requirements and standards under the regulatory system, oversee the functioning of the internal audit function (if applicable) and provide an interface between management and external auditors. It should have an appropriate number of non-executive directors and it should have formal terms of reference.
- 01/04/2013
Risk control: additional guidance
SYSC 4.1.13
See Notes
- 01/04/2013
Apportionment of responsibilities: the role of the non-executive director
SYSC 4.1.14
See Notes
The role undertaken by a non-executive director will vary from one firm to another. Where a non-executive director is an approved person, for example where the firm is a body corporate, his responsibility and therefore liability will be limited by the role that he undertakes.
- 01/04/2013
SYSC 4.1.15
See Notes
- (1) A firm must have in place appropriate procedures for its employees to report breaches internally through a specific, independent and autonomous channel.
- (2) The channel in (1) may be provided through arrangements provided for by social partners.
[Note: article 71 (3) of CRD]
- 01/01/2014
SYSC 4.2
Persons who effectively direct the business
- 01/01/2007
SYSC 4.2.1
See Notes
The senior personnel of a common platform firm, a management company a full-scope UK AIFM, or of the UK branch of a non-EEA bank must be of sufficiently good repute and sufficiently experienced as to ensure the sound and prudent management of the firm.
[Note: article 9(1) of MiFID, article 7(1)(b) of the UCITS Directive article 8(1)(c) of AIFMD, article 11(1) second paragraph of the Banking Consolidation Directive and article 13(1) of the CRD]
- 01/01/2014
SYSC 4.2.1A
See Notes
Other firms should take account of the senior personnel rule (SYSC 4.2.1 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G.
- 01/04/2013
SYSC 4.2.2
See Notes
A common platform firm, a management company, a full-scope UK AIFM and the UK branch of a non-EEA bank must ensure that its management is undertaken by at least two persons meeting the requirements laid down in SYSC 4.2.1 R and, for a full-scope UK AIFM, SYSC 4.2.7 R.
[Note: article 9(4) first paragraph of MiFID, article 7(1)(b) of the UCITS Directive, article 8(1)(c) of AIFMD and article 13(1) of CRD]
- 01/01/2014
SYSC 4.2.3
See Notes
In the case of a body corporate, the persons referred to in SYSC 4.2.2 R should either be executive directors or persons granted executive powers by, and reporting immediately to, the governing body. In the case of a partnership, they should be active partners.
- 01/04/2013
SYSC 4.2.4
See Notes
At least two independent minds should be applied to the formulation and implementation of the policies of a common platform firm, a management company, a full-scope UK AIFM and the UK branch of a non-EEA bank. Where a firm nominates just two individuals to direct its business, the appropriate regulator will not regard them as both effectively directing the business where one of them makes some, albeit significant, decisions relating to only a few aspects of the business. Each should play a part in the decision-making process on all significant decisions. Both should demonstrate the qualities and application to influence strategy, day-to-day policy and its implementation. This does not require their day-to-day involvement in the execution and implementation of policy. It does, however, require involvement in strategy and general direction, as well as knowledge of, and influence on, the way in which strategy is being implemented through day-to-day policy.
- 23/07/2013
SYSC 4.2.5
See Notes
Where there are more than two individuals directing the business of a common platform firm, a management company, a full-scope UK AIFM or the UK branch of a non-EEA bank, the appropriate regulator does not regard it as necessary for all of these individuals to be involved in all decisions relating to the determination of strategy and general direction. However, at least two individuals should be involved in all such decisions. Both individuals' judgement should be engaged so that major errors leading to difficulties for the firm are less likely to occur. Similarly, each individual should have sufficient experience and knowledge of the business and the necessary personal qualities and skills to detect and resist any imprudence, dishonesty or other irregularities by the other individual. Where a single individual, whether a chief executive, managing director or otherwise, is particularly dominant in such a firm this will raise doubts about whether SYSC 4.2.2 R is met.
- 23/07/2013
SYSC 4.2.6
See Notes
If a common platform firm, (other than a credit institution or AIFM investment firm) or the UK branch of a non-EEA bank, is:
- (1) a natural person; or
- (2) a legal person managed by a single natural person;
it must have alternative arrangements in place which ensure sound and prudent management of the firm.
[Note: article 9(4) second paragraph of MiFID]
- 23/07/2013
SYSC 4.3
Responsibility of senior personnel
- 01/01/2007
SYSC 4.3.1
See Notes
A firm (with the exception of a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements)), when allocating functions internally, must ensure that senior personnel and, where appropriate, the supervisory function, are responsible for ensuring that the firm complies with its obligations under the regulatory system. In particular, senior personnel and, where appropriate, the supervisory function must assess and periodically review the effectiveness of the policies, arrangements and procedures put in place to comply with the firm's obligations under the regulatory system and take appropriate measures to address any deficiencies.
[Note: article 9(1) of the MiFID implementing Directive and articles 9(1) and 9(3) of the UCITS implementing Directive]
- 01/04/2013
SYSC 4.3.2
See Notes
A common platform firm (with the exception of a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements)) and a management company, must ensure that:
- (1) its senior personnel receive on a frequent basis, and at least annually, written reports on the matters covered by SYSC 6.1.2 R to SYSC 6.1.5 R, SYSC 6.2.1 R and SYSC 7.1.2 R, SYSC 7.1.3 R and SYSC 7.1.5 R to SYSC 7.1.7 R, indicating in particular whether the appropriate remedial measures have been taken in the event of any deficiencies; and
- (2) the supervisory function, if any, receives on a regular basis written reports on the same matters.
[Note: article 9(2) and article 9(3) of the MiFID implementing Directive and articles 9(4) and 9(6) of the UCITS implementing Directive]
- 01/04/2013
SYSC 4.3.2A
See Notes
Other firms should take account of the written reports rule (SYSC 4.3.2 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G.
- 01/04/2013
SYSC 4.3.3
See Notes
The supervisory function does not include a general meeting of the shareholders of a firm , or equivalent bodies, but could involve, for example, a separate supervisory board within a two-tier board structure or the establishment of a non-executive committee of a single-tier board structure.
- 01/04/2013
SYSC 4.3A
CRR firms
- 01/01/2014
Management body
SYSC 4.3A.1
See Notes
A CRR firm must ensure that the management body defines, oversees and is accountable for the implementation of governance arrangements that ensure effective and prudent management of the firm, including the segregation of duties in the organisation and the prevention of conflicts of interest. The firm must ensure that the management body:
- (1) has overall responsibility for the firm;
- (2) approves and oversees implementation of the firm's strategic objectives, risk strategy and internal governance;
- (3) ensures the integrity of the firm's accounting and financial reporting systems, including financial and operational controls and compliance with the regulatory system.
- (4) oversees the process of disclosure and communications;
- (5) has responsibility for providing effective oversight of senior management.
- (6) monitors and periodically assesses the effectiveness of the firm's governance arrangements and takes appropriate steps to address any deficiencies.
[Note: article 88(1) of CRD]
- 01/01/2014
SYSC 4.3A.2
See Notes
A CRR firm must ensure that the chairman of the firm's management body does not exercise simultaneously the chief executive function within the same firm, unless justified by the firm and authorised by the appropriate regulator.
[Note: article 88(1)(e) of CRD]
- 01/01/2014
SYSC 4.3A.3
See Notes
A CRR firm must ensure that the members of the management body of the firm:
- (1) are of sufficiently good repute;
- (2) possess sufficient knowledge, skills and experience to perform their duties;
- (3) possess adequate collective knowledge, skills and experience to understand the firm's activities, including the main risks;
- (4) reflect an adequately broad range of experiences;
- (5) commit sufficient time to perform their functions in the firm; and
- (6) act with honesty, integrity and independence of mind to effectively assess and challenge the decisions of senior management where necessary and to effectively oversee and monitor management decision-making.
[Note: article 91(1)-(2) and (7)-(8) of the CRD]
- 01/01/2014
SYSC 4.3A.4
See Notes
A CRR firm must devote adequate human and financial resources to the induction and training of members of the management body.
[Note: article 91(3) of the CRD]
- 01/01/2014
SYSC 4.3A.5
See Notes
A CRR firm must ensure that the members of the management body of the firm do not hold more directorships than is appropriate taking into account individual circumstances and the nature, scale and complexity of the firm's activities.
[Note: article 91(3) of the CRD]
- 01/01/2014
SYSC 4.3A.6
See Notes
- (1) A CRR firm that is significant must ensure that the members of the management body of the firm do not hold more than one of the following combinations of directorship in any organisation at the same time:
- (a) one executive directorship with two non-executive directorships; and
- (b) four non-executive directorships.
- (2) Paragraph (1) does not apply to members of the management body that represent the United Kingdom.
[Note: article 91(3) of the CRD]
- 01/07/2014
SYSC 4.3A.6A
See Notes
In SYSC 4.3A.6 R a 'CRR firm that is significant' means a deposit-taker or designated investment firm whose size, interconnectedness, complexity and business type gives it the capacity to cause some disruption to the UK financial system (and through that to economic activity more widely) by failing or by carrying on its business in an unsafe manner.
- 01/07/2014
SYSC 4.3A.6B
See Notes
The limits on directorships set out in SYSC 4.3A.6 R also apply to members of the management body of the UK consolidation group or non-EEA sub group in accordance with SYSC 12.1.13 R. Individuals in any of the entities belonging to the UK consolidation group or non-EEA sub group are capable of forming part of this management body. For example, members of the management body of a non-CRR firm that is a parent financial holding company in a Member State and is a member of a UK consolidation group could be caught by the limits in SYSC 4.3A.6 R (SYSC 12.1.14 R). In particular, a person who requires approval under SUP 10B.6.2 R or SUP 10B.6.4 R because of the influence they exercise over the CRR firm is a member of the management body of the UK consolidation group or non-EEA sub group and therefore subject to the limit on directorships in SYSC 4.3A.6 R.
[Note: article 91(3) and article 109(2) of the CRD]
- 27/10/2014
SYSC 4.3A.7
See Notes
For the purposes of SYSC 4.3A.5 R and SYSC 4.3A.6 R:
- (1) directorships in organisations which do not pursue predominantly commercial objectives shall not count; and
- (2) the following shall count as a single directorship:
- (a) executive or non-executive directorships held within the same group; or
- (b) executive or non-executive directorships held within:
- (i) firms that are members of the same institutional protection scheme provided that the conditions set out in Article 113(7) of the CRR are fulfilled; or
- (ii) undertakings (including non-financial entities) in which the firm holds a qualifying holding.
[Note: article 91(4) and (5) of the CRD]
- 01/01/2014
Nomination Committee
SYSC 4.3A.8
See Notes
A CRR firm that is significant must:
- (1) establish a nomination committee composed of members of the management body who do not perform any executive function in the firm;
- (2) ensure that the nomination committee is able to use any forms of resources the nomination committee deems appropriate, including external advice; and
- (3) ensure that the nomination committee receives appropriate funding.
[Note: article 88(2) of the CRD]
- 01/01/2014
SYSC 4.3A.8A
See Notes
In SYSC 4.3A.8 R a 'CRR firm that is significant' means a deposit-taker or designated investment firm whose size, interconnectedness, complexity and business type gives it the capacity to cause some disruption to the UK financial system (and through that to economic activity more widely) by failing or by carrying on its business in an unsafe manner.
- 01/01/2014
SYSC 4.3A.9
See Notes
A CRR firm that has a nomination committee must ensure that the nomination committee:
- (1) engage a broad set of qualities and competences when recruiting members to the management body and for that purpose puts in place a policy promoting diversity on the management body;
- (2) identifies and recommends for approval, by the management body or by general meeting, candidates to fill management body vacancies, having evaluated the balance of knowledge, skills, diversity and experience of the management body;
- (3) prepares a description of the roles and capabilities for a particular appointment, and assesses the time commitment required;
- (4) decides on a target for the representation of the underrepresented gender in the management body and prepares a policy on how to increase the number of the underrepresented gender in the management body in order to meet that target;
- (5) periodically, and at least annually, assesses the structure, size, composition and performance of the management body and makes recommendations to the management body with regard to any changes;
- (6) periodically, and at least annually, assesses the knowledge, skills and experience of individual members of the management body and of the management body collectively, and reports this to the management body;
- (7) periodically reviews the policy of the management body for selection and appointment of senior management and makes recommendations to the management body; and
- (8) in performing its duties, and to the extent possible, on an ongoing basis, takes account of the need to ensure that the management body's decision making is not dominated by any one individual or small group of individuals in a manner that is detrimental to the interest of the firm as a whole;
[Note: article 88(2) and article 91(10) of the CRD]
- 01/01/2014
SYSC 4.3A.10
See Notes
A CRR firm that does not have a nomination committee must engage a broad set of qualities and competences when recruiting members to the management body. For that purpose a CRR firm that does not have a nomination committee must put in place a policy promoting diversity on the management body.
[Note: article 91(10) of the CRD]
- 01/01/2014
Website
SYSC 4.3A.11
See Notes
A CRR firm that maintains a website must explain on the website how it complies with the requirements of SYSC 4.3A.1 R to SYSC 4.3A.3 R and SYSC 4.3A.4 R to SYSC 4.3A.11 R.
[Note: article 96 of the CRD]
- 01/01/2014
SYSC 4.4
Apportionment of responsibilities
- 01/04/2009
Application
SYSC 4.4.1
See Notes
This section applies to:
- (1) an authorised professional firm in respect of its non-mainstream regulated activities unless the firm is also conducting other regulated activities and has appointed approved persons to perform the governing functions with equivalent responsibilities for the firm's non-mainstream regulated activities and other regulated activities;
- (2) activities carried on by a firm whose principal purpose is to carry on activities other than regulated activities and which is:
- (a) an oil market participant; or
- (b) a service company; or
- (c) an energy market participant; or
- (d) a wholly-owned subsidiary of:
- (i) a local authority; or
- (ii) a registered social landlord; or
- (e) a firm with permission to carry on insurance mediation activity in relation to non-investment insurance contracts but no other regulated activity;
- (3) [deleted]
- (4) [deleted]
- (5) [deleted]
- (a) [deleted]
- (b) [deleted]
- (6) [deleted]
- (7) an incoming Treaty firm, an incoming EEA firm or a UCITS qualifier (but only SYSC 4.4.5R (2) applies for these firms); and
- (8) a sole trader, but only if he employs any person who is required to be approved under section 59 of the Act (Approval for particular arrangements).
- 01/04/2014
SYSC 4.4.2
See Notes
This section does not apply to a common platform firm.
- 01/04/2013
Maintaining a clear and appropriate apportionment
SYSC 4.4.3
See Notes
A firm must take reasonable care to maintain a clear and appropriate apportionment of significant responsibilities among its directors and senior managers in such a way that:
- (1) it is clear who has which of those responsibilities; and
- (2) the business and affairs of the firm can be adequately monitored and controlled by the directors, relevant senior managers and governing body of the firm.
- 01/04/2013
Allocating functions of apportionment and oversight
SYSC 4.4.5
See Notes
A firm must appropriately allocate to one or more individuals, in accordance with the following table, the functions of:
- (1) dealing with the apportionment of responsibilities under SYSC 4.4.3 R; and
- (2) overseeing the establishment and maintenance of systems and controls under SYSC 4.1.1 R.
1: Firm type | 2: Allocation of both functions must be to the following individual, if any (see Note): | 3: Allocation to one or more individuals selected from this column is compulsory if there is no allocation to an individual in column 2, but is otherwise optional and additional: |
(1) A firm which is a body corporate and is a member of a group, other than a firm in row (2) | (1) the firm's chief executive (and all of them jointly, if more than one); or | the firm's and its group's: (1) directors; and (2) senior managers |
(2) a director or senior manager responsible for the overall management of: (a) the group; or (b) a group division within which some or all of the firm's regulated activities fall |
||
(2) An incoming EEA firm or incoming Treaty firm (note: only the functions in SYSC 4.4.5R (2) must be allocated) | (not applicable) | the firm's and its group's: (1) directors; and (2) senior managers |
(3) Any other firm | the firm's chief executive (and all of them jointly, if more than one) | the firm's and its group's: (1) directors; and (2) senior managers |
Note: Column 2 does not require the involvement of the chief executive or other executive director or senior manager in an aspect of corporate governance if that would be contrary to generally accepted principles of good corporate governance. |
- 01/04/2013
SYSC 4.4.6
See Notes
Frequently asked questions about allocation of functions in SYSC 4.4.5 R
Question | Answer | |
1 | Does an individual to whom a function is allocated under SYSC 4.4.5 R need to be an approved person? | An individual to whom a function is allocated under SYSC 4.4.5 R will be performing the apportionment and oversight function (CF 8, see SUP 10A.7.1 R) and an application must be made under section 59 of the Act for approval of the individual before the function is performed. There are exceptions from this in SUP 10A.1 (Approved persons - Application). |
2 | If the allocation is to more than one individual, can they perform the functions, or aspects of the functions, separately? | If the functions are allocated to joint chief executives under SYSC 4.4.5 R, column 2, they are expected to act jointly. If the functions are allocated to an individual under SYSC 4.4.5 R, column 2, in addition to individuals under SYSC 4.4.5 R, column 3, the former may normally be expected to perform a leading role in relation to the functions that reflects his position. Otherwise, yes. |
3 | What is meant by "appropriately allocate" in this context? | The allocation of functions should be compatible with delivering compliance with Principle 3, SYSC 4.4.3 R and SYSC 4.1.1 R. The appropriate regulator considers that allocation to one or two individuals is likely to be appropriate for most firms. |
4 | If a committee of management governs a firm or group, can the functions be allocated to every member of that committee? | Yes, as long as the allocation remains appropriate (see Question 3). If the firm also has an individual as chief executive, then the functions must be allocated to that individual as well under SYSC 4.4.5 R, column 2 (see Question 7). |
5 | Does the definition of chief executive include the possessor of equivalent responsibilities with another title, such as a managing director or managing partner? | Yes. |
6 | Is it possible for a firm to have more than one individual as its chief executive? | Although unusual, some firms may wish the responsibility of a chief executive to be held jointly by more than one individual. In that case, each of them will be a chief executive and the functions must be allocated to all of them under SYSC 4.4.5 R, column 2 (see also Questions 2 and 7). |
7 | If a firm has an individual as chief executive, must the functions be allocated to that individual? | Normally, yes, under SYSC 4.4.5 R, column 2. But if the firm is a body corporate and a member of a group, the functions may, instead of being allocated to the firm's chief executive, be allocated to a director or senior manager from the group responsible for the overall management of the group or of a relevant group division, so long as this is appropriate (see Question 3). Such individuals may nevertheless require approval under section 59 (see Question 1). If the firm chooses to allocate the functions to a director or senior manager responsible for the overall management of a relevant group division, the FSA would expect that individual to be of a seniority equivalent to or greater than a chief executive of the firm for the allocation to be appropriate. See also Question 14. |
8 | If a firm has a chief executive, can the functions be allocated to other individuals in addition to the chief executive? | Yes. SYSC 4.4.5 R, column 3, permits a firm to allocate the functions, additionally, to the firm's (or where applicable the group's) directors and senior managers as long as this is appropriate (see Question 3). |
9 | What if a firm does not have a chief executive? | Normally, the functions must be allocated to one or more individuals selected from the firm's (or where applicable the group's) directors and senior managers under SYSC 4.4.5 R, column 3. But if the firm: (1) is a body corporate and a member of a group; and (2) the group has a director or senior manager responsible for the overall management of the group or of a relevant group division; then the functions must be allocated to that individual (together, optionally, with individuals from column 3 if appropriate) under SYSC 4.4.5 R, column 2. |
10 | What do you mean by "group division within which some or all of the firm's regulated activities fall"? | A "division" in this context should be interpreted by reference to geographical operations, product lines or any other method by which the group's business is divided. If the firm's regulated activities fall within more than one division and the firm does not wish to allocate the functions to its chief executive, the allocation must, under SYSC 4.4.5 R, be to: (1) a director or senior manager responsible for the overall management of the group; or (2) a director or senior manager responsible for the overall management of one of those divisions; together, optionally, with individuals from column 3 if appropriate. (See also Questions 7 and 9.) |
11 | How does the requirement to allocate the functions in SYSC 4.4.5 R apply to an overseas firm which is not an incoming EEA firm, incoming Treaty firm or UCITS qualifier? | The firm must appropriately allocate those functions to one or more individuals, in accordance with SYSC 4.4.5 R, but: (1) The responsibilities that must be apportioned and the systems and controls that must be overseen are those relating to activities carried on from a UK establishment with certain exceptions (see SYSC 1 Annex 1.1.8R). Note that SYSC 1 Annex 1.1.10R does not extend the territorial scope of SYSC 4.4 for an overseas firm. (2) The chief executive of an overseas firm is the person responsible for the conduct of the firm's business within the United Kingdom (see the definition of "chief executive"). This might, for example, be the manager of the firm's UK establishment, or it might be the chief executive of the firm as a whole, if he has that responsibility. The apportionment and oversight function applies to such a firm, unless it falls within a particular exception from the approved persons regime (see Question 1). |
12 | How does the requirement to allocate the functions in SYSC 4.4.5 R apply to an incoming EEA firm or incoming Treaty firm? | SYSC 1 Annex 1.1.1R(2) and SYSC 1 Annex 1.1.8R restrict the application of SYSC 4.4.5 R for such a firm. Accordingly: (1) Such a firm is not required to allocate the function of dealing with apportionment in SYSC 4.4.5R (1). (2) Such a firm is required to allocate the function of oversight in SYSC 4.4.5R (2). However, the systems and controls that must be overseen are those relating to matters which the appropriate regulator , as Host State regulator, is entitled to regulate (there is guidance on this in SUP 13A Annex 2). Those are primarily, but not exclusively, the systems and controls relating to the conduct of the firm's activities carried on from its UK branch. (3) Such a firm need not allocate the function of oversight to its chief executive; it must allocate it to one or more directors and senior managers of the firm or the firm'sgroup under SYSC 4.4.5 R, row (2). (4) An incoming EEA firm which has provision only for cross border services is not required to allocate either function if it does not carry on regulated activities in the United Kingdom; for example if they fall within the overseas persons exclusions in article 72 of the Regulated Activities Order. See also Questions 1 and 15. |
13 | What about a firm that is a partnership or a limited liability partnership? | The appropriate regulator envisages that most if not all partners or members will be either directors or senior managers, but this will depend on the constitution of the partnership (particularly in the case of a limited partnership) or limited liability partnership. A partnership or limited liability partnership may also have a chief executive (see Question 5). A limited liability partnership is a body corporate and, if a member of a group, will fall within SYSC 4.4.5 R, row (1) or (2). |
14 | What if generally accepted principles of good corporate governance recommend that the chief executive should not be involved in an aspect of corporate governance? | The Note to SYSC 4.4.5 R provides that the chief executive or other executive director or senior manager need not be involved in such circumstances. For example, the UK Corporate Governance Code recommends that the board of a listed company should establish an audit committee of non-executive directors to be responsible for oversight of the audit. That aspect of the oversight function may therefore be allocated to the members of such a committee without involving the chief executive. Such individuals may require approval under section 59 in relation to that function (see Question 1). |
15 | What about incoming electronic commerce activities carried on from an establishment in another EEA State with or for a person in the United Kingdom? | SYSC does not apply to an incoming ECA provider acting as such. |
- 01/04/2013
SYSC 5
Employees, agents and other relevant persons
SYSC 5.1
Skills, knowledge and expertise
- 01/01/2007
[Note: ESMA has also issued guidelines under article 16(3) of the ESMA Regulation covering certain aspects of the MiFID compliance function requirements. See http://www.esma.europa.eu/content/Guidelines-certain-aspects-MiFID-compliance-function-requirements.]
SYSC 5.1.1
See Notes
A firm must employ personnel with the skills, knowledge and expertise necessary for the discharge of the responsibilities allocated to them.
[Note: article 5(1)(d) of the MiFID implementing Directive, articles 12(1)(a) and 14(1)(c) of the UCITS Directive and article 5(1) of the UCITS implementing Directive]
- 01/04/2013
SYSC 5.1.2
See Notes
- 01/04/2013
SYSC 5.1.3
See Notes
- 01/04/2013
SYSC 5.1.4A
See Notes
- 01/04/2013
SYSC 5.1.5
See Notes
- 01/04/2013
SYSC 5.1.5A
See Notes
- 01/04/2013
Segregation of functions
SYSC 5.1.6
See Notes
A common platform firm and a management company must ensure that the performance of multiple functions by its relevant persons does not and is not likely to prevent those persons from discharging any particular functions soundly, honestly and professionally.
[Note: article 5(1)(g) of the MiFID implementing Directive and article 5(3) of the UCITS implementing Directive]
- 01/04/2013
SYSC 5.1.7
See Notes
The senior personnel of a common platform firm must define arrangements concerning the segregation of duties within the firm and the prevention of conflicts of interest.
[Note: article 88 of the CRD and annex V paragraph 1 of the Banking Consolidation Directive]
- 01/01/2014
SYSC 5.1.7A
See Notes
- 01/04/2013
SYSC 5.1.8
See Notes
- 01/04/2013
SYSC 5.1.9
See Notes
- 01/04/2013
SYSC 5.1.10
See Notes
- 01/04/2013
SYSC 5.1.11
See Notes
Where a common platform firm outsources its internal audit function, it should take reasonable steps to ensure that every individual involved in the performance of this service is independent from the individuals who perform its external audit. This should not prevent services from being undertaken by a firm's external auditors provided that:
- (1) the work is carried out under the supervision and management of the firm's own internal staff; and
- (2) potential conflicts of interest between the provision of external audit services and the provision of internal audit are properly managed.
- 01/04/2013
Awareness of procedures
SYSC 5.1.12
See Notes
A common platform firm and a management company must ensure that its relevant persons are aware of the procedures which must be followed for the proper discharge of their responsibilities.
[Note: article 5(1)(b) of the MiFID implementing Directive and article 4(1)(b) of the UCITS implementing Directive]
- 01/04/2013
SYSC 5.1.12A
See Notes
- 01/04/2013
General
SYSC 5.1.13
See Notes
The systems, internal control mechanisms and arrangements established by a firm in accordance with this chapter must take into account the nature, scale and complexity of its business and the nature and range of financial services and activities undertaken in the course of that business.
[Note: article 5(1) final paragraph of the MiFID implementing Directive and articles 4(1) final paragraph and 5(4) of the UCITS implementing Directive]
- 01/04/2013
SYSC 5.1.14
See Notes
A common platform firm and a management company must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with this chapter, and take appropriate measures to address any deficiencies.
[Note: article 5(5) of the MiFID implementing Directive and articles 4(5) of the UCITS implementing Directive]
- 01/04/2013
SYSC 5.1.15
See Notes
- 01/04/2013
SYSC 6
Compliance, internal audit and financial crime
SYSC 6.1
Compliance
- 01/01/2007
[Note: ESMA has also issued guidelines under article 16(3) of the ESMA Regulation covering certain aspects of the MiFID compliance function requirements. See http://www.esma.europa.eu/content/Guidelines-certain-aspects-MiFID-compliance-function-requirements.]
SYSC 6.1.1
See Notes
A firm must establish, implement and maintain adequate policies and procedures sufficient to ensure compliance of the firm including its managers, employees and appointed representatives(or where applicable, tied agents) with its obligations under the regulatory system and for countering the risk that the firm might be used to further financial crime.
[Note: article 13(2) of MiFID and article 12(1)(a) of the UCITS Directive]
- 01/04/2013
SYSC 6.1.2
See Notes
A common platform firm and a management company must, taking intoaccount the nature, scale and complexity of its business, and the nature and range of financial services and activities undertaken in the course of that business, establish, implement and maintain adequate policies and procedures designed to detect any risk of failure by the firm to comply with its obligations under the regulatory system, as well as associated risks, and put in place adequate measures and procedures designed to minimise such risks and to enable the appropriate regulator to exercise its powers effectively under the regulatory system and to enable any other competent authority to exercise its powers effectively under MiFID or the UCITS Directive.
[Note: article 6(1) of the MiFID implementing Directive and article 10(1) of the UCITS implementing Directive]
- 01/04/2013
SYSC 6.1.2A
See Notes
- 01/04/2013
SYSC 6.1.3
See Notes
A common platform firm and a management company must maintain a permanent and effective compliance function which operates independently and which has the following responsibilities:
- (1) to monitor and, on a regular basis, to assess the adequacy and effectiveness of the measures and procedures put in place in accordance with SYSC 6.1.2 R, and the actions taken to address any deficiencies in the firm's compliance with its obligations; and
- (2) to advise and assist the relevant persons responsible for carrying out regulated activities to comply with the firm's obligations under the regulatory system.
[Note: article 6(2) of the MiFID implementing Directive and article 10(2) of the UCITS implementing Directive]
- 01/04/2013
SYSC 6.1.3A
See Notes
- (1) Other firms should take account of the compliance function rule (SYSC 6.1.3 R) as if it were guidance (and as if should appeared in that rule instead of must) as explained in SYSC 1 Annex 1.3.3 G.
- (2) Notwithstanding SYSC 6.1.3 R, as it applies under (1), depending on the nature, scale and complexity of its business, it may be appropriate for a firm to have a separate compliance function. Where a firm has a separate compliance function the firm should also take into account SYSC 6.1.3 R and SYSC 6.1.4 R as guidance.
- 01/04/2013
SYSC 6.1.4
See Notes
In order to enable the compliance function to discharge its responsibilities properly and independently, a common platform firm and a management company must ensure that the following conditions are satisfied:
- (1) the compliance function must have the necessary authority, resources, expertise and access to all relevant information;
- (2) a compliance officer must be appointed and must be responsible for the compliance function and for any reporting as to compliance required by SYSC 4.3.2 R;
- (3) the relevant persons involved in the compliance functions must not be involved in the performance of services or activities they monitor;
- (4) the method of determining the remuneration of the relevant persons involved in the compliance function must not compromise their objectivity and must not be likely to do so.
[Note: article 6(3) first paragraph of the MiFID implementing Directive and article 10(3) of the UCITS implementing Directive]
- 01/04/2013
SYSC 6.1.4-A
See Notes
In setting the method of determining the remuneration of relevant persons involved in the compliance function:
- (1) firms that SYSC 19A applies to will also need to comply with the Remuneration Code; and
- (2) BIPRU firms will also need to comply with the BIPRU Remuneration Code.
- 01/01/2014
SYSC 6.1.5
See Notes
A common platform firm and a management company need not comply with SYSC 6.1.4 R (3) or SYSC 6.1.4 R (4) if it is able to demonstrate that in view of the nature, scale and complexity of its business, and the nature and range of financial services and activities, the requirements under those rules are not proportionate and that its compliance function continues to be effective.
[Note: article 6(3) second paragraph of the MiFID implementing Directive and article 10(3) second paragraph of the UCITS implementing Directive]
- 01/04/2013
SYSC 6.1.6
See Notes
- 01/04/2013
SYSC 6.1.7
See Notes
- (1) This rule applies to a common platform firm conducting investment services and activities from a branch in another EEA State.
- (2) References to the regulatory system in SYSC 6.1.1R, SYSC 6.1.2 R and SYSC 6.1.3 R apply in respect of a firm's branch as if regulatory system includes a Host State's requirements under MiFID and the MiFID implementing Directive which are applicable to the investment services and activities conducted from the firm's branch.
[Note: article 13(2) of MiFID]
- 01/04/2013
SYSC 6.2
Internal audit
- 01/01/2007
SYSC 6.2.1
See Notes
A common platform firm and a management company must, where appropriate and proportionate in view of the nature, scale and complexity of its business and the nature and range of its financial services and activities, undertaken in the course of that business, establish and maintain an internal audit function which is separate and independent from the other functions and activities of the firm and which has the following responsibilities:
- (1) to establish, implement and maintain an audit plan to examine and evaluate the adequacy and effectiveness of the firm's systems, internal control mechanisms and arrangements;
- (2) to issue recommendations based on the result of work carried out in accordance with (1);
- (3) to verify compliance with those recommendations;
- (4) to report in relation to internal audit matters in accordance with SYSC 4.3.2 R.
[Note: article 8 of the MiFID implementing Directive and article 11 of the UCITS implementing Directive]
- 01/04/2013
SYSC 6.2.1A
See Notes
- 01/04/2013
SYSC 6.2.2
See Notes
- 01/04/2013
SYSC 7
Risk control
SYSC 7.1
Risk control
- 01/01/2007
[Note: ESMA has also issued guidelines under article 16(3) of the ESMA Regulation covering certain aspects of the MiFID compliance function requirements. See http://www.esma.europa.eu/content/Guidelines-certain-aspects-MiFID-compliance-function-requirements.]
SYSC 7.1.1
See Notes
- 01/04/2013
SYSC 7.1.2
See Notes
A common platform firm must establish, implement and maintain adequate risk management policies and procedures, including effective procedures for risk assessment, which identify the risks relating to the firm's activities, processes and systems, and where appropriate, set the level of risk tolerated by the firm.
[Note: article 7(1)(a) of the MiFID implementing Directive, article 13(5) second paragraph of MiFID]
- 01/04/2013
SYSC 7.1.2A
See Notes
- 01/04/2013
SYSC 7.1.3
See Notes
A common platform firm must adopt effective arrangements, processes and mechanisms to manage the risk relating to the firm's activities, processes and systems, in light of that level of risk tolerance.
[Note: article 7(1)(b) of the MiFID implementing Directive]
- 01/04/2013
SYSC 7.1.4
See Notes
The management body of a common platform firm must approve and periodically review the strategies and policies for taking up, managing, monitoring and mitigating the risks the firm is or might be exposed to, including those posed by the macroeconomic environment in which it operates in relation to the status of the business cycle.
[Note: article 76(1) of CRD]
- 01/01/2014
SYSC 7.1.4A
See Notes
- 01/04/2013
SYSC 7.1.4B
See Notes
- 01/04/2013
SYSC 7.1.5
See Notes
A common platform firm must monitor the following:
- (1) the adequacy and effectiveness of the firm's risk management policies and procedures;
- (2) the level of compliance by the firm and its relevant persons with the arrangements, processes and mechanisms adopted in accordance with SYSC 7.1.3 R;
- (3) the adequacy and effectiveness of measures taken to address any deficiencies in those policies, procedures, arrangements, processes and mechanisms, including failures by the relevant persons to comply with such arrangements or processes and mechanisms or follow such policies and procedures.
[Note: article 7(1)(c) of the MiFID implementing Directive]
- 01/04/2013
SYSC 7.1.6
See Notes
A common platform firm must, where appropriate and proportionate in view of the nature, scale and complexity of its business and the nature and range of the investment services and activities undertaken in the course of that business, establish and maintain a risk management function that operates independently and carries out the following tasks:
- (1) implementation of the policies and procedures referred to in SYSC 7.1.2 R to SYSC 7.1.5 R; and
- (2) provision of reports and advice to senior personnel in accordance with SYSC 4.3.2 R.
[Note: MiFID implementing Directive Article 7(2) first paragraph]
- 01/04/2013
SYSC 7.1.7
See Notes
Where a common platform firm is not required under SYSC 7.1.6 R to maintain a risk management function that functions independently, it must nevertheless be able to demonstrate that the policies and procedures which it has adopted in accordance with SYSC 7.1.2 R to SYSC 7.1.5 R satisfy the requirements of those rules and are consistently effective.
[Note: article 7(2) second paragraph of the MiFID implementing Directive]
- 01/04/2013
SYSC 7.1.7A
See Notes
- 01/04/2013
SYSC 7.1.7B
See Notes
- 01/01/2014
SYSC 7.1.7C
See Notes
- 01/04/2013
SYSC 7.1.8
See Notes
- (1) [deleted]
- (2) The term 'risk management function' in SYSC 7.1.6 R and SYSC 7.1.7 R refers to the generally understood concept of risk assessment within a firm , that is, the function of setting and controlling risk exposure. The risk management function is not a controlled function itself, but is part of the systems and controls function (CF28).
- 01/01/2014
Additional rules for CRR firms
SYSC 7.1.17
See Notes
- (1) The management body of a CRR firm has overall responsibility for risk management. It must devote sufficient time to the consideration of risk issues.
- (2) The management body of a CRR firm must be actively involved in and ensure that adequate resources are allocated to the management of all material risks addressed in the rules implementing the CRD and in the EU CRR as well as in the valuation of assets, the use of external ratings and internal models related to those risks.
- (3) A CRR firm must establish reporting lines to the management body that cover all material risks and risk management policies and changes thereof.
[Note: article 76(2) of CRD]
- 01/01/2014
SYSC 7.1.18
See Notes
- (1) A CRR firm that is significant must establish a risk committee composed of members of the management body who do not perform any executive function in the firm. Members of the risk committee must have appropriate knowledge, skills and expertise to fully understand and monitor the risk strategy and the risk appetite of the firm.
- (2) The risk committee must advise the management body on the institution's overall current and future risk appetite and assist the management body in overseeing the implementation of that strategy by senior management.
- (3) The risk committee must review whether prices of liabilities and assets offered to clients take fully into account the firm's business model and risk strategy. Where prices do not properly reflect risks in accordance with the business model and risk strategy, the risk committee must present a remedy plan to the management body.
[Note: article 76(3) of CRD]
- 01/01/2014
SYSC 7.1.18A
See Notes
- 01/01/2014
SYSC 7.1.19
See Notes
- (1) A CRR firm must ensure that the management body in its supervisory function and, where a risk committee has been established, the risk committee have adequate access to information on the risk profile of the firm and, if necessary and appropriate, to the risk management function and to external expert advice.
- (2) The management body in its supervisory function and, where one has been established, the risk committee must determine the nature, the amount, the format, and the frequency of the information on risk which it is to receive.
[Note: article 76(4) of CRD]
- 01/01/2014
SYSC 7.1.20
See Notes
In order to assist in the establishment of sound remuneration policies and practices, the risk committee must, without prejudice to the tasks of the remuneration committee, examine whether incentives provided by the remuneration system take into consideration risk, capital, liquidity and the likelihood and timing of earnings.
[Note: article 76(4) of CRD]
- 01/01/2014
SYSC 7.1.21
See Notes
- (1) A CRR firm's risk management function (SYSC 7.1.6 R) must be independent from the operational functions and have sufficient authority, stature, resources and access to the management body.
- (2) The risk management function must ensure that all material risks are identified, measured and properly reported. It must be actively involved in elaborating the firm's risk strategy and in all material risk management decisions and it must be able to deliver a complete view of the whole range of risks of the firm.
- (3) A CRR firm must ensure that the risk management function is able to report directly to the management body in its supervisory function, independent from senior management and that it can raise concerns and warn the management body, where appropriate, where specific risk developments affect or may affect the firm, without prejudice to the responsibilities of the management body in its supervisory and/or managerial functions pursuant to the CRD and the CRR.
[Note: article 76(5) of CRD]
- 01/01/2014
SYSC 7.1.22
See Notes
The head of the risk management function must be an independent senior manager with distinct responsibility for the risk management function. Where the nature, scale and complexity of the activities of the CRR firm do not justify a specially appointed person, another senior person within the firm may fulfil that function, provided there is no conflict of interest. The head of the risk management function must not be removed without prior approval of the management body and must be able to have direct access to the management body where necessary.
[Note: article 76(5) of CRD]
- 01/01/2014
SYSC 8
Outsourcing
SYSC 8.1
General outsourcing requirements
- 01/11/2007
[Note: ESMA has also issued guidelines under article 16(3) of the ESMA Regulation covering certain aspects of the MiFID compliance function requirements. See http://www.esma.europa.eu/content/Guidelines-certain-aspects-MiFID-compliance-function-requirements.]
SYSC 8.1.1
See Notes
A common platform firm must:
- (1) when relying on a third party for the performance of operational functions which are critical for the performance of regulated activities, listed activities or ancillary services (in this chapter "relevant services and activities") on a continuous and satisfactory basis, ensure that it takes reasonable steps to avoid undue additional operational risk;
- (2) not undertake the outsourcing of important operational functions in such a way as to impair materially:
- (a) the quality of its internal control; and
- (b) the ability of the appropriate regulator to monitor the firm's compliance with all obligations under the regulatory system and, if different, of a competent authority to monitor the firm's compliance with all obligations under MiFID.
[Note: article 13(5) first paragraph of MiFID]
- 01/04/2013
SYSC 8.1.1A
See Notes
- 01/04/2013
SYSC 8.1.2
See Notes
- 01/04/2013
SYSC 8.1.3
See Notes
- 01/04/2013
SYSC 8.1.4
See Notes
For the purposes of this chapter an operational function is regarded as critical or important if a defect or failure in its performance would materially impair the continuing compliance of a common platform firm with the conditions and obligations of its authorisation or its other obligations under the regulatory system, or its financial performance, or the soundness or the continuity of its relevant services and activities.
[Note: article 13(1) of the MiFID implementing Directive]
- 01/04/2013
SYSC 8.1.5
See Notes
Without prejudice to the status of any other function, the following functions will not be considered as critical or important for the purposes of this chapter:
- (1) the provision to the firm of advisory services, and other services which do not form part of the relevant services and activities of the firm, including the provision of legal advice to the firm, the training of personnel of the firm, billing services and the security of the firm's premises and personnel;
- (2) the purchase of standardised services, including market information services and the provision of price feeds;
[Note: article 13(2) of the MiFID implementing Directive]
- (3) the recording and retention of relevant telephone conversations or electronic communications subject to COBS 11.8.
- 01/04/2013
SYSC 8.1.5A
See Notes
- 01/04/2013
SYSC 8.1.6
See Notes
If a firm outsources critical or important operational functions or any relevant services and activities, it remains fully responsible for discharging all of its obligations under the regulatory system and must comply, in particular, with the following conditions:
- (1) the outsourcing must not result in the delegation by senior personnel of their responsibility;
- (2) the relationship and obligations of the firm towards its clients under the regulatory system must not be altered;
- (3) the conditions with which the firm must comply in order to be authorised, and to remain so, must not be undermined;
- (4) none of the other conditions subject to which the firm's authorisation was granted must be removed or modified.
[Note: article 14(1) of the MiFID implementing Directive]
- 01/04/2013
SYSC 8.1.7
See Notes
A common platform firm must exercise due skill and care and diligence when entering into, managing or terminating any arrangement for the outsourcing to a service provider of critical or important operational functions or of any relevant services and activities.
[Note: article 14(2) first paragraph of the MiFID implementing Directive]
- 01/04/2013
SYSC 8.1.8
See Notes
A common platform firm must in particular take the necessary steps to ensure that the following conditions are satisfied:
- (1) the service provider must have the ability, capacity, and any authorisation required by law to perform the outsourced functions, services or activities reliably and professionally;
- (2) the service provider must carry out the outsourced services effectively, and to this end the firm must establish methods for assessing the standard of performance of the service provider;
- (3) the service provider must properly supervise the carrying out of the outsourced functions, and adequately manage the risks associated with the outsourcing;
- (4) appropriate action must be taken if it appears that the service provider may not be carrying out the functions effectively and in compliance with applicable laws and regulatory requirements;
- (5) the firm must retain the necessary expertise to supervise the outsourced functions effectively and to manage the risks associated with the outsourcing,and must supervise those functions and manage those risks;
- (6) the service provider must disclose to the firm any development that may have a material impact on its ability to carry out the outsourced functions effectively and in compliance with applicable laws and regulatory requirements;
- (7) the firm must be able to terminate the arrangement for the outsourcing where necessary without detriment to the continuity and quality of its provision of services to clients;
- (8) the service provider must co-operate with the appropriate regulator and any other relevant competent authority in connection with the outsourced activities;
- (9) the firm, its auditors, the appropriate regulator and any other relevant competent authority must have effective access to data related to the outsourced activities, as well as to the business premises of the service provider; and the appropriate regulator and any other relevant competent authority must be able to exercise those rights of access;
- (10) the service provider must protect any confidential information relating to the firm and its clients;
- (11) the firm and the service provider must establish, implement and maintain a contingency plan for disaster recovery and periodic testing of backup facilities where that is necessary having regard to the function, service or activity that has been outsourced.
[Note: article 14(2) second paragraph of the MiFID implementing Directive]
- 01/04/2013
SYSC 8.1.9
See Notes
A common platform firm must ensure that the respective rights and obligations of the firm and of the service provider are clearly allocated and set out in a written agreement.
[Note: article 14(3) of the MiFID implementing Directive]
- 01/04/2013
SYSC 8.1.10
See Notes
If a common platform firm and the service provider are members of the same group, the firm may, for the purpose of complying with SYSC 8.1.7 R to SYSC 8.1.11 R and SYSC 8.2 and SYSC 8.3, take into account the extent to which the common platform firm controls the service provider or has the ability to influence its actions.
[Note: article 14(4) of the MiFID implementing Directive]
- 01/04/2013
SYSC 8.1.11
See Notes
A common platform firm must make available on request to the appropriate regulator and any other relevant competent authority all information necessary to enable the appropriate regulator and any other relevant competent authority to supervise the compliance of the performance of the outsourced activities with the requirements of the regulatory system.
[Note: article 14(5) of the MiFID implementing Directive]
- 01/04/2013
SYSC 8.1.11A
See Notes
- 01/04/2013
SYSC 8.1.12
See Notes
As SUP 15.3.8 G explains, a firm should notify the appropriate regulator when it intends to rely on a third party for the performance of operational functions which are critical or important for the performance of relevant services and activities on a continuous and satisfactory basis.
[Note: recital 20 of the MiFID implementing Directive]
- 01/04/2013
SYSC 9
Record-keeping
SYSC 9.1
General rules on record-keeping
- 01/11/2007
SYSC 9.1.1
See Notes
A firm must arrange for orderly records to be kept of its business and internal organisation, including all services and transactions undertaken by it, which must be sufficient to enable the appropriate regulator or any other relevant competent authority under MiFID or the UCITS Directive to monitor the firm's compliance with the requirements under the regulatory system, and in particular to ascertain that the firm has complied with all obligations with respect to clients.
[Note: article 13(6) of MiFID, article 5(1)(f) of the MiFID implementing Directive, article 12(1)(a) of the UCITS Directive and article 4(1)(e) of the UCITS implementing Directive]
- 01/04/2013
SYSC 9.1.2
See Notes
A common platform firm must retain all records kept by it under this chapter in relation to its MiFID business for a period of at least five years.
[Note: article 51 (1) of the MiFID implementing Directive]
- 01/04/2013
SYSC 9.1.3
See Notes
In relation to its MiFID business, a common platform firm must retain records in a medium that allows the storage of information in a way accessible for future reference by the appropriate regulator or any other relevant competent authority under MiFID, and so that the following conditions are met:
- (1) the appropriate regulator or any other relevant competent authority under MiFID must be able to access them readily and to reconstitute each key stage of the processing of each transaction;
- (2) it must be possible for any corrections or other amendments, and the contents of the records prior to such corrections and amendments, to be easily ascertained;
- (3) it must not be possible for the records otherwise to be manipulated or altered.
[Note: article 51(2) of the MiFID implementing Directive]
- 01/04/2013
Guidance on record-keeping
SYSC 9.1.4
See Notes
- 01/04/2013
SYSC 9.1.5
See Notes
- 01/04/2013
SYSC 9.1.6
See Notes
Schedule 1 to each module of the Handbook sets out a list summarising the record-keeping requirements of that module.
[Note: article 51(3) of MiFID implementing Directive]
- 01/04/2013
SYSC 9.1.7
See Notes
- 01/04/2013
SYSC 10
Conflicts of interest
SYSC 10.1
Application
- 01/01/2007
SYSC 10.1.1
See Notes
- (1) This section applies to a firm which provides services to its clients in the course of carrying on regulated activities or ancillary activities or providing ancillary services (but only where the ancillary services constitute MiFID business).
- (2) This section also applies to a management company.
- 01/04/2013
Requirements only apply if a service is provided
SYSC 10.1.2
See Notes
The requirements in this section only apply where a service is provided by a firm . The status of the client to whom the service is provided (as a retail client, professional client or eligible counterparty) is irrelevant for this purpose.
[Note: recital 25 of MiFID implementing Directive]
- 01/04/2013
Identifying conflicts
SYSC 10.1.3
See Notes
A firm must take all reasonable steps to identify conflicts of interest between:
- (1) the firm, including its managers, employees and appointed representatives (or where applicable, tied agents ), or any person directly or indirectly linked to them by control, and a client of the firm; or
- (2) one client of the firm and another client;
that arise or may arise in the course of the firm providing any service referred to in SYSC 10.1.1 R.
[Note: article 18(1) of MiFID]
- 01/04/2013
Types of conflicts
SYSC 10.1.4
See Notes
For the purposes of identifying the types of conflict of interest that arise, or may arise, in the course of providing a service and whose existence may entail a material risk of damage to the interests of a client, a common platform firm and a management company must take into account, as a minimum, whether the firm or a relevant person, or a person directly or indirectly linked by control to the firm:
- (1) is likely to make a financial gain, or avoid a financial loss, at the expense of the client;
- (2) has an interest in the outcome of a service provided to the client or of a transaction carried out on behalf of the client, which is distinct from the client's interest in that outcome;
- (2A) in the case of a management company providing collective portfolio management services for a UCITS scheme, (2) also applies where the service is provided to, or the transaction is carried out on behalf of, a client other than the UCITS scheme;
- (3) has a financial or other incentive to favour the interest of another client or group of clients over the interests of the client;
- (4) carries on the same business as the client; or in the case of a management company, carries on the same activities for the UCITS scheme and for another client or clients which are not UCITS schemes; or
- (5) receives or will receive from a person other than the client an inducement in relation to a service provided to the client, in the form of monies, goods or services, other than the standard commission or fee for that service.
The conflict of interest may result from the firm or person providing a service referred to in SYSC 10.1.1 R or engaging in any other activity or, in the case of a management company, whether as a result of providing collective portfolio management services or otherwise.
[Note: article 21 of MiFID implementing Directiveand article 17(1) of the UCITS implementing Directive]
- 01/04/2013
SYSC 10.1.4B
See Notes
- 01/04/2013
SYSC 10.1.5
See Notes
The circumstances which should be treated as giving rise to a conflict of interest cover cases where there is a conflict between the interests of the firm or certain persons connected to the firm or the firm's group and the duty the firm owes to a client; or between the differing interests of two or more of its clients, to whom the firm owes in each case a duty. It is not enough that the firm may gain a benefit if there is not also a possible disadvantage to a client, or that one client to whom the firm owes a duty may make a gain or avoid a loss without there being a concomitant possible loss to another such client.
[Note: recital 24 of MiFID implementing Directive]
- 01/04/2013
Record of conflicts
SYSC 10.1.6
See Notes
A common platform firm and a management company must keep and regularly update a record of the kinds of service or activity carried out by or on behalf of that firm in which a conflict of interest entailing a material risk of damage to the interests of one or more clients has arisen or, in the case of an ongoing service or activity, may arise.
[Note: article 23 of MiFID implementing Directive and article 20(1) of the UCITS implementing Directive]
- 01/04/2013
SYSC 10.1.6B
See Notes
- 01/04/2013
Managing conflicts
SYSC 10.1.7
See Notes
A firm must maintain and operate effective organisational and administrative arrangements with a view to taking all reasonable steps to prevent conflicts of interest as defined in SYSC 10.1.3 R from constituting or giving rise to a material risk of damage to the interests of its clients.
[Note: article 13(3) of MiFID]
- 01/04/2013
Disclosure of conflicts
SYSC 10.1.8
See Notes
- (1) If arrangements made by a firm under SYSC 10.1.7 R to manage conflicts of interest are not sufficient to ensure, with reasonable confidence, that risks of damage to the interests of a client will be prevented, the firm must clearly disclose the general nature and/or sources of conflicts of interest to the client before undertaking business for the client.
- (2) The disclosure must:
- (a) be made in a durable medium; and
- (b) include sufficient detail, taking into account the nature of the client, to enable that client to take an informed decision with respect to the service in the context of which the conflict of interest arises.
- (3) This rule does not apply to the extent that SYSC 10.1.21 R applies.
[Note: article 18(2) of MiFID and Article 22(4) of MiFID implementing Directive]
- 01/04/2013
SYSC 10.1.8A
See Notes
- 01/04/2013
SYSC 10.1.9
See Notes
Firms should aim to identify and manage the conflicts of interest arising in relation to their various business lines and their group's activities under a comprehensive conflicts of interest policy. In particular, the disclosure of conflicts of interest by a firm should not exempt it from the obligation to maintain and operate the effective organisational and administrative arrangements under SYSC 10.1.7 R. While disclosure of specific conflicts of interest is required by SYSC 10.1.8 R, an over-reliance on disclosure without adequate consideration as to how conflicts may appropriately be managed is not permitted.
[Note: recital 27 of MiFID implementing Directive]
- 01/04/2013
Conflicts policy
SYSC 10.1.10
See Notes
[Note: article 22(1) of MiFID implementing Directive and article 18(1) of the UCITS implementing Directive]
- 01/04/2013
Contents of policy
SYSC 10.1.11
See Notes
[Note: article 22(2) and (3) of MiFID implementing Directiveand articles 18(2), 19(1) and 19(2) of the UCITS implementing Directive]
- 01/04/2013
SYSC 10.1.11B
See Notes
- 01/04/2013
SYSC 10.1.12
See Notes
In drawing up a conflicts of interest policy which identifies circumstances which constitute or may give rise to a conflict of interest, a firm should pay special attention to the activities of investment research and advice, proprietary trading, portfolio management and corporate finance business, including underwriting or selling in an offering of securities and advising on mergers and acquisitions. In particular, such special attention is appropriate where the firm or a person directly or indirectly linked by control to the firm performs a combination of two or more of those activities.
[Note: recital 26 of MiFID implementing Directive]
- 01/04/2013
SYSC 10.2
Chinese walls
- 01/01/2007
Application
SYSC 10.2.1
See Notes
- 01/04/2013
Control of information
SYSC 10.2.2
See Notes
- (1) When a firm establishes and maintains a Chinese wall (that is, an arrangement that requires information held by a person in the course of carrying on one part of the business to be withheld from, or not to be used for, persons with or for whom it acts in the course of carrying on another part of its business) it may:
- (a) withhold or not use the information held; and
- (b) for that purpose, permit persons employed in the first part of its business to withhold the information held from those employed in that other part of the business;
- but only to the extent that the business of one of those parts involves the carrying on of regulated activities, ancillary activities or, in the case of MiFID business, the provision of ancillary services.
- (2) Information may also be withheld or not used by a firm when this is required by an established arrangement maintained between different parts of the business (of any kind) in the same group. This provision does not affect any requirement to transmit or use information that may arise apart from the rules in COBS.
- (3) For the purpose of this rule, "maintains" includes taking reasonable steps to ensure that the arrangements remain effective and are adequately monitored, and must be interpreted accordingly.
- (4) For the purposes of section 118A(5)(a) of the Act, behaviour conforming with paragraph (1) does not amount to market abuse.
- 01/04/2013
Effect of rules
SYSC 10.2.3
See Notes
SYSC 10.2.2 R is made under section 137P of the Act (Control of information rules). It has the following effect:
- (1) acting in conformity with SYSC 10.2.2 R (1) provides a defence against proceedings brought under sections 89(2) and 90(1) of the Financial Services Act 2012 (Misleading statements and Misleading impressions) - see sections 89(3)(b) and 90(9)(c).
- (2) behaviour in conformity with SYSC 10.2.2 R (1) does not amount to market abuse (see SYSC 10.2.2 R (4)); and
- (3) acting in conformity with SYSC 10.2.2 R (1) provides a defence for a firm against FCA enforcement action, or an action for damages under section 138D of the Act, based on a breach of a relevant requirement to disclose or use this information.
- 01/07/2013
Attribution of knowledge
SYSC 10.2.4
See Notes
- 01/04/2013
SYSC 10.2.5
See Notes
- 01/04/2013
SYSC 11
Liquidity risk systems and controls
SYSC 11.1
Application
- 31/12/2006
SYSC 11.1.1
See Notes
SYSC 11 applies to an insurer, unless it is:
- (1) a non-directive friendly society; or
- (2) a Swiss general insurer; or
- (3) an EEA-deposit insurer; or
- (4) an incoming EEA firm; or
- (5) an incoming Treaty firm.
- 01/04/2013
SYSC 11.1.6
See Notes
If a firm carries on:
- (1) long-term insurance business; and
- (2) general insurance business;
SYSC 11 applies separately to each type of business.
- 01/04/2013
Purpose
SYSC 11.1.7
See Notes
The purpose of SYSC 11 is to amplify GENPRU and SYSC in their specific application to liquidity risk and, in so doing, to indicate minimum standards for systems and controls in respect of that risk.
- 01/04/2013
SYSC 11.1.8
See Notes
Appropriate systems and controls for the management of liquidity risk will vary with the scale, nature and complexity of the firm's activities. Most of the material in SYSC 11 is, therefore, guidance. SYSC 11 lays out some of the main issues that the PRA expects a firm to consider in relation to liquidity risk. A firm should assess the appropriateness of any particular item of guidance in the light of the scale, nature and complexity of its activities as well as its obligations to organise and control its affairs responsibly and effectively.
- 19/06/2014
SYSC 11.1.9
See Notes
- 01/04/2013
SYSC 11.1.13
See Notes
An insurer is also required to comply with the requirements in relation to liquidity risk set out in INSPRU 4.1.
- 01/04/2013
SYSC 11.1.17
See Notes
High level requirements in relation to carrying out stress testing and scenario analysis are set out in GENPRU 1.2. In particular, GENPRU 1.2.42R requires a firm to carry out appropriate stress testing and scenario analysis. SYSC 11 gives guidance in relation to these tests in the case of liquidity risk.
- 01/04/2013
Stress testing and scenario analysis
SYSC 11.1.18
See Notes
The effect of GENPRU 1.2.30R, GENPRU 1.2.34R, GENPRU 1.2.37R(1) and GENPRU 1.2.42R is that, for the purposes of determining the adequacy of its overall financial resources, a firm must carry out appropriate stress testing and scenario analysis, including taking reasonable steps to identify an appropriate range of realistic adverse circumstances and events in which liquidity risk might occur or crystallise.
- 01/04/2013
SYSC 11.1.19
See Notes
GENPRU 1.2.40G and GENPRU 1.2.62G to GENPRU 1.2.78G give guidance on stress testing and scenario analysis, including on how to choose appropriate scenarios, but the precise scenarios that a firm chooses to use will depend on the nature of its activities. For the purposes of testing liquidity risk, however, a firm should normally consider scenarios based on varying degrees of stress and both firm-specific and market-wide difficulties. In developing any scenario of extreme market-wide stress that may pose systemic risk, it may be appropriate for a firm to make assumptions about the likelihood and nature of central bank intervention.
- 01/04/2013
SYSC 11.1.20
See Notes
A firm should review frequently the assumptions used in stress testing scenarios to gain assurance that they continue to be appropriate.
- 01/04/2013
SYSC 11.1.21
See Notes
- (1) A scenario analysis in relation to liquidity risk required under GENPRU 1.2.42R should include a cash-flow projection for each scenario tested, based on reasonable estimates of the impact (both on and off balance sheet) of that scenario on the firm's funding needs and sources.
- (2) Contravention of (1) may be relied on as tending to establish contravention of GENPRU 1.2.42R.
- 01/04/2013
SYSC 11.1.22
See Notes
In identifying the possible on and off balance sheet impact referred to in SYSC 11.1.21E (1), a firm may take into account:
- (1) possible changes in the market's perception of the firm and the effects that this might have on the firm's access to the markets, including:
- (a) (where the firm funds its holdings of assets in one currency with liabilities in another) access to foreign exchange markets, particularly in less frequently traded currencies;
- (b) access to secured funding, including by way of repo transactions; and
- (c) the extent to which the firm may rely on committed facilities made available to it;
- (2) (if applicable) the possible effect of each scenario analysed on currencies whose exchange rates are currently pegged or fixed; and
- (3) that:
- (a) general market turbulence may trigger a substantial increase in the extent to which persons exercise rights against the firm under off balance sheet instruments to which the firm is party;
- (b) access to OTC derivative and foreign exchange markets are sensitive to credit-ratings;
- (c) the scenario may involve the triggering of early amortisation in asset securitisation transactions with which the firm has a connection; and
- (d) its ability to securitise assets may be reduced.
- 01/04/2013
Contingency funding plans
SYSC 11.1.23
See Notes
GENPRU 1.2.26R states that a firm must at all times maintain overall financial resources adequate to ensure that there is no significant risk that its liabilities cannot be met as they fall due. GENPRU 1.2.42R(1)(b) provides that for the purposes of determining the adequacy of its overall financial resources, a firm must estimate the financial resources it would need in each of the circumstances and events considered in carrying out its stress testing and scenario analysis in order to, inter alia, meet its liabilities as they fall due.
- 01/04/2013
SYSC 11.1.24
See Notes
- (1) A firm should have an adequately documented contingency funding plan for taking action to ensure, so far as it can, that, in each of the scenarios analysed under GENPRU 1.2.42R(1)(b), it would still have sufficient liquid financial resources to meet liabilities as they fall due.
- (2) The contingency funding plan should cover what events or circumstances will lead the firm to put into action any part of the plan.
- (3) [deleted]
- (4) A firm's contingency funding plan should, where relevant, take account of the impact of stressed market conditions on:
- (a) the behaviour of any credit-sensitive liabilities it has; and
- (b) its ability to securitise assets.
- (5) A firm's contingency funding plan should contain administrative policies and procedures that will enable the firm to manage the plan's implementation effectively, including:
- (a) the responsibilities of senior management;
- (b) names and contact details of members of the team responsible for implementing the contingency funding plan;
- (c) where, geographically, team members will be assigned;
- (d) who within the team is responsible for contact with head office (if appropriate), analysts, investors, external auditors, press, significant client's, regulators, lawyers and others; and
- (e) mechanisms that enable senior management and the governing body to receive management information that is both relevant and timely.
- (6) Contravention of any of (1) to (5) may be relied upon as tending to establish contravention of GENPRU 1.2.30R(2)(c).
- 01/04/2013
Documentation
SYSC 11.1.25
See Notes
GENPRU 1.2.60R requires a firm to document its assessment of the adequacy of its liquidity financial resources, how it intends to deal with those risks, and details of the stress tests and scenario analyses carried out and the resulting financial resources estimated to be required. Accordingly, a firm should document both its stress testing and scenario analysis (see SYSC 11.1.18 G) and its contingency funding plan (see SYSC 11.1.23 G).
- 01/04/2013
SYSC 12
Group risk systems and controls requirements
SYSC 12.1
Application
- 01/01/2007
SYSC 12.1.1
See Notes
Subject to SYSC 12.1.2 R to SYSC 12.1.4 R, this section applies to each of the following which is a member of a group:
- (1) a firm that falls into any one or more of the following categories:
- (a) a regulated entity;
- (b) [deleted]
- (c) an insurer;
- (d) a BIPRU firm;
- (e) a non-BIPRU firm that is a parent financial holding company in a Member State and is a member of a UK consolidation group; and
- (f) a firm subject to the rules in IPRU(INV) Chapter 14.
- (2) a UCITS firm, but only if its group contains a firm falling into (1); and
- (3) the Society.
- 01/04/2013
SYSC 12.1.2
See Notes
Except as set out in SYSC 12.1.4 R, this section applies with respect to different types of group as follows:
- (1) SYSC 12.1.8 R and SYSC 12.1.10 R apply with respect to all groups, including UK-regulated EEA financial conglomerates, other financial conglomerates and groups dealt with in SYSC 12.1.13 R to SYSC 12.1.16 R;
- (2) the additional requirements set out in SYSC 12.1.11 R and SYSC 12.1.12 R only apply with respect to UK-regulated EEA financial conglomerates; and
- (3) the additional requirements set out in SYSC 12.1.13 R to SYSC 12.1.16 R only apply with respect to groups of the kind dealt with by whichever of those rules apply.
- 01/04/2013
SYSC 12.1.3
See Notes
This section does not apply to:
- (1) an incoming EEA firm; or
- (2) an incoming Treaty firm; or
- (3) a UCITS qualifier; or
- (4) an ICVC; or
- (5) an incoming ECA provider acting as such.
- 01/04/2013
SYSC 12.1.4
See Notes
- (1) This rule applies in respect of the following rules:
- (a) SYSC 12.1.8R (2);
- (b) SYSC 12.1.10R (1), so far as it relates to SYSC 12.1.8R (2);
- (c) SYSC 12.1.10R (2); and
- (d) SYSC 12.1.11 R to SYSC 12.1.15 R.
- (2) The rules referred to in (1):
- (a) only apply with respect to a financial conglomerate if it is a UK-regulated EEA financial conglomerate;
- (b) (so far as they apply with respect to a group that is not a financial conglomerate) do not apply with respect to a group for which a competent authority in another EEA state is lead regulator;
- (c) (so far as they apply with respect to a financial conglomerate) do not apply to a firm with respect to a financial conglomerate of which it is a member if the interest of the financial conglomerate in that firm is no more than a participation;
- (d) (so far as they apply with respect to other groups) do not apply to a firm with respect to a group of which it is a member if the only relationship of the kind set out in paragraph (3) of the definition of group between it and the other members of the group is nothing more than a participation; and
- (e) do not apply with respect to a third-country group.
- 01/04/2013
SYSC 12.1.5
See Notes
For the purpose of this section, a group is defined in the Glossary, and includes the whole of a firm's group, including financial and non-financial undertakings. It also covers undertakings with other links to group members if their omission from the scope of group risk systems and controls would be misleading. The scope of the group systems and controls requirements may therefore differ from the scope of the quantitative requirements for groups.
- 01/04/2013
Purpose
SYSC 12.1.6
See Notes
The purpose of this chapter is to set out how the systems and control requirements imposed by SYSC (Senior Management Arrangements, Systems and Controls) apply where a firm is part of a group. If a firm is a member of a group, it should be able to assess the potential impact of risks arising from other parts of its group as well as from its own activities.
- 01/04/2013
SYSC 12.1.7
See Notes
This section implements Articles 73(3) (Supervision on a consolidated basis of credit institutions) and 138 (Intra-group transactions with mixed activity holding companies) of the Banking Consolidation Directive, Article 9 of the Financial Groups Directive (Internal control mechanisms and risk management processes) and Article 8 of the Insurance Groups Directive (Intra-group transactions).
- 01/04/2013
General rules
SYSC 12.1.8
See Notes
A firm must:
- (1) have adequate, sound and appropriate risk management processes and internal control mechanisms for the purpose of assessing and managing its own exposure to group risk, including sound administrative and accounting procedures; and
- (2) ensure that its group has adequate, sound and appropriate risk management processes and internal control mechanisms at the level of the group, including sound administrative and accounting procedures.
- 01/04/2013
SYSC 12.1.9
See Notes
For the purposes of SYSC 12.1.8 R, the question of whether the risk management processes and internal control mechanisms are adequate, sound and appropriate should be judged in the light of the nature, scale and complexity of the group's business and of the risks that the group bears. Risk management processes must include the stress testing and scenario analysis required by GENPRU 1.2.42 R and GENPRU 1.2.49R (1)(b).
- 01/04/2013
SYSC 12.1.10
See Notes
The internal control mechanisms referred to in SYSC 12.1.8 R must include:
- (1) mechanisms that are adequate for the purpose of producing any data and information which would be relevant for the purpose of monitoring compliance with any prudential requirements (including any reporting requirements and any requirements relating to capital adequacy, solvency, systems and controls and large exposures):
- (a) to which the firm is subject with respect to its membership of a group; or
- (b) that apply to or with respect to that group or part of it; and
- (2) mechanisms that are adequate to monitor funding within the group.
- 01/04/2013
Financial conglomerates
SYSC 12.1.11
See Notes
Where this section applies with respect to a financial conglomerate, the risk management processes referred to in SYSC 12.1.8R (2) must include:
- (1) sound governance and management processes, which must include the approval and periodic review by the appropriate managing bodies within the financial conglomerate of the strategies and policies of the financial conglomerate in respect of all the risks assumed by the financial conglomerate, such review and approval being carried out at the level of the financial conglomerate;
- (2) adequate capital adequacy policies at the level of the financial conglomerate, one of the purposes of which must be to anticipate the impact of the business strategy of the financial conglomerate on its risk profile and on the capital adequacy requirements to which it and its members are subject;
- (3) adequate procedures for the purpose of ensuring that the risk monitoring systems of the financial conglomerate and its members are well integrated into their organisation;
- (4) adequate procedures for the purpose of ensuring that the systems and controls of the members of the financial conglomerate are consistent and that the risks can be measured, monitored and controlled at the level of the financial conglomerate; and
- (5) arrangements in place to contribute to and develop, if required, adequate recovery and resolution arrangements and plans; a firm must update these arrangements regularly.
[Note: article 9(2) of the Financial Groups Directive]
- 01/04/2013
SYSC 12.1.12
See Notes
Where this section applies with respect to a financial conglomerate, the internal control mechanisms referred to in SYSC 12.1.8R (2) must include:
- (1) mechanisms that are adequate to identify and measure all material risks incurred by members of the financial conglomerate and appropriately relate capital in the financial conglomerate to risks; and
- (2) sound reporting and accounting procedures for the purpose of identifying, measuring, monitoring and controlling intra-group transactions and risk concentrations.
- 01/04/2013
CRR firms and non-CRR firms that are parent financial holding companies in a Member State
SYSC 12.1.13
See Notes
If this rule applies under SYSC 12.1.14 R to a firm, the firm must:
- (1) comply with SYSC 12.1.8R (2) in relation to any UK consolidation group or non-EEA sub-group of which it is a member, as well as in relation to its group; and
- (2) ensure that the risk management processes and internal control mechanisms at the level of any consolidation group or non-EEA sub-group of which it is a member comply with the obligations set out in the following provisions on a consolidated (or sub-consolidated) basis:
- (a) SYSC 4.1.1 R and SYSC 4.1.2 R;
- (b) SYSC 4.1.7 R;
- (bA) SYSC 4.3A;
- (c) SYSC 5.1.7 R;
- (d) SYSC 7;
- (dA) the Remuneration Code;
- (e) BIPRU 12.3.4 R, BIPRU 12.3.5 R, BIPRU 12.3.7A R, BIPRU 12.3.8 R , BIPRU 12.3.22A R, BIPRU 12.3.22B R, BIPRU 12.3.27 R, BIPRU 12.4.-2 R, BIPRU 12.4.-1 R, BIPRU 12.4.5A R, BIPRU 12.4.10 R, BIPRU 12.4.11 R and BIPRU 12.4.11A R;
- (f) [deleted];
- (g) [deleted];
- (h) [deleted];
- [Note: article 109(2) of CRD]
- (3) ensure that compliance with the obligations in (2) enables the consolidation group or the non-EEA sub-group to have arrangements, processes and mechanisms that are consistent and well integrated and that any data relevant to the purpose of supervision can be produced.
- [Note: article 109(2) of CRD]
- 01/01/2014
SYSC 12.1.14
See Notes
SYSC 12.1.13 R applies to a firm that is:
- (1) [deleted]
- (2) a CRR firm; or
- (3) a non-CRR firm that is a parent financial holding company in a Member State and is a member of a UK consolidation group.
- 01/01/2014
SYSC 12.1.15
See Notes
In the case of a firm that:
- (1) is a CRR firm; and
- (2) has a mixed-activity holding company as a parent undertaking;
the risk management processes and internal control mechanisms referred to in SYSC 12.1.8 R must include sound reporting and accounting procedures and other mechanisms that are adequate to identify, measure, monitor and control transactions between the firm's parent undertaking mixed-activity holding company and any of the mixed-activity holding company's subsidiary undertakings.
- 01/01/2014
Insurance undertakings
SYSC 12.1.16
See Notes
- 01/04/2013
SYSC 12.1.17
See Notes
- 01/04/2013
Nature and extent of requirements and allocation of responsibilities within the group
SYSC 12.1.18
See Notes
- 01/04/2013
SYSC 12.1.19
See Notes
- 01/04/2013
SYSC 12.1.20
See Notes
- 01/04/2013
SYSC 12.1.21
See Notes
- 01/04/2013
SYSC 12.1.22
See Notes
- 01/04/2013
SYSC 13
Operational risk: systems and controls for insurers
SYSC 13.1
Application
- 31/12/2006
SYSC 13.1.1
See Notes
SYSC 13 applies to an insurer unless it is:
- (1) a non-directive friendly society; or
- (2) an incoming EEA firm; or
- (3) an incoming Treaty firm.
- 01/04/2013
SYSC 13.1.2
See Notes
SYSC 13 applies to:
- (1) an EEA-deposit insurer; and
- (2) a Swiss general insurer;
only in respect of the activities of the firm carried on from a branch in the United Kingdom.
- 01/04/2013
SYSC 13.1.4
See Notes
- 01/04/2013
SYSC 13.2
Purpose
- 31/12/2006
SYSC 13.2.1
See Notes
- 01/04/2013
SYSC 13.2.2
See Notes
- 01/04/2013
SYSC 13.2.3
See Notes
- 01/04/2013
SYSC 13.2.4B
See Notes
- 01/04/2013
SYSC 13.3
Other related Handbook sections
- 31/12/2006
SYSC 13.3.1B
See Notes
- 01/04/2013
SYSC 13.4
Requirements to notify the appropriate regulator
- 01/04/2013
SYSC 13.4.1
See Notes
- 01/04/2013
SYSC 13.4.2
See Notes
Regarding operational risk, matters of which the appropriate regulator would expect notice under Principle 11 include:
- 01/04/2013
SYSC 13.5
Risk management terms
- 31/12/2006
SYSC 13.5.1
See Notes
In this chapter, the following interpretations of risk management terms apply:
- (1) a firm's risk culture encompasses the general awareness, attitude and behaviour of its employees and appointed representatives or, where applicable, its tied agents, to risk and the management of risk within the organisation;
- (2) operational exposure means the degree of operational risk faced by a firm and is usually expressed in terms of the likelihood and impact of a particular type of operational loss occurring (for example, fraud, damage to physical assets);
- (3) a firm's operational risk profile describes the types of operational risks that it faces, including those operational risks within a firm that may have an adverse impact upon the quality of service afforded to its clients, and its exposure to these risks.
- 01/04/2013
SYSC 13.6
People
- 31/12/2006
SYSC 13.6.1
See Notes
- 01/04/2013
SYSC 13.6.2
See Notes
A firm should establish and maintain appropriate systems and controls for the management of operational risks that can arise from employees. In doing so, a firm should have regard to:
- (1) its operational risk culture, and any variations in this or its human resource management practices, across its operations (including, for example, the extent to which the compliance culture is extended to in-house IT staff);
- (2) whether the way employees are remunerated exposes the firm to the risk that it will not be able to meet its regulatory obligations (see SYSC 3.2.18 G). For example, a firm should consider how well remuneration and performance indicators reflect the firm's tolerance for operational risk, and the adequacy of these indicators for measuring performance;
- (3) whether inadequate or inappropriate training of client-facing services exposes clients to risk of loss or unfair treatment including by not enabling effective communication with the firm;
- (4) the extent of its compliance with applicable regulatory and other requirements that relate to the welfare and conduct of employees;
- (5) its arrangements for the continuity of operations in the event of employee unavailability or loss;
- (6) the relationship between indicators of 'people risk' (such as overtime, sickness, and employee turnover levels) and exposure to operational losses; and
- (7) the relevance of all the above to employees of a third party supplier who are involved in performing an outsourcing arrangement. As necessary, a firm should review and consider the adequacy of the staffing arrangements and policies of a service provider.
- 01/04/2013
Employee responsibilities
SYSC 13.6.3
See Notes
A firm should ensure that all employees are capable of performing, and aware of, their operational risk management responsibilities, including by establishing and maintaining:
- (1) appropriate segregation of employees' duties and appropriate supervision of employees in the performance of their responsibilities (see SYSC 3.2.5 G);
- (2) appropriate recruitment and subsequent processes to review the fitness and propriety of employees (see SYSC 3.2.13 G and SYSC 3.2.14 G);
- (3) clear policy statements and appropriate systems and procedures manuals that are effectively communicated to employees and available for employees to refer to as required. These should cover, for example, compliance, IT security and health and safety issues;
- (4) training processes that enable employees to attain and maintain appropriate competence; and
- (5) appropriate and properly enforced disciplinary and employment termination policies and procedures.
- 01/04/2013
SYSC 13.6.4
See Notes
- 01/04/2013
SYSC 13.7
Processes and systems
- 31/12/2006
SYSC 13.7.1
See Notes
A firm should establish and maintain appropriate systems and controls for managing operational risks that can arise from inadequacies or failures in its processes and systems (and, as appropriate, the systems and processes of third party suppliers, agents and others). In doing so a firm should have regard to:
- (1) the importance and complexity of processes and systems used in the end-to-end operating cycle for products and activities (for example, the level of integration of systems);
- (2) controls that will help it to prevent system and process failures or identify them to permit prompt rectification (including pre-approval or reconciliation processes);
- (3) whether the design and use of its processes and systems allow it to comply adequately with regulatory and other requirements;
- (4) its arrangements for the continuity of operations in the event that a significant process or system becomes unavailable or is destroyed; and
- (5) the importance of monitoring indicators of process or system risk (including reconciliation exceptions, compensation payments for client losses and documentation errors) and experience of operational losses and exposures.
- 01/04/2013
Internal documentation
SYSC 13.7.2
See Notes
- 01/04/2013
External documentation
SYSC 13.7.3
See Notes
- 01/04/2013
SYSC 13.7.4
See Notes
A firm should ensure the adequacy of its processes and systems to review external documentation prior to issue (including review by its compliance, legal and marketing departments or by appropriately qualified external advisers). In doing so, a firm should have regard to:
- (1) compliance with applicable regulatory and other requirements;
- (2) the extent to which its documentation uses standard terms (that are widely recognised, and have been tested in the courts) or non-standard terms (whose meaning may not yet be settled or whose effectiveness may be uncertain);
- (3) the manner in which its documentation is issued; and
- (4) the extent to which confirmation of acceptance is required (including by customer signature or counterparty confirmation).
- 01/04/2013
IT systems
SYSC 13.7.5
See Notes
- 01/04/2013
SYSC 13.7.6
See Notes
A firm should establish and maintain appropriate systems and controls for the management of its IT system risks, having regard to:
- (1) its organisation and reporting structure for technology operations (including the adequacy of senior management oversight);
- (2) the extent to which technology requirements are addressed in its business strategy;
- (3) the appropriateness of its systems acquisition, development and maintenance activities (including the allocation of responsibilities between IT development and operational areas, processes for embedding security requirements into systems); and
- (4) the appropriateness of its activities supporting the operation of IT systems (including the allocation of responsibilities between business and technology areas).
- 01/04/2013
Information security
SYSC 13.7.7
See Notes
Failures in processing information (whether physical, electronic or known by employees but not recorded) or of the security of the systems that maintain it can lead to significant operational losses. A firm should establish and maintain appropriate systems and controls to manage its information security risks. In doing so, a firm should have regard to:
- (1) confidentiality: information should be accessible only to persons or systems with appropriate authority, which may require firewalls within a system, as well as entry restrictions;
- (2) integrity: safeguarding the accuracy and completeness of information and its processing;
- (3) availability and authentication: ensuring that appropriately authorised persons or systems have access to the information when required and that their identity is verified;
- (4) non-repudiation and accountability: ensuring that the person or system that processed the information cannot deny their actions.
- 01/04/2013
SYSC 13.7.8
See Notes
- 01/04/2013
Geographic location
SYSC 13.7.9
See Notes
Operating processes and systems at separate geographic locations may alter a firm's operational risk profile (including by allowing alternative sites for the continuity of operations). A firm should understand the effect of any differences in processes and systems at each of its locations, particularly if they are in different countries, having regard to:
- (1) the business operating environment of each country (for example, the likelihood and impact of political disruptions or cultural differences on the provision of services);
- (2) relevant local regulatory and other requirements regarding data protection and transfer;
- (3) the extent to which local regulatory and other requirements may restrict its ability to meet regulatory obligations in the United Kingdom (for example, access to information by the appropriate regulator and local restrictions on internal or external audit); and
- (4) the timeliness of information flows to and from its headquarters and whether the level of delegated authority and the risk management structures of the overseas operation are compatible with the firm's head office arrangements.
- 01/04/2013
SYSC 13.8
External events and other changes
- 31/12/2006
SYSC 13.8.1
See Notes
The exposure of a firm to operational risk may increase during times of significant change to its organisation, infrastructure and business operating environment (for example, following a corporate restructure or changes in regulatory requirements). Before, during, and after expected changes, a firm should assess and monitor their effect on its risk profile, including with regard to:
- (1) untrained or de-motivated employees or a significant loss of employees during the period of change, or subsequently;
- (2) inadequate human resources or inexperienced employees carrying out routine business activities owing to the prioritisation of resources to the programme or project;
- (3) process or system instability and poor management information due to failures in integration or increased demand; and
- (4) inadequate or inappropriate processes following business re-engineering.
- 01/04/2013
SYSC 13.8.2
See Notes
A firm should establish and maintain appropriate systems and controls for the management of the risks involved in expected changes, such as by ensuring:
- (1) the adequacy of its organisation and reporting structure for managing the change (including the adequacy of senior management oversight);
- (2) the adequacy of the management processes and systems for managing the change (including planning, approval, implementation and review processes); and
- (3) the adequacy of its strategy for communicating changes in systems and controls to its employees.
- 01/04/2013
Unexpected changes and business continuity management
SYSC 13.8.3
See Notes
- 01/04/2013
SYSC 13.8.4
See Notes
- 01/04/2013
SYSC 13.8.5
See Notes
A firm should consider the likelihood and impact of a disruption to the continuity of its operations from unexpected events. This should include assessing the disruptions to which it is particularly susceptible (and the likely timescale of those disruptions) including through:
- (1) loss or failure of internal and external resources (such as people, systems and other assets);
- (2) the loss or corruption of its information; and
- (3) external events (such as vandalism, war and "acts of God").
- 01/04/2013
SYSC 13.8.6
See Notes
- 01/04/2013
SYSC 13.8.7
See Notes
A firm should document its strategy for maintaining continuity of its operations, and its plans for communicating and regularly testing the adequacy and effectiveness of this strategy. A firm should establish:
- (1) formal business continuity plans that outline arrangements to reduce the impact of a short, medium or long-term disruption, including:
- (a) resource requirements such as people, systems and other assets, and arrangements for obtaining these resources;
- (b) the recovery priorities for the firm's operations; and
- (c) communication arrangements for internal and external concerned parties (including the appropriate regulator, clients and the press);
- (2) escalation and invocation plans that outline the processes for implementing the business continuity plans, together with relevant contact information;
- (3) processes to validate the integrity of information affected by the disruption;
- (4) processes to review and update (1) to (3) following changes to the firm's operations or risk profile (including changes identified through testing).
- 01/04/2013
SYSC 13.8.8
See Notes
- 01/04/2013
SYSC 13.9
Outsourcing
- 31/12/2006
SYSC 13.9.1
See Notes
- 01/04/2013
SYSC 13.9.2
See Notes
- 01/04/2013
SYSC 13.9.3
See Notes
- 01/04/2013
SYSC 13.9.4
See Notes
Before entering into, or significantly changing, an outsourcing arrangement, a firm should:
- (1) analyse how the arrangement will fit with its organisation and reporting structure; business strategy; overall risk profile; and ability to meet its regulatory obligations;
- (2) consider whether the agreements establishing the arrangement will allow it to monitor and control its operational risk exposure relating to the outsourcing;
- (3) conduct appropriate due diligence of the service provider's financial stability and expertise;
- (4) consider how it will ensure a smooth transition of its operations from its current arrangements to a new or changed outsourcing arrangement (including what will happen on the termination of the contract); and
- (5) consider any concentration risk implications such as the business continuity implications that may arise if a single service provider is used by several firms.
- 01/04/2013
SYSC 13.9.5
See Notes
In negotiating its contract with a service provider, a firm should have regard to:
- (1) reporting or notification requirements it may wish to impose on the service provider;
- (2) whether sufficient access will be available to its internal auditors, external auditors or actuaries (see section 341 of the Act) and to the appropriate regulator (see SUP 2.3.5 R (Access to premises) and SUP 2.3.7 R (Suppliers under material outsourcing arrangements);
- (3) information ownership rights, confidentiality agreements and Chinese walls to protect client and other information (including arrangements at the termination of the contract);
- (4) the adequacy of any guarantees and indemnities;
- (5) the extent to which the service provider must comply with the firm's policies and procedures (covering, for example, information security);
- (6) the extent to which a service provider will provide business continuity for outsourced operations, and whether exclusive access to its resources is agreed;
- (7) the need for continued availability of software following difficulty at a third party supplier;
- (8) the processes for making changes to the outsourcing arrangement (for example, changes in processing volumes, activities and other contractual terms) and the conditions under which the firm or service provider can choose to change or terminate the outsourcing arrangement, such as where there is:
- (a) a change of ownership or control (including insolvency or receivership) of the service provider or firm; or
- (b) significant change in the business operations (including sub-contracting) of the service provider or firm; or
- (c) inadequate provision of services that may lead to the firm being unable to meet its regulatory obligations.
- 01/04/2013
SYSC 13.9.6
See Notes
In implementing a relationship management framework, and drafting the service level agreement with the service provider, a firm should have regard to:
- (1) the identification of qualitative and quantitative performance targets to assess the adequacy of service provision, to both the firm and its clients, where appropriate;
- (2) the evaluation of performance through service delivery reports and periodic self certification or independent review by internal or external auditors; and
- (3) remedial action and escalation processes for dealing with inadequate performance.
- 01/04/2013
SYSC 13.9.7
See Notes
- 01/04/2013
SYSC 13.9.8
See Notes
- 01/04/2013
SYSC 13.10
Insurance
- 31/12/2006
SYSC 13.10.1
See Notes
- 01/04/2013
SYSC 13.10.2
See Notes
When considering utilising insurance, a firm should consider:
- (1) the time taken for the insurer to pay claims (including the potential time taken in disputing cover) and the firm's funding of operations whilst awaiting payment of claims;
- (2) the financial strength of the insurer, which may determine its ability to pay claims, particularly where large or numerous small claims are made at the same time; and
- (3) the effect of any limiting conditions and exclusion clauses that may restrict cover to a small number of specific operational losses and may exclude larger or hard to quantify indirect losses (such as lost business or reputational costs).
- 01/04/2013
SYSC 14
Risk management and associated systems and controls for insurers
SYSC 14.1
Application
- 31/12/2006
SYSC 14.1.1
See Notes
This section applies to an insurer unless it is:
- (1) a non-directive friendly society; or
- (2) an incoming EEA firm; or
- (3) an incoming Treaty firm.
- 01/04/2013
SYSC 14.1.2
See Notes
This section applies to:
- (1) an EEA-deposit insurer; and
- (2) a Swiss general insurer;
only in respect of the activities of the firm carried on from a branch in the United Kingdom.
- 01/04/2013
SYSC 14.1.2A
See Notes
- 01/04/2013
Purpose
SYSC 14.1.3
See Notes
- 01/04/2013
SYSC 14.1.4
See Notes
- 01/04/2013
SYSC 14.1.5
See Notes
- 01/04/2013
How to interpret this section
SYSC 14.1.6
See Notes
- 19/06/2014
SYSC 14.1.7
See Notes
- 19/06/2014
SYSC 14.1.8
See Notes
Appropriate systems and controls for the management of prudential risk will vary from firm to firm. Therefore, most of the material in this section is guidance. In interpreting this guidance, a firm should have regard to its own particular circumstances. Following from SYSC 3.1.2 G, this should include considering the nature, scale and complexity of its business, which may be influenced by factors such as:
- (1) the diversity of its operations, including geographical diversity;
- (2) the volume and size of its transactions; and
- (3) the degree of risk associated with each area of its operation.
- 01/04/2013
SYSC 14.1.9
See Notes
- 01/04/2013
The role of systems and controls
SYSC 14.1.10
See Notes
- 01/04/2013
The prudential responsibilities of senior management and the apportionment of those responsibilities
SYSC 14.1.11
See Notes
Ultimate responsibility for the management of prudential risks rests with a firm's governing body and relevant senior managers, and in particular with those individuals that undertake the firm's governing functions and the apportionment and oversight function. In particular, these responsibilities should include:
- (1) overseeing the establishment of an appropriate business plan and risk management strategy;
- (2) overseeing the development of appropriate systems for the management of prudential risks;
- (3) establishing adequate internal controls; and
- (4) ensuring that the firm maintains adequate financial resources.
- 01/04/2013
The delegation of responsibilities within the firm
SYSC 14.1.12
See Notes
- 01/04/2013
SYSC 14.1.13
See Notes
- 01/04/2013
Firms subject to risk management on a group basis
SYSC 14.1.14
See Notes
- 01/04/2013
SYSC 14.1.15
See Notes
- 01/04/2013
SYSC 14.1.16
See Notes
- 01/04/2013
Business planning and risk management
SYSC 14.1.17
See Notes
- 01/04/2013
SYSC 14.1.18
See Notes
- 01/04/2013
SYSC 14.1.19
See Notes
When establishing and maintaining its business plan and prudential risk management systems, a firm must document:
- (1) an explanation of its overall business strategy, including its business objectives;
- (2) a description of, as applicable, its policies towards market, credit (including provisioning), liquidity, operational, insurance and group risk (that is, its risk policies), including its appetite or tolerance for these risks and how it identifies, measures or assesses, monitors and controls these risks;
- (3) the systems and controls that it intends to use in order to ensure that its business plan and risk policies are implemented correctly;
- (4) a description of how the firm accounts for assets and liabilities, including the circumstances under which items are netted, included or excluded from the firm's balance sheet and the methods and assumptions for valuation;
- (5) appropriate financial projections and the results of its stress testing and scenario analysis (see GENPRU 1.2 (Adequacy of financial resources)); and
- (6) details of, and the justification for, the methods and assumptions used in financial projections and stress testing and scenario analysis.
- 01/04/2013
SYSC 14.1.20
See Notes
The prudential risk management systems referred to in SYSC 14.1.18 R and SYSC 14.1.19 R are the means by which a firm is able to:
- (1) identify the prudential risks that are inherent in its business plan, operating environment and objectives, and determine its appetite or tolerance for these risks;
- (2) measure or assess its prudential risks;
- (3) monitor its prudential risks; and
- (4) control or mitigate its prudential risks.
INSPRU 4.1.63 E is an evidential provision relating to SYSC 14.1.18 R concerning risk management systems in respect of liquidity risk arising from substantial exposures in foreign currencies.
- 01/04/2013
SYSC 14.1.21
See Notes
- 01/04/2013
SYSC 14.1.22
See Notes
A firm's business plan and risk management systems should be:
- (1) effectively communicated so that all employees and contractors understand and adhere to the procedures related to their own responsibilities;
- (2) regularly updated and revised, in particular when there is significant new information or when actual practice or performance differs materially from the documented strategy, policy or systems.
- 01/04/2013
SYSC 14.1.23
See Notes
- 01/04/2013
SYSC 14.1.24
See Notes
- 01/04/2013
SYSC 14.1.25
See Notes
- 01/04/2013
Internal controls: introduction
SYSC 14.1.26
See Notes
- 01/04/2013
SYSC 14.1.27
See Notes
- 01/04/2013
SYSC 14.1.28
See Notes
The precise role and organisation of internal controls can vary from firm to firm. However, a firm's internal controls should normally be concerned with assisting its governing body and relevant senior managers to participate in ensuring that it meets the following objectives:
- (1) safeguarding both the assets of the firm and its customers, as well as identifying and managing liabilities;
- (2) maintaining the efficiency and effectiveness of its operations;
- (3) ensuring the reliability and completeness of all accounting, financial and management information; and
- (4) ensuring compliance with its internal policies and procedures as well as all applicable laws and regulations.
- 01/04/2013
SYSC 14.1.29
See Notes
When determining the adequacy of its internal controls, a firm should consider both the potential risks that might hinder the achievement of the objectives listed in SYSC 14.1.28 G, and the extent to which it needs to control these risks. More specifically, this should normally include consideration of:
- (1) the appropriateness of its reporting and communication lines (see SYSC 3.2.2 G);
- (2) how the delegation or contracting of functions or activities to employees, appointed representatives or, where applicable, its tied agents or other third parties (for example outsourcing) is to be monitored and controlled (see SYSC 3.2.3 G to SYSC 3.2.4 G, SYSC 14.1.12 G to SYSC 14.1.16 G and SYSC 14.1.33 G; additional guidance on the management of outsourcing arrangements is also provided in SYSC 13.9);
- (3) the risk that a firm's employees or contractors might accidentally or deliberately breach a firm's policies and procedures (see SYSC 13.6.3 G);
- (4) the need for adequate segregation of duties (see SYSC 3.2.5 G and SYSC 14.1.30 G to SYSC 14.1.33 G);
- (5) the establishment and control of risk management committees (see SYSC 14.1.34 G to SYSC 14.1.37 G);
- (6) the need for risk assessment and the establishment of a risk assessment function (see SYSC 3.2.10 G and SYSC 14.1.38 G to SYSC 14.1.41 G);
- (7) the need for internal audit and the establishment of an internal audit function and audit committee (see SYSC 3.2.15 G to SYSC 3.2.16 G and SYSC 14.1.42 G to SYSC 14.1.45 G).
- 01/04/2013
Internal controls: segregation of duties
SYSC 14.1.30
See Notes
The effective segregation of duties is an important internal control. In particular, it helps to ensure that no one individual is completely free to commit a firm's assets or incur liabilities on its behalf. Segregation can also help to ensure that a firm's governing body receives objective and accurate information on financial performance, the risks faced by the firm and the adequacy of its systems. In this regard, a firm should ensure that there is adequate segregation of duties between employees involved in:
- (1) taking on or controlling risk (which could involve risk mitigation);
- (2) risk assessment (which includes the identification and analysis of risk); and
- (3) internal audit.
- 01/04/2013
SYSC 14.1.31
See Notes
- 01/04/2013
SYSC 14.1.32
See Notes
- 01/04/2013
SYSC 14.1.33
See Notes
Where a firm outsources a controlled function, such as internal audit, it should take reasonable steps to ensure that every individual involved in the performance of this service is independent from the individuals who perform its external audit. This should not prevent services from being undertaken by a firm's external auditors provided that:
- (1) the work is carried out under the supervision and management of the firm's own internal staff; and
- (2) potential conflicts of interest between the provision of external audit services and the provision of controlled functions are properly managed.
- 01/04/2013
Internal controls: risk management committees
SYSC 14.1.34
See Notes
- 01/04/2013
SYSC 14.1.35
See Notes
Where a firm decides to create one or more risk management committee(s), adequate internal controls should be put in place to ensure that these committees are effective and that their actions are consistent with the objectives outlined in SYSC 14.1.28 G. This should normally include consideration of the following:
- (1) setting clear terms of reference, including membership, reporting lines and responsibilities of each committee;
- (2) setting limits on their authority;
- (3) agreeing routine reporting and non-routine reporting escalation procedures;
- (4) agreeing the minimum frequency of committee meetings; and
- (5) reviewing the performance of these risk management committees.
- 01/04/2013
SYSC 14.1.36
See Notes
- 01/04/2013
SYSC 14.1.37
See Notes
The effective use of risk management committees can help to enhance a firm's internal controls. In establishing and maintaining its risk management committees, a firm should consider:
- (1) their membership, which should normally include relevant senior managers (such as the head of group risk, head of legal, and the heads of market, credit, liquidity and operational risk, etc.), business line managers, risk management personnel and other appropriately skilled people, for example, actuaries, lawyers, accountants, IT specialists, etc.;
- (2) using these committees to:
- (i) inform the decisions made by a firm's governing body regarding its appetite or tolerance for risk taking;
- (ii) highlight risk management issues that may require attention by the governing body;
- (iii) consider risk at the firm-wide level and, within delegated limits, to determine the allocation of risk limits and financial resources across business lines; and
- (iv) consider how exposures may be unwound, hedged, or otherwise mitigated, as appropriate.
- 01/04/2013
Internal controls: risk assessment
SYSC 14.1.38
See Notes
Risk assessment is the process through which a firm identifies and analyses (using both qualitative and quantitative methodologies) the risks that it faces. A firm's risk assessment activities should normally include consideration of:
- (1) its total exposure to risk at the firm-wide level (that is, its exposure across business lines and risk categories);
- (2) capital allocation and the need to calculate risk weighted returns for different business lines;
- (3) the potential correlations that can exist between the risks in different business lines; this should also include looking for risks to which a firm's business plan is particularly sensitive, such as interest rate risk, or multiple dealings with the same counterparty;
- (4) the use of stress tests and scenario analysis;
- (5) whether there are risks inherent in the firm's business that are not being addressed adequately;
- (6) the risk adjusted return that the firm is achieving; and
- (7) the adequacy and timeliness of management information on market, credit, insurance, liquidity, operational and group risks from the business lines, including risk limit utilisation.
- 01/04/2013
SYSC 14.1.39
See Notes
- (1) In accordance with SYSC 3.2.10 G a firm should consider whether it needs to set up a separate risk assessment function (or functions) that is responsible for assessing the risks that the firm faces and advising its governing body and senior managers on them.
- (2) The term 'risk assessment function' refers to the generally understood concept of risk assessment within a firm, that is, the function of setting and controlling risk exposure. The risk assessment function is not a controlled function itself, but is part of the systems and controls function (CF28).
- 01/04/2013
SYSC 14.1.40
See Notes
- 01/04/2013
SYSC 14.1.41
See Notes
- 01/04/2013
Internal audit
SYSC 14.1.42
See Notes
A firm should ensure that it has appropriate mechanisms in place to assess and monitor the appropriateness and effectiveness of its systems and controls. This should normally include consideration of:
- (1) adherence to and effectiveness of, as appropriate, its market, credit, liquidity, operational, insurance, and group risk policies;
- (2) whether departures and variances from its documented systems and controls and risk policies have been adequately documented and appropriately reported, including whether appropriate pre-clearance authorisation has been sought for material departures and variances;
- (3) adherence to and effectiveness of its accounting policies, and whether accounting records are complete and accurate;
- (4) adherence to and effectiveness of its management reporting arrangements, including the timeliness of reporting, and whether information is comprehensive and accurate; and
- (5) adherence to PRA rules and regulatory prudential standards.
- 01/04/2013
SYSC 14.1.43
See Notes
- (1) In accordance with SYSC 3.2.15 G and SYSC 3.2.16 G, a firm should consider whether it needs to set up a dedicated internal audit function.
- (2) The term 'internal audit function' refers to the generally understood concept of internal audit within a firm, that is, the function of assessing adherence to and the effectiveness of internal systems and controls, procedures and policies. The internal audit function is not a controlled function itself, but is part of the systems and controls function (CF28).
- 01/04/2013
SYSC 14.1.44
See Notes
- 01/04/2013
SYSC 14.1.45
See Notes
- 01/04/2013
Management information
SYSC 14.1.46
See Notes
- 01/04/2013
SYSC 14.1.47
See Notes
The role of management information should be to help a firm's governing body and senior managers to understand risk at a firm-wide level. In so doing, it should help them to:
- 01/04/2013
SYSC 14.1.48
See Notes
A firm should consider what information needs to be made available to its governing body and senior managers. Some possible examples include:
- (1) firm-wide information such as the overall profitability and value of a firm and its total exposure to risk;
- (2) reports from committees to which the governing body has delegated risk management tasks, if applicable;
- (3) reports from a firm's internal audit and risk assessment functions (see SYSC 14.1.43 G and SYSC 14.1.39 G), if applicable, including exception reports, where risk limits and policies have been breached or systems circumvented;
- (4) financial projections under expected and abnormal (that is, stressed) conditions;
- (5) reconciliation of actual profit and loss to previous financial projections and an analysis of any significant variances;
- (6) matters which require a decision from the governing body or senior managers, for example a significant variation to a business plan, amendments to risk limits, the creation of a new business line, etc;
- (7) compliance with PRA rules and regulatory prudential standards;
- (8) risk weighted returns; and
- (9) liquidity and funding requirements.
- 01/04/2013
SYSC 14.1.49
See Notes
The management information that is provided to a firm's governing body and senior managers should have the following characteristics:
- (1) it should be timely, its frequency being determined by factors such as:
- (a) the volatility of the business in which the firm is engaged (that is, the speed at which its risks can change);
- (b) any time constraints on when action needs to be taken; and
- (c) the level of risk that the firm is exposed to, compared to its available financial resources and tolerance for risk;
- (2) it should be reliable, having regard to the fact that it may be necessary to sacrifice a degree of accuracy for timeliness; and
- (3) it should be presented in a manner that highlights any relevant issues on which those undertaking governing functions should focus particular attention.
- 01/04/2013
SYSC 14.1.50
See Notes
- 01/04/2013
Record keeping
SYSC 14.1.51
See Notes
SYSC 3.2.20 R requires a firm to take reasonable care to make and retain adequate records. The following policy on record keeping supplements SYSC 3.2.20 R by providing some additional rules and guidance on record keeping. The purpose of this policy is to:
- (1) facilitate the prudential supervision of a firm by ensuring that adequate information is available regarding its past/current financial situation and business activities (which includes the design and implementation of systems and controls); and
- (2) help the PRA to satisfy itself that a firm is operating in a prudent manner and is not prejudicing its safety and soundness or the interests of policyholders.
- 01/04/2013
SYSC 14.1.52
See Notes
- 01/04/2013
SYSC 14.1.53
See Notes
- (1) A firm must make and regularly update accounting and other records that are sufficient to enable the firm to demonstrate to the PRA:
- (a) that the firm is financially sound and has appropriate systems and controls;
- (b) the firm's financial position and exposure to risk (to a reasonable degree of accuracy); and
- (c) the firm's compliance with the rules in GENPRU, INSPRU and SYSC.
- (2) The records in (1) must be retained for a minimum of three years, or longer as appropriate.
- 01/04/2013
SYSC 14.1.54
See Notes
- 01/04/2013
SYSC 14.1.55
See Notes
- 01/04/2013
SYSC 14.1.56
See Notes
- 01/04/2013
SYSC 14.1.57
See Notes
- 01/04/2013
SYSC 14.1.58
See Notes
- 01/04/2013
SYSC 14.1.59
See Notes
- 01/04/2013
SYSC 14.1.60
See Notes
A firm must keep the records required in SYSC 14.1.53 R in the United Kingdom, except where:
- (1) they relate to business carried on from an establishment in a country or territory that is outside the United Kingdom; and
- (2) they are kept in that country or territory.
- 01/04/2013
SYSC 14.1.61
See Notes
- 01/04/2013
SYSC 14.1.62
See Notes
- 01/04/2013
SYSC 14.1.63
See Notes
- 01/04/2013
SYSC 14.1.64
See Notes
- 01/04/2013
Operational risk
SYSC 14.1.65
See Notes
As well as covering other types of risk, the rules and guidance set out in this chapter deal with a firm's approach to operational risk. In particular:
- (1) SYSC 14.1.18 R requires a firm to take reasonable steps to ensure that the risk management systems put in place to identify, assess, monitor and control operational risk are adequate for that purpose;
- (2) SYSC 14.1.19R (2) requires a firm to document its policy for operational risk, including its risk appetite and how it identifies, assesses, monitors and controls that risk; and
- (3) SYSC 14.1.27 R requires a firm to take reasonable steps to establish and maintain adequate internal controls to enable it to assess and monitor the effectiveness and implementation of its business plan and prudential risk management systems.
- 01/04/2013
SYSC 15
Credit risk management systems and controls for insurers
SYSC 15.1
Application
- 31/12/2006
SYSC 15.1.1
See Notes
SYSC 15.1 applies to an insurer unless it is:
- (1) a non-directive friendly society; or
- (2) an incoming EEA firm; or
- (3) an incoming Treaty firm.
- 01/04/2013
SYSC 15.1.2
See Notes
SYSC 15.1 applies to:
- (1) an EEA-deposit insurer; and
- (2) a Swiss general insurer;
only in respect of the activities of the firm carried on from a branch in the United Kingdom.
- 01/04/2013
SYSC 15.1.2A
See Notes
- 01/04/2013
Purpose
SYSC 15.1.3
See Notes
- 01/04/2013
SYSC 15.1.4
See Notes
- 01/04/2013
SYSC 15.1.5
See Notes
Credit risk concerns the PRA because inadequate systems and controls for credit risk management can create a threat to the statutory objectives of promoting the safety and soundness of PRA authorised persons and contributing to the securing of an appropriate degree of protection for those who are or may become policyholders by:
- (1) the erosion of a firm's capital due to excessive credit losses thereby threatening its viability as a going concern;
- (2) an inability of a firm to meet its own obligations to depositors, policyholders or other market counterparties due to its capital erosion.
- 01/04/2013
SYSC 15.1.6
See Notes
- 19/06/2014
Requirements
SYSC 15.1.7
See Notes
High level requirements for prudential systems and controls, including those for credit risk, are set out in SYSC 14. In particular:
- (1) SYSC 14.1.19R (2) requires a firm to document its policy for credit risk, including its risk appetite and how it identifies, measures, monitors and controls that risk;
- (2) SYSC 14.1.19R (2) requires a firm to document its provisioning policy. Documentation should describe the systems and controls that it intends to use to ensure that the policy is correctly implemented;
- (3) SYSC 14.1.18 R requires it to establish and maintain risk management systems to identify, measure, monitor and control credit risk (in accordance with its credit risk policy), and to take reasonable steps to ensure that its systems are adequate for that purpose; or
- (4) in line with SYSC 14.1.11 G, the ultimate responsibility for the management of credit risk should rest with a firm's governing body. Where delegation of authority occurs the governing body and relevant senior managers should approve and periodically review systems and controls to ensure that delegated duties are being performed correctly.
- 01/04/2013
Credit risk policy
SYSC 15.1.8
See Notes
SYSC 14.1.18 R requires a firm to establish, maintain and document a business plan and risk policies. They should provide a clear indication of the amount and nature of credit risk that the firm wishes to incur. In particular, they should cover for credit risk:
- (1) how, with particular reference to its activities, the firm defines and measures credit risk;
- (2) the firm's business aims in incurring credit risk including:
- (a) identifying the types and sources of credit risk to which the firm wishes to be exposed (and the limits on that exposure) and those to which the firm wishes not to be exposed (and how that is to be achieved, for example how exposure is to be avoided or mitigated);
- (b) specifying the level of diversification required by the firm and the firm's tolerance for risk concentrations (and the limits on those exposures and concentrations); and
- (c) drawing the distinction between activities where credit risk is taken in order to achieve a return (for example, lending) and activities where credit exposure arises as a consequence of pursuing some other objective (for example, the purchase of a derivative in order to mitigate market risk);
- (3) how credit risk is assessed both when credit is granted or incurred and subsequently, including how the adequacy of any security and other risk mitigation techniques is assessed;
- (4) the detailed limit structure for credit risk which should:
- (a) address all key risk factors, including intra-group exposures and indirect exposures (for example, exposures held by related and subsidiary undertakings);
- (b) be commensurate with the volume and complexity of activity; and
- (c) be consistent with the firm's business aims, historical performance, and its risk appetite;
- (5) procedures for:
- (a) approving new or additional exposures to counterparties;
- (b) approving new products and activities that give rise to credit risk;
- (c) regular risk position and performance reporting;
- (d) limit exception reporting and approval; and
- (e) identifying and dealing with the problem exposures caused by the failure or downgrading of a counterparty;
- (6) the methods and assumptions used for the stress testing and scenario analysis required by GENPRU 1.2 (Adequacy of financial resources), including how these methods and assumptions are selected and tested; and
- (7) the allocation of responsibilities for implementing the credit risk policy and for monitoring adherence to, and the effectiveness of, the policy.
- 01/04/2013
Counterparty assessment
SYSC 15.1.9
See Notes
The firm should make a suitable assessment of the risk profile of the counterparty. The factors to be considered will vary according to both the type of credit and the counterparty being considered. This may include:
- (1) the purpose of the credit, the duration of the agreement and the source of repayment;
- (2) an assessment and continuous monitoring of the credit quality of the counterparty;
- (3) an assessment of the claims payment record where the counterparty is a reinsurer;
- (4) an assessment of the nature and amount of risk attached to the counterparty in the context of the industrial sector or geographical region or country in which it operates, as well as the potential impact on the counterparty of political, economic and market changes; and
- (5) the proposed terms and conditions attached to the granting of credit, including ongoing provision of information by the counterparty, covenants attached to the facility as well as the adequacy and enforceability of collateral, security and guarantees.
- 01/04/2013
SYSC 15.1.10
See Notes
- 01/04/2013
SYSC 15.1.11
See Notes
- 01/04/2013
SYSC 15.1.12
See Notes
- 01/04/2013
SYSC 15.1.13
See Notes
- 01/04/2013
SYSC 15.1.14
See Notes
- 01/04/2013
SYSC 15.1.15
See Notes
- 01/04/2013
Credit risk measurement
SYSC 15.1.16
See Notes
- 01/04/2013
SYSC 15.1.17
See Notes
- 01/04/2013
SYSC 15.1.18
See Notes
- 01/04/2013
SYSC 15.1.19
See Notes
- 01/04/2013
Risk monitoring
SYSC 15.1.20
See Notes
- 01/04/2013
SYSC 15.1.21
See Notes
- 01/04/2013
SYSC 15.1.22
See Notes
- 01/04/2013
SYSC 15.1.23
See Notes
- 01/04/2013
Problem exposures
SYSC 15.1.24
See Notes
- 01/04/2013
SYSC 15.1.25
See Notes
- 01/04/2013
Provisioning
SYSC 15.1.26
See Notes
- 01/04/2013
SYSC 15.1.27
See Notes
- 01/04/2013
SYSC 15.1.28
See Notes
- 01/04/2013
SYSC 15.1.29
See Notes
- 01/04/2013
SYSC 15.1.30
See Notes
- 01/04/2013
SYSC 15.1.31
See Notes
- 01/04/2013
Risk mitigation
SYSC 15.1.32
See Notes
- 01/04/2013
SYSC 15.1.33
See Notes
- 01/04/2013
SYSC 15.1.34
See Notes
- 01/04/2013
SYSC 15.1.35
See Notes
- 01/04/2013
Record keeping
SYSC 15.1.36
See Notes
Prudential records made under SYSC 14.1.53 R should include appropriate records of:
- (1) credit exposures, including aggregations of credit exposures, as appropriate, by:
- (a) groups of connected counterparties; or
- (b) types of counterparty as defined, for example, by the nature or geographical location of the counterparty;
- (2) credit decisions, including details of the decision and the facts or circumstances upon which it was made; and
- (3) information relevant to assessing current counterparty and risk quality.
- 01/04/2013
SYSC 15.1.37
See Notes
- 01/04/2013
SYSC 16
Market risk management systems and controls for insurers
SYSC 16.1
Application
- 31/12/2006
SYSC 16.1.1
See Notes
SYSC 16.1 applies to an insurer unless it is:
- (1) a non-directive friendly society; or
- (2) an incoming EEA firm; or
- (3) an incoming Treaty firm.
- 01/04/2013
SYSC 16.1.2
See Notes
SYSC 16.1 applies to:
- (1) an EEA-deposit insurer; and
- (2) a Swiss general insurer;
only in respect of the activities of the firm carried on from a branch in the United Kingdom.
- 01/04/2013
SYSC 16.1.2A
See Notes
- 01/04/2013
SYSC 16.1.3
See Notes
- 01/04/2013
Purpose
SYSC 16.1.4
See Notes
- (1) The purpose of this section is to amplify SYSC 14 insofar as it relates to market risk.
- (2) Market risk includes equity, interest rate, foreign exchange (FX), commodity risk and interest rate risk on long-term insurance contracts. The price of financial instruments may also be influenced by other risks such as spread risk, basis risk, correlation, specific risk and volatility risk.
- (3) This section does not deal with the risk management of market risk in a group context. A firm that is a member of a group should also read SYSC 12 (Group risk systems and controls) which outlines the PRA's requirements for the risk management of market risk within a group.
- (4) Appropriate systems and controls for the management of market risk will vary with the scale, nature and complexity of the firm's activities. Therefore the material in this section is guidance. A firm should assess the appropriateness of any particular item of guidance in the light of the scale, nature and complexity of its activities as well as its obligations to organise and control its affairs responsibly and effectively.
- 19/06/2014
Requirements
SYSC 16.1.5
See Notes
High level requirements for prudential systems and controls, including those for market risk, are set out in SYSC 14. In particular:
- (1) SYSC 14.1.19R (2) requires a firm to document its policy for market risk, including its risk appetite and how it identifies, measures, monitors and controls that risk;
- (2) SYSC 14.1.19R (4) requires a firm to document its asset and liability recognition policy. Documentation should describe the systems and controls that it intends to use to comply with the policy;
- (3) SYSC 14.1.19 R requires a firm to establish and maintain risk management systems to identify, measure, monitor and control market risk (in accordance with its market risk policy), and to take reasonable steps to establish systems adequate for that purpose; and
- (4) In line with SYSC 14.1.11 G, the ultimate responsibility for the management of market risk should rest with a firm's governing body. Where delegation of authority occurs the governing body and relevant senior managers should approve and adequately review systems and controls to check that delegated duties are being performed correctly.
- 01/04/2013
Market risk policy
SYSC 16.1.6
See Notes
SYSC 14 requires a firm to establish, maintain and document a business plan and risk policies. They should provide a clear indication of the amount and nature of market risk that the firm wishes to incur. In particular, they should cover for market risk:
- (1) how, with particular reference to its activities, the firm defines and measures market risk;
- (2) the firm's business aims in incurring market risk including:
- (a) identifying the types and sources of market risk to which the firm wishes to be exposed (and the limits on that exposure) and those to which the firm wishes not to be exposed (and how that is to be achieved, for example how exposure is to be avoided or mitigated); and
- (b) specifying the level of diversification required by the firm and the firm's tolerance for risk concentrations (and the limits on those exposures and concentrations).
- 01/04/2013
SYSC 16.1.7
See Notes
- 01/04/2013
SYSC 16.1.8
See Notes
The market risk policy of a firm should enforce the risk management and control principles and include detailed information on:
- (1) the financial instruments, commodities, assets and liabilities (and mismatches between assets and liabilities) that a firm is exposed to and the limits on those exposures;
- (2) the firm's investment strategy as applicable between each insurance fund;
- (3) activities that are intended to hedge or mitigate market risk including mismatches caused by for example differences in the assets and liabilities and maturity mismatches; and
- (4) the methods and assumptions used for measuring linear, non-linear and geared market risk including the rationale for selection, ongoing validation and testing. Methods might include stress testing and scenario analysis, asset/liability analysis, correlation analysis, Value-at-Risk (VaR) and options such as delta, gamma, vega, rho and theta. Exposure to non-linear or geared market risk is typically through the use of derivatives.
- 01/04/2013
Risk identification
SYSC 16.1.9
See Notes
A firm should have in place appropriate risk reporting systems that enable it to identify the types and amount of market risk to which it is, and potentially could be, exposed. The information that systems should capture may include but is not limited to:
- (1) position information which may include a description of individual financial instruments and their cash flows; and
- (2) market data which may consist of raw time series of market rates, index levels and prices and derived time series of benchmark yield curves, spreads, implied volatilities, historical volatilities and correlations.
- 01/04/2013
Risk measurement
SYSC 16.1.10
See Notes
Having identified the market risk that the firm is exposed to on at least a daily basis, a firm should be able to measure and manage that market risk on a consistent basis. This may be achieved by:
- (1) regularly stress testing all or parts of the firm's portfolio to estimate potential economic losses in a range of market conditions including abnormal markets. Corporate level stress test results should be discussed regularly by risk monitors, senior management and risk takers, and should guide the firm's market risk appetite (for example, stress tests may lead to discussions on how best to unwind or hedge a position), and influence the internal capital allocation process;
- (2) measuring the firm's exposure to particular categories of market risk (for example, equity, interest rate, foreign exchange and commodities) as well as across its entire portfolio of market risks;
- (3) analysing the impact that new transactions or businesses may have on its market risk position on an on-going basis; and
- (4) regularly backtesting realised results against internal model generated market risk measures in order to evaluate and assess its accuracy. For example, a firm should keep a database of daily risk measures such as VaR and options such as delta, gamma, vega, rho and theta, and use these to back test predicted profit and loss against actual profit and loss for all trading desks and business units, and monitor the number of exceptions from agreed confidence bands.
- 01/04/2013
Valuation
SYSC 16.1.11
See Notes
- 01/04/2013
SYSC 16.1.12
See Notes
The systems and controls referred to in SYSC 16.1.11 G should include the following:
- (1) the department responsible for the validation of the value of assets and liabilities should be independent of the business trading area, and should be adequately resourced by suitably qualified staff. The department should report to a suitably qualified individual, independent from the business trading area, who has sufficient authority to enforce the systems and controls policies and any alterations to valuation treatments where necessary;
- (2) all valuations should be checked and validated at appropriate intervals. Where a firm has chosen not to validate all valuations on a daily basis this should be agreed by senior management;
- (3) a firm should establish a review procedure to check that the valuation procedures are followed and are producing valuations in compliance with the requirements in this section. The review should be undertaken by suitably qualified staff independent of the business trading area, on a regular and ad hoc basis. In particular, this review procedure should include:
- (a) the quality and appropriateness of the price sources used;
- (b) valuation reserves held; and
- (c) the valuation methodology employed for each product and consistent adherence to that methodology;
- (4) where a valuation is disputed and the dispute cannot be resolved in a timely manner it should be reported to senior management. It should continue to be reported to senior management until agreement is reached;
- (5) where a firm is marking positions to market it should take reasonable steps to establish a price source that is reliable and appropriate to enable compliance with the provisions in this section on an ongoing basis;
- (6) a firm should document its policies and procedures relating to the entire valuation process. In particular, the following should be documented:
- (a) the valuation methodologies employed for all product categories;
- (b) details of the price sources used for each product;
- (c) the procedures to be followed where a valuation is disputed;
- (d) the valuation adjustment and reserving policies;
- (e) the level at which a difference between a valuation assigned to an asset or liability and the valuation used for validation purposes will be reported on an exceptions basis and investigated;
- (f) where a firm is using its own internal estimate to produce a valuation, it should document in detail the process followed in order to produce the valuation; and
- (g) the review procedures established by a firm in relation to the requirements of this section should be adequately documented and include the rationale for the policy;
- (7) a firm should maintain records which demonstrate:
- (a) senior management's approval of the policies and procedures established; and
- (b) management sign-off of the reviews undertaken in accordance with SYSC 16.1.11 G.
- 01/04/2013
Risk monitoring
SYSC 16.1.13
See Notes
- 01/04/2013
SYSC 16.1.14
See Notes
The market risk policy of a firm may require the production of market risk reports at various levels within the firm. These reports should provide sufficiently accurate market risk data to relevant functions within the firm, and should be timely enough to allow any appropriate remedial action to be proposed and taken, for example:
- (1) at a firm wide level, a market risk report may include information:
- (a) summarising and commenting on the total market risk that a firm is exposed to and market risk concentrations by business unit, asset class and country;
- (b) on VaR reports against risk limits by business unit, asset class and country;
- (c) commenting on significant risk concentrations and market developments; and
- (d) on market risk in particular legal entities and geographical regions;
- (2) at the business unit level, a market risk report may include information summarising market risk by currency, trading desk, maturity or duration band, or by instrument type;
- (3) at the trading desk level, a market risk report may include detailed information summarising market risk by individual trader, instrument, position, currency, or maturity or duration band; and
- (4) all risk data should be readily reconcilable back to the prime books of entry with a fully documented audit trail.
- 01/04/2013
SYSC 16.1.15
See Notes
Risk monitoring may also include information on:
- (1) the procedures for taking appropriate action in response to the information within the market risk reports;
- (2) ensuring that there are controls and procedures for identifying and reporting trades and positions booked at off-market rates;
- (3) the process for new product approvals;
- (4) the process for dealing with situations (authorised and unauthorised) where particular market risk exposures exceed predetermined risk limits and criteria; and
- (5) the periodic review of the risk monitoring process in order to check its suitability for both current market conditions and the firm's overall risk appetite.
- 01/04/2013
SYSC 16.1.16
See Notes
- 01/04/2013
Risk control
SYSC 16.1.17
See Notes
Risk control is the independent monitoring, assessment and supervision of business units within the defined policies and procedures of the market risk policy. This may be achieved by:
- (1) setting an appropriate market risk limit structure to control the firm's exposure to market risk; for example, by setting out a detailed market risk limit structure at the corporate level, the business unit level and the trading desk level which addresses all the key market risk factors and is commensurate with the volume and complexity of activity that the firm undertakes;
- (2) setting limits on risks such as price or rate risk, as well as those factors arising from options such as delta, gamma, vega, rho and theta;
- (3) setting limits on net and gross positions, market risk concentrations, the maximum allowable loss (also called "stop-loss"), VaR, potential risks arising from stress testing and scenario analysis, gap analysis, correlation, liquidity and volatility; and
- (4) considering whether it is appropriate to set intermediate (early warning) thresholds that alert management when limits are being approached, triggering review and action where appropriate.
- 01/04/2013
Record keeping
SYSC 16.1.18
See Notes
- 01/04/2013
SYSC 16.1.19
See Notes
In relation to market risk, a firm should retain appropriate prudential records of:
- (1) off and on market trades in financial instruments;
- (2) the nature and amounts of off and on balance sheet exposures, including the aggregation of exposures;
- (3) trades in financial instruments and other assets and liabilities; and
- (4) methods and assumptions used in stress testing and scenario analysis and in VaR models.
- 01/04/2013
SYSC 16.1.20
See Notes
- 01/04/2013
SYSC 17
Insurance risk systems and controls
SYSC 17.1
Application
- 31/12/2006
SYSC 17.1.1
See Notes
SYSC 17.1 applies to an insurer unless it is:
- (1) a non-directive friendly society; or
- (2) an incoming EEA firm; or
- (3) an incoming Treaty firm.
- 01/04/2013
SYSC 17.1.2
See Notes
SYSC 17.1 applies to:
- (1) an EEA-deposit insurer; and
- (2) a Swiss general insurer;
only in respect of the activities of the firm carried on from a branch in the United Kingdom.
- 01/04/2013
SYSC 17.1.2A
See Notes
- 01/04/2013
Purpose
SYSC 17.1.3
See Notes
- 01/04/2013
SYSC 17.1.4
See Notes
Insurance risk concerns the PRA because inadequate systems and controls for its management can create a threat to the statutory objectives of promoting the safety and soundness of PRA-authorised person and contributing to the securing of an appropriate degree of protection for those who are or may become policyholders. Inadequately managed insurance risk may result in:
- 01/04/2013
SYSC 17.1.5
See Notes
- 01/04/2013
SYSC 17.1.6
See Notes
- 01/04/2013
SYSC 17.1.7
See Notes
- 19/06/2014
General requirements
SYSC 17.1.8
See Notes
High level rules and guidance for prudential systems and controls for insurance risk are set out in SYSC 14. In particular:
- (1) SYSC 14.1.18 R requires a firm to take reasonable steps to establish and maintain a business plan and appropriate risk management systems;
- (2) SYSC 14.1.19R (2) requires a firm to document its policy for insurance risk, including its risk appetite and how it identifies, measures, monitors and controls that risk; and
- (3) SYSC 14.1.27 R requires a firm to take reasonable steps to establish and maintain adequate internal controls to enable it to assess and monitor the effectiveness and implementation of its business plan and prudential risk management systems.
- 01/04/2013
Insurance risk policy
SYSC 17.1.9
See Notes
A firm's insurance risk policy should outline its objectives in carrying out insurance business, its appetite for insurance risk and its policies for identifying, measuring, monitoring and controlling insurance risk. The insurance risk policy should cover any activities that are associated with the creation or management of insurance risk. For example, underwriting, claims management and settlement, assessing technical provisions in the balance sheet, risk mitigation and risk transfer, record keeping and management reporting. Specific matters that should normally be in a firm's insurance risk policy include:
- (1) a statement of the firm's willingness and capacity to accept insurance risk;
- (2) the classes and characteristics of insurance business that the firm is prepared to accept;
- (3) the underwriting criteria that the firm intends to adopt, including how these can influence its rating and pricing decisions;
- (4) its approach to limiting significant aggregations of insurance risk, for example, by setting limits on the amount of business that can be underwritten in one region or with one policyholder;
- (5) where relevant, the firm's approach to pricing long-term insurance contracts, including the determination of the appropriate level of any reviewable premiums;
- (6) the firm's policy for identifying, monitoring and managing risk when it has delegated underwriting authority to another party (additional guidance on the management of outsourcing arrangements is provided in SYSC 13.9);
- (7) the firm's approach to managing its expense levels, including acquisition costs, recurring costs, and one-off costs, taking account of the margins available in both the prices for products and in the technical provisions in the balance sheet;
- (8) the firm's approach to the exercise of any discretion (e.g. on charges or the level of benefits payable) that is available in its long-term insurance contracts, in the context also of the legal and regulatory constraints existing on the application of this discretion;
- (9) the firm's approach to the inclusion of options within new long-term insurance contracts and to the possible exercise by policyholders of options on existing contracts;
- (10) the firm's approach to managing persistency risk;
- (11) the firm's approach to managing risks arising from timing differences in taxation or from changes in tax laws;
- (12) the firm's approach to the use of reinsurance or the use of some other means of risk transfer;
- (13) how the firm intends to assess the effectiveness of its risk transfer arrangements and manage the residual or transformed risks (for example, how it intends to handle disputes over contract wordings, potential payout delays and counterparty performance risks);
- (14) a summary of the data and information to be collected and reported on underwriting, claims and risk control (including internal accounting records), management reporting requirements and external data for risk assessment purposes;
- (15) the risk measurement and analysis techniques to be used for setting underwriting premiums, technical provisions in the balance sheet, and assessing capital requirements; and
- (16) the firm's approach to stress testing and scenario analysis, as required by GENPRU 1.2 (Adequacy of financial resources), including the methods adopted, any assumptions made and the use that is to be made of the results.
- 01/04/2013
SYSC 17.1.10
See Notes
- 01/04/2013
Risk identification
SYSC 17.1.11
See Notes
- 01/04/2013
SYSC 17.1.12
See Notes
The identification of insurance risk should normally include:
- (1) in connection with the firm's business plan:
- (a) processes for identifying the types of insurance risks that may be associated with a new product and for comparing the risk types that are present in different classes of business (in order to identify possible aggregations in particular insurance risks); and
- (b) processes for identifying business environment changes (for example landmark legal rulings) and for collecting internal and external data to test and modify business plans;
- (2) at the point of sale, processes for identifying the underwriting risks associated with a particular policyholder or a group of policyholders (for example, processes for collecting information on the claims histories of policyholders, including whether they have made any potentially false or inaccurate claims, to identify possible adverse selection or moral hazard problems);
- (3) after the point of sale, processes for identifying potential and emerging claims for the purposes of claims management and claims provisioning; this could include:
- (a) identifying possible judicial rulings;
- (b) keeping up to date with developments in market practice; and
- (c) collecting information on industry wide initiatives and settlements.
- 01/04/2013
SYSC 17.1.13
See Notes
- 01/04/2013
Risk measurement
SYSC 17.1.14
See Notes
- 01/04/2013
SYSC 17.1.15
See Notes
A firm should ensure that the data it collects and the measurement methodologies that it uses are sufficient to enable it to evaluate, as appropriate:
- (1) its exposure to insurance risk at all relevant levels, for example, by contract, policyholder, product line or insurance class;
- (2) its exposure to insurance risk across different geographical areas and time horizons;
- (3) its total, firm-wide, exposure to insurance risk and any other risks that may arise out of the contracts of insurance that it issues;
- (4) how changes in the volume of business (for example via changes in premium levels or the number of new contracts that are underwritten) may influence its exposure to insurance risk;
- (5) how changes in policy terms may influence its exposure to insurance risk; and
- (6) the effects of specific loss scenarios on the insurance liabilities of the firm.
- 01/04/2013
SYSC 17.1.16
See Notes
- 01/04/2013
SYSC 17.1.17
See Notes
- 01/04/2013
SYSC 17.1.18
See Notes
- 01/04/2013
SYSC 17.1.19
See Notes
- 01/04/2013
SYSC 17.1.20
See Notes
- 01/04/2013
SYSC 17.1.21
See Notes
A firm should have the capability to measure its exposure to insurance risk on a regular basis. In deciding on the frequency of measurement, a firm should consider:
- (1) the time it takes to acquire and process all necessary data;
- (2) the speed at which exposures could change; and
- (3) that it may need to measure its exposure to certain types of insurance risk on a daily basis (for example, weather catastrophes).
- 01/04/2013
Risk monitoring
SYSC 17.1.22
See Notes
A firm should provide regular and timely information on its insurance risks to the appropriate level of management. This could include providing reports on the following:
- (1) a statement of the firm's profits or losses for each class of business that it underwrites (with an associated analysis of how these have arisen for any long-term insurance contracts), including a variance analysis detailing any deviations from budget or changes in the key performance indicators that are used to assess the success of its business plan for insurance;
- (2) the firm's exposure to insurance risk at all relevant levels (see SYSC 17.1.15G (1)), as well as across different geographical areas and time zones (see SYSC 17.1.15G (2)), also senior management should be kept informed of the firm's total exposure to insurance risk (see SYSC 17.1.15G (3));
- (3) an analysis of any internal or external trends that could influence the firm's exposure to insurance risk in the future (e.g. new weather patterns, socio-demographic changes, expense overruns etc);
- (4) any new or emerging developments in claims experience (e.g. changes in the type of claims, average claim amounts or the number of similar claims);
- (5) the results of any stress testing or scenario analyses;
- (6) the amount and details of new business written and the amount of business that has lapsed or been cancelled;
- (7) identified fraudulent claims;
- (8) a watch list, detailing, for example, material/catastrophic events that could give rise to significant numbers of new claims or very large claims, contested claims, client complaints, legal and other developments;
- (9) the performance of any reinsurance/risk transfer arrangements; and
- (10) progress reports on matters that have previously been referred under escalation procedures (see SYSC 17.1.23 G).
- 01/04/2013
SYSC 17.1.23
See Notes
A firm should establish and maintain procedures for the escalation of appropriate matters to the relevant level of management. Such matters may include:
- (1) any significant new exposures to insurance risk, including for example any landmark rulings in the courts;
- (2) a significant increase in the size or number of claims;
- (3) any breaches of the limits set out in SYSC 17.1.27 G and SYSC 17.1.28 G, in particular senior management should be informed where any maximum limits have been breached (see SYSC 17.1.29 G); and
- (4) any unauthorised deviations from its insurance risk policy (including those by a broker, appointed representative or other delegated authority).
- 01/04/2013
SYSC 17.1.24
See Notes
- 01/04/2013
SYSC 17.1.25
See Notes
- 01/04/2013
Risk control
SYSC 17.1.26
See Notes
- 01/04/2013
SYSC 17.1.27
See Notes
A firm should consider setting limits for its exposure to insurance risk, which trigger action to be taken to control exposure. Periodically these limits should be amended in the light of new information (e.g. on the expected number or size of claims). For example, limits could be set for:
- (1) the firm's aggregate exposure to a single source of insurance risk or for events that may be the result of a number of different sources;
- (2) the firm's exposure to specific geographic areas or any other groupings of risks whose outcomes may be positively correlated;
- (3) the number of fraudulent claims;
- (4) the number of very large claims that could arise;
- (5) the number of unauthorised deviations from its insurance risk policy;
- (6) the amount of insurance risk than can be transferred to a particular reinsurer;
- (7) the level of expenses incurred in respect of each relevant business area; and
- (8) the level of persistency by product line or distribution channel.
- 01/04/2013
SYSC 17.1.28
See Notes
- 01/04/2013
SYSC 17.1.29
See Notes
- 01/04/2013
SYSC 17.1.30
See Notes
A firm should pay close attention to the wording of its policy documentation to ensure that these wordings do not expose it to more, or higher, claims than it is expecting. In so doing, the firm should consider:
- (1) whether it has adequate in-house legal resources;
- (2) the need for periodic independent legal review of policy documentation;
- (3) the use of standardised documentation and referral procedures for variation of terms;
- (4) reviewing the documentation used by other insurance companies;
- (5) revising documentation for new policies in the light of past experience; and
- (6) the operation of law in the jurisdiction of the policyholder.
- 01/04/2013
SYSC 17.1.31
See Notes
- 01/04/2013
SYSC 17.1.32
See Notes
- 01/04/2013
SYSC 17.1.33
See Notes
- 01/04/2013
Reinsurance and other forms of risk transfer
SYSC 17.1.34
See Notes
Before entering into or significantly changing a reinsurance agreement, or any other form of insurance risk transfer agreement, a firm should:
- (1) analyse how the proposed reinsurance/risk transfer agreement will affect its exposure to insurance risk, its underwriting strategy and its ability to meet its regulatory obligations;
- (2) ensure there are adequate legal checking procedures in respect of the draft agreement;
- (3) conduct an appropriate due diligence of the reinsurer's financial stability (that is, solvency) and expertise; and
- (4) understand the nature and limits of the agreement (particular attention should be given to the wording of contracts to ensure that all of the required risks are covered, that the level of available cover is appropriate, and that all the terms, conditions and warranties are unambiguous and understood).
- 01/04/2013
SYSC 17.1.34A
See Notes
A firm should analyse regularly the full effect of all its reinsurance agreements and other risk transfer agreements (both current and proposed), including any related agreements or side-letters, on both its current and potential future financial position, and ensure that:
- (1) all significant risks related to these agreements, and the residual risks borne by the firm, have been identified; and
- (2) appropriate risk mitigation techniques have been applied to manage and control the risks.
- 01/04/2013
SYSC 17.1.35
See Notes
In managing its reinsurance agreements, or any other form of insurance risk transfer agreement, a firm should have in place appropriate systems that allow it to maintain its desired level of cover. This could involve systems for:
- (1) monitoring the risks that are covered (that is, the scope of cover) by these agreements and the level of available cover;
- (2) keeping underwriting staff informed of any changes in the scope or level of cover;
- (3) properly co-ordinating all reinsurance/risk transfer activities so that, in aggregate, the desired level and scope of cover is maintained;
- (4) ensuring that the firm does not become overly reliant on any one reinsurer or other risk transfer provider; or
- (5) conducting regular stress testing and scenario analysis to assess the resilience of its reinsurance and risk transfer programmes to catastrophic events that may give rise to large and or numerous claims.
- 01/04/2013
SYSC 17.1.36
See Notes
In making a claim on a reinsurance contract (that is, its reinsurance recoveries) or some other risk transfer contract a firm should ensure:
- (1) that it is able to identify and recover any money that it is due in a timely manner; and
- (2) that it makes adequate financial provision for the risk that it is unable to recover any money that it expected to be due, as a result of either a dispute with or a default by the reinsurer/risk transfer provider. Additional guidance on credit risk in reinsurance/risk transfer contracts is provided in INSPRU 2.1 (Credit risk in insurance).
- 01/04/2013
SYSC 17.1.37
See Notes
- 01/04/2013
Record keeping
SYSC 17.1.38
See Notes
The PRA's high level rules and guidance for record keeping are outlined in SYSC 3.2.20 R (Records). Additional rules and guidance are set out in SYSC 14.1.51 G to SYSC 14.1.64 G. In complying with these rules and guidance, a firm should retain an appropriate record of its insurance risk management activities. This may, for example, include records of:
- (1) each new risk that is underwritten (noting that these records may be held by agents or cedants, rather than directly by the firm provided that the firm has adequate access to those records);
- (2) any material aggregation of exposure to risk from a single source, or of the same kind or to the same potential catastrophe or event;
- (3) each notified claim including the amounts notified and paid, precautionary notices and any re-opened claims;
- (4) policy and contractual documents and any relevant representations made to policyholders;
- (5) other events or circumstances relevant to determining the risks and commitments that arise out of contracts of insurance (including discretionary benefits and charges under any long-term insurance contracts);
- (6) the formal wordings of reinsurance contracts; and
- (7) any other relevant information on the firm's reinsurance or other risk-transfer arrangements, including the extent to which they:
- 01/04/2013
SYSC 19A
Remuneration Code
SYSC 19A.1
General application and purpose
- 01/01/2011
Who? What? Where?
SYSC 19A.1.1
See Notes
- (1) The Remuneration Code applies to:
- (a) a building society;
- (b) a bank;
- (c) an investment firm;
- (d) an overseas firm that;
- (i) is not an EEA firm;
- (ii) has its head office outside the EEA; and
- (iii) would be a firm referred to in (a), (b) or (c) if it had been a UK domestic firm, had carried on all of its business in the UK and had obtained whatever authorisations for doing so as are required under the Act.
- (2) In relation to a firm that falls under (1)(d), the Remuneration Code applies only in relation to activities carried on from an establishment in the United Kingdom.
- (3) Otherwise, the Remuneration Code applies to a firm within (1) in the same way as SYSC 4.1.1 R (General Requirements).
- 01/01/2014
SYSC 19A.1.2
See Notes
Part 2 of SYSC 1 Annex 1 provides for the application of SYSC 4.1.1 R (General Requirements). In particular, and subject to the provisions on group risk systems and controls requirements in SYSC 12, this means that:
- (1) in relation to what the Remuneration Code applies to, it:
- (a) applies in relation to regulated activities, activities that constitute dealing in investments as principal (disregarding the exclusion in article 15 of the Regulated Activities Order (Absence of holding out etc)), ancillary activities and (in relation to MiFID business) ancillary services;
- (b) applies with respect to the carrying on of unregulated activities in a prudential context; and
- (c) takes into account activities of other group members; and
- (2) in relation to where the Remuneration Code applies, it applies in relation to:
- (a) a firm's UK activities;
- (b) a firm's passported activities carried on from a branch in another EEA State; and
- (c) a UK domestic firm's activities wherever they are carried on, in a prudential context.
- 01/04/2013
When?
SYSC 19A.1.3
See Notes
- (1) A firm must apply the remuneration requirements in SYSC 19A.3 other than SYSC 19A.3.44R (3), SYSC 19A.3.44A R, SYSC 19A.3.51R (2) and SYSC 19A.3.51R (3), SYSC 19A.3.51B R and SYSC 19A.3.54R (1)(c), in relation to:
- (a) remuneration awarded, whether pursuant to a contract or otherwise, on or after 1 January 2011;
- (b) remuneration due on the basis of contracts concluded before 1 January 2011 which is awarded or paid on or after 1 January 2011; and
- (c) remuneration awarded, but not yet paid, before 1 January 2011, for services provided in 2010.
- [Note: article 3(2) of the Third Capital Requirements Directive (Directive 2010/76/EU)]
- [Note: This provision is shown with PRA changes made by PRA 2014/22. To see the FCA provision, select the date 31/12/14 from the date picker above]
- (2) A firm must apply the remuneration requirements in SYSC 19A.3.44R (3) and SYSC 19A.3.44A R in relation to remuneration awarded for services provided or performance from the year 2014 onwards, whether due on the basis of contracts concluded before, on or after 31 December 2013.
- [Note: article 162(3) of CRD]
- (3) A firm must apply the remuneration requirements in SYSC 19A.3.51R (2) and SYSC 19A.3.51R (3), SYSC 19A.3.51B R and SYSC 19A.3.54R (1)(c) in relation to remuneration awarded on or after 1 January 2015.
- [Note: This provision is shown with PRA changes made by PRA 2014/22. To see the FCA provision, select the date 31/12/14 from the date picker above]
- 01/01/2015
SYSC 19A.1.4
See Notes
Subject to the requirements of SYSC 19A.1.5 R, in the appropriate regulator's view SYSC 19A.1.3 R does not require a firm to breach requirements of applicable contract or employment law.
[Note: recital 14 of the Third Capital Requirements Directive (Directive 2010/76/EU)]
- 01/04/2013
SYSC 19A.1.5
See Notes
- (1) This rule applies to a firm that is unable to comply with the Remuneration Code because of an obligation it owes to a Remuneration Code staff member under a provision of an agreement made on or before 29 July 2010 (the "provision").
- (2) A firm must take reasonable steps to amend or terminate the provision referred to in (1) in a way that enables it to comply with the Remuneration Code at the earliest opportunity.
- (3) Until the provision referred to in (1) ceases to prevent the firm from complying with the Remuneration Code, the firm must adopt specific and effective arrangements, processes and mechanisms to manage the risks raised by the provision.
- 01/04/2013
Purpose
SYSC 19A.1.6
See Notes
- (1) The aim of the Remuneration Code is to ensure that firms have risk-focused remuneration policies, which are consistent with and promote effective risk management and do not expose them to excessive risk. It expands upon the general organisational requirements in SYSC 4.
- (2) The Remuneration Code implements the main provisions of the CRD which relate to remuneration. The Committee of European Banking Supervisors published Guidelines on Remuneration Policies and Practices on 10 December 2010. Provisions of the Capital Requirements Regulations 2013 (SI 2013/3115) together with the European Banking Authority's Guidelines to article 75(1) and (3) of the CRD relating to the collection of remuneration benchmarking information and high earners information have been implemented through SUP 16 Annex 33AR and SUP 16 Annex 34AR. The Guidelines can be found at http://www.eba.europa.eu/regulation-and-policy/remuneration/guidelines-on-the-remuneration-benchmarking-exercise and http://www.eba.europa.eu/regulation-and-policy/remuneration/guidelines-on-the-data-collection-exercise-regarding-high-earners..
- (3) [deleted]
- 07/11/2014
Notifications to the appropriate regulator
SYSC 19A.1.7
See Notes
- (1) The Remuneration Code does not contain specific notification requirements. However, general circumstances in which the appropriate regulator expects to be notified by firms of matters relating to their compliance with requirements under the regulatory system are set out in SUP 15.3 (General notification requirements).
- (2) In particular, in relation to remuneration matters such circumstances should take into account unregulated activities as well as regulated activities and the activities of other members of a group and would include each of the following:
- (a) significant breaches of the Remuneration Code, including any breach of a rule to which the detailed provisions on voiding and recovery in SYSC 19A Annex 1 apply;
- (b) any proposed remuneration policies, procedures or practices which could:
- (i) have a significant adverse impact on the firms reputation; or
- (ii) affect the firms ability to continue to provide adequate services to its customers and which could result in serious detriment to a customer of the firm; or
- (iii) result in serious financial consequences to the financial system or to other firms;
- (c) any proposed changes to remuneration policies, practices or procedures which could have a significant impact on the firms risk profile or resources;
- (d) fraud, errors and other irregularities described in SUP 15.3.17 R which may suggest weaknesses in, or be motivated by, the firms remuneration policies, procedures or practices.
- (3) Such notifications should be made immediately the firm becomes aware, or has information which reasonably suggests such circumstances have occurred, may have occurred or may occur in the foreseeable future.
- 01/04/2013
SYSC 19A.2
General requirement
- 01/01/2011
Remuneration policies must promote effective risk management
SYSC 19A.2.1
See Notes
A firm must establish, implement and maintain remuneration policies, procedures and practices that are consistent with and promote sound and effective risk management.
[Note: article 74(1) of CRD]
- 01/01/2014
SYSC 19A.2.2
See Notes
- (1) If a firm's remuneration policy is not aligned with effective risk management it is likely that employees will have incentives to act in ways that might undermine effective risk management.
- (2) The Remuneration Code covers all aspects of remuneration that could have a bearing on effective risk management including salaries, bonuses, long-term incentive plans, options, hiring bonuses, severance packages and pension arrangements. In applying the Remuneration Code, a firm should have regard to applicable good practice on remuneration and corporate governance, such as guidelines on executive contracts and severance produced by the Association of British Insurers (ABI) and the National Association of Pension Funds (NAPF). In considering the risks arising from its remuneration policies, a firm will also need to take into account its statutory duties in relation to equal pay and non-discrimination.
- (3) As with other aspects of a firm's systems and controls, in accordance with SYSC 4.1.2 remuneration policies, procedures and practices must be comprehensive and proportionate to the nature, scale and complexity of the common platform firm's activities. What a firm must do in order to comply with the Remuneration Code will therefore vary. For example, while the Remuneration Code refers to a firm's remuneration committee and risk management function, it may be appropriate for the governing body of a smaller firm to act as the remuneration committee, and for the firm not to have a separate risk management function.
- (4) The principles in the Remuneration Code are used by the appropriate regulator to assess the quality of a firm's remuneration policies and whether they encourage excessive risk-taking by a firm's employees.
- (5) The appropriate regulator may also ask remuneration committees to provide the appropriate regulator with evidence of how well the firm's remuneration policies meet the Remuneration Code's principles, together with plans for improvement where there is a shortfall. The appropriate regulator also expects relevant firms to use the principles in assessing their exposure to risks arising from their remuneration policies as part of the internal capital adequacy assessment process (ICAAP).
- (6) The Remuneration Code is principally concerned with the risks created by the way remuneration arrangements are structured, not with the absolute amount of remuneration, which is generally a matter for firms' remuneration committees.
- 01/04/2013
SYSC 19A.2.3
See Notes
- (1) The specific remuneration requirements in this chapter may apply only in relation to certain categories of employee. But the appropriate regulator would expect firms, in complying with the Remuneration Code general requirement, to apply certain principles on a firm-wide basis.
- (2) In particular, the appropriate regulator considers that firms should apply the principle relating to guaranteed variable remuneration on a firm-wide basis (Remuneration Principle 12(c); SYSC 19A.3.40 R to SYSC 19A.3.43 G).
- (3) The appropriate regulator would also expect firms to apply at least the principles relating to risk management and risk tolerance (Remuneration Principle 1); supporting business strategy, objectives, values and long-term interests of the firm (Remuneration Principle 2); conflicts of interest (Remuneration Principle 3); governance (Remuneration Principle 4); risk adjustment (Remuneration Principle 8); pension policy (Remuneration Principle 9); personal investment strategies (Remuneration Principle 10); payments related to early termination (Remuneration Principle 12(e)) and deferral (Remuneration Principle 12(g)) on a firm-wide basis.
- 01/04/2013
Record-keeping
SYSC 19A.2.4
See Notes
- 01/04/2013
Interpretation of references to remuneration
SYSC 19A.2.5
See Notes
- (1) In this chapter references to remuneration include remuneration paid, provided or awarded by any person to the extent that it is paid, provided or awarded in connection with employment by a firm.
- (2) Paragraph (1) is without prejudice to the meaning of remuneration elsewhere in the Handbook.
- 01/04/2013
SYSC 19A.2.6
See Notes
- 01/04/2013
SYSC 19A.3
Remuneration principles for banks, building societies and investment firms
- 01/01/2011
Application: groups
SYSC 19A.3.1
See Notes
- (1) A firm must apply the requirements of this section at group, parent undertaking and subsidiary undertaking levels, including those subsidiaries established in a country or territory which is not an EEA State.
- (2) Paragraph (1) does not limit SYSC 12.1.13R (2)(dA) (which relates to the application of the Remuneration Code within UK consolidation groups and non-EEA sub-groups).
[Note: article 92(1) of CRD]
- 01/01/2014
SYSC 19A.3.2
See Notes
- 01/01/2014
Application: categories of staff and proportionality
SYSC 19A.3.3
See Notes
- (1) This section applies in relation to Remuneration Code staff, except as set out in (3).
- (2) When establishing and applying the total remuneration policies for Remuneration Code staff, a firm must comply with this section in a way and to the extent that is appropriate to its size, internal organisation and the nature, the scope and the complexity of its activities (the remuneration principles proportionality rule).
- (3) Paragraphs (1) and (2) do not apply to the requirement for significant firms to have a remuneration committee (SYSC 19A.3.12 R).
- 01/01/2014
SYSC 19A.3.4
See Notes
Remuneration Code staff comprises categories of staff including senior management, risk takers, staff engaged in control functions and any employee receiving total remuneration that takes them into the same remuneration bracket as senior management and risk takers, whose professional activities have a material impact on the firm's risk profile.
[Note: article 92(2) of CRD]
- 01/01/2014
SYSC 19A.3.5
See Notes
A firm must:
- (1) maintain a record of its Remuneration Code staff in accordance with the general record-keeping requirements (SYSC 9); and
- (2) take reasonable steps to ensure that its Remuneration Code staff understand the implications of their status as such, including the potential for remuneration which does not comply with certain requirements of the Remuneration Code to be rendered void and recoverable by the firm.
- 01/04/2013
SYSC 19A.3.6
See Notes
- (1) In the appropriate regulator's view:
- (a) a firm's staff includes its employees;
- (b) a person who performs a significant influence function for, or is a senior manager of, a firm would normally be expected to be part of the firm's Remuneration Code staff;
- (c) the table in (2) provides a non-exhaustive list of examples of key positions that should, subject to (d), be within a firm's definition of staff who are risk takers;
- (d) firms should consider how the examples in the table in (2) apply in relation to their own organisational structure (as the description of suggested business lines in the first row may be most appropriate to a firm which deals on its own account to a significant extent);
- (e) firms may find it useful to set their own metrics to identify their risk takers based, for example, on trading limits; and
- (f) a firm should treat a person as being Remuneration Code staff in relation to remuneration in respect of a given performance year if they were Remuneration Code staff for any part of that year.
- [Note: The FSA gave guidance on the application of particular rules on remuneration structures in relation to individuals who are Remuneration Code staff for only part of a given performance year. This guidance has been adopted by the FCA and is available in the FCA website at www.fca.org.uk/your-fca/documents/finalised-guidance/remuneration-code]
- (2)
High-level category | Suggested business lines |
Heads of significant business lines (including regional heads) and any individuals or groups within their control who have a material impact on the firm's risk profile | Fixed income Foreign exchange Commodities Securitisation Sales areas Investment banking (including mergers and acquisitions advisory) Commercial banking Equities Structured finance Lending quality Trading areas Research |
Heads of support and control functions and other individuals within their control who have a material impact on the firm's risk profile | Credit / market / operational risk Legal Treasury controls Human resources Compliance Internal audit |
- 01/01/2014
Remuneration Principle 1: Risk management and risk tolerance
SYSC 19A.3.7
See Notes
A firm must ensure that its remuneration policy is consistent with and promotes sound and effective risk management and does not encourage risk-taking that exceeds the level of tolerated risk of the firm.
[Note: article 92(2)(a) of CRD]
- 01/01/2014
Remuneration Principle 2: Supporting business strategy, objectives, values and long-term interests of the firm
SYSC 19A.3.8
See Notes
A firm must ensure that its remuneration policy is in line with the business strategy, objectives, values and long-term interests of the firm.
[Note: article 92(2)(b) of CRD]
- 01/01/2014
Remuneration Principle 3: Avoiding conflicts of interest
SYSC 19A.3.9
See Notes
A firm must ensure that its remuneration policy includes measures to avoid conflicts of interest.
[Note: article 92(2)(b) of CRD]
- 01/01/2014
Remuneration Principle 4: Governance
SYSC 19A.3.10
See Notes
A firm must ensure that its management body in its supervisory function adopts and periodically reviews the general principles of the remuneration policy and is responsible for overseeing its implementation.
[Note: article 92(2)(c) of CRD and Standard 1 of the FSB Compensation Standards]
- 01/01/2014
SYSC 19A.3.11
See Notes
A firm must ensure that the implementation of the remuneration policy is, at least annually, subject to central and independent internal review for compliance with policies and procedures for remuneration adopted by the management body in its supervisory function.
[Note: article 92(2)(d) of CRD and Standard 1 of the FSB Compensation Standards]
- 01/01/2014
SYSC 19A.3.12
See Notes
- (1) A CRR firm that is significant in terms of its size, internal organisation and the nature, the scope and the complexity of its activities must establish a remuneration committee.
- (2) The remuneration committee must be constituted in a way that enables it to exercise competent and independent judgment on remuneration policies and practices and the incentives created for managing risk, capital and liquidity.
- (3) The chairman and the members of the remuneration committee must be members of the management body who do not perform any executive function in the firm.
- (4) The remuneration committee must be responsible for the preparation of decisions regarding remuneration, including those which have implications for the risk and risk management of the firm and which are to be taken by the management body.
- (5) When preparing such decisions, the remuneration committee must take into account the long-term interests of shareholders, investors and other stakeholders in the firm and the public interest.
- 01/01/2014
SYSC 19A.3.12A
See Notes
A firm that maintains a website must explain on the website how it complies with the Remuneration Code.
[Note: article 96 of CRD]
- 01/01/2014
SYSC 19A.3.13
See Notes
- (1) A firm should be able to demonstrate that its decisions are consistent with an assessment of its financial condition and future prospects. In particular, practices by which remuneration is paid for potential future revenues whose timing and likelihood remain uncertain should be evaluated carefully and the governing body or remuneration committee (or both) should work closely with the firm's risk function in evaluating the incentives created by its remuneration system.
- (2) The governing body and any remuneration committee are responsible for ensuring that the firm's remuneration policy complies with the Remuneration Code and where relevant should take into account relevant guidance, such as that issued by the Basel Committee on Banking Supervision, the International Association of Insurance Supervisors (IAIS) and the International Organization of Securities Commissions (IOSCO).
- (3) The periodic review of the implementation of the remuneration policy should assess compliance with the Remuneration Code.
- (4) Guidance on what the supervisory function might involve is set out in SYSC 4.3.3 G.
- 01/04/2013
Remuneration Principle 5: Control functions
SYSC 19A.3.14
See Notes
A firm must ensure that employees engaged in control functions:
- (1) are independent from the business units they oversee;
- (2) have appropriate authority; and
- (3) are remunerated:
- (a) adequately to attract qualified and experienced staff; and
- (b) in accordance with the achievement of the objectives linked to their functions, independent of the performance of the business areas they control.
[Note: article 92(2)(e) of CRD and Standard 2 of the FSB Compensation Standards]
- 01/01/2014
SYSC 19A.3.15
See Notes
- (1) A firm's risk management and compliance functions should have appropriate input into setting the remuneration policy for other business areas. The procedures for setting remuneration should allow risk and compliance functions to have significant input into the setting of individual remuneration awards where those functions have concerns about the behaviour of the individuals concerned or the riskiness of the business undertaken.
- (2) Contravention of (1) may be relied on as tending to establish contravention of the rule on employees engaged in control functions having appropriate authority (SYSC 19A.3.14R (2)).
- 01/04/2013
SYSC 19A.3.16
See Notes
A firm must ensure that the remuneration of the senior officers in risk management and compliance functions is directly overseen by the remuneration committee referred to in SYSC 19A.3.12 R, or, if such a committee has not been established, by the governing body in its supervisory function.
[Note: article 92(2)(f) of CRD]
- 01/01/2014
SYSC 19A.3.17
See Notes
- (1) This Remuneration Principle is designed to manage the conflicts of interest which might arise if other business areas had undue influence over the remuneration of employees within control functions. Conflicts of interest can easily arise when employees are involved in the determination of remuneration for their own business area. Where these could arise they need to be managed by having in place independent roles for control functions (including, notably, risk management and compliance) and human resources. It is good practice to seek input from a firm's human resources function when setting remuneration for other business areas.
- (2) The need to avoid undue influence is particularly important where employees from the control functions are embedded in other business areas. This Remuneration Principle does not prevent the views of other business areas being sought as an appropriate part of the assessment process.
- (3) The appropriate regulator would generally expect the ratio of the potential variable component of remuneration to the fixed component of remuneration to be significantly lower for employees in risk management and compliance functions than for employees in other business areas whose potential bonus is a significant proportion of their remuneration. Firms should nevertheless ensure that the total remuneration package offered to those employees is sufficient to attract and retain staff with the skills, knowledge and expertise to discharge those functions. The requirement that the method of determining the remuneration of relevant persons involved in the compliance function must not compromise their objectivity or be likely to do so also applies (see SYSC 6.1.4 R (4)).
- 01/04/2013
Remuneration Principle 6: Remuneration and capital
SYSC 19A.3.18
See Notes
A firm must ensure that total variable remuneration does not limit the firm's ability to strengthen its capital base.
[Note: article 94(1)(c) of CRD and Standard 3 of the FSB Compensation Standards]
- 01/01/2014
SYSC 19A.3.19
See Notes
- 01/04/2013
Remuneration Principle 7: Exceptional government intervention
SYSC 19A.3.20
See Notes
A firm that benefits from exceptional government intervention must ensure that:
- (1) variable remuneration is strictly limited as a percentage of net revenues when it is inconsistent with the maintenance of a sound capital base and timely exit from government support;
- (2) it restructures remuneration in a manner aligned with sound risk management and long-term growth, including when appropriate establishing limits to the remuneration of members of its management body; and
- (3) no variable remuneration is paid to members of its management body unless this is justified.
[Note: article 93 of CRD and Standard 10 of the FSB Compensation Standards]
- 01/01/2014
SYSC 19A.3.21
See Notes
- 01/01/2014
Remuneration Principle 8: Profit-based measurement and risk adjustment
SYSC 19A.3.22
See Notes
- (1) A firm must ensure that any measurement of performance used to calculate variable remuneration components or pools of variable remuneration components:
- (a) includes adjustments for all types of current and future risks and takes into account the cost and quantity of the capital and the liquidity required; and
- (b) takes into account the need for consistency with the timing and likelihood of the firm receiving potential future revenues incorporated into current earnings.
- (2) A firm must ensure that the allocation of variable remuneration components within the firm also takes into account all types of current and future risks.
[Note: article 94(1)(j), (k) of CRD and Standard 4 of the FSB Compensation Standards]
- 01/01/2014
SYSC 19A.3.23
See Notes
- (1) This Remuneration Principle stresses the importance of risk adjustment in measuring performance, and the importance within that process of applying judgment and common sense. A firm should ask the risk management function to validate and assess risk-adjustment techniques, and to attend a meeting of the governing body or remuneration committee for this purpose.
- (2) A number of risk-adjustment techniques and measures are available, and a firm should choose those most appropriate to its circumstances. Common measures include those based on economic profit or economic capital. Whichever technique is chosen, the full range of future risks should be covered. The appropriate regulator expects a firm to be able to provide it with details of all adjustments that the firm has made under a formulaic approach.
- (3) The appropriate regulator expects that a firm will apply qualitative judgments and common sense in the final decision about the performance-related components of variable remuneration pools.
- (4) A firm's governing body (or remuneration committee where appropriate) should take the lead in determining the measures to be used. It should offer the appropriate checks and balances to prevent inappropriate manipulation of the measures used. It should consult closely and frequently with the firm's risk management functions, in particular those relating to operational, market, credit and liquidity risk.
- 01/04/2013
SYSC 19A.3.24
See Notes
- (1) Long-term incentive plans should be treated as pools of variable remuneration. Many common measures of performance for long-term incentive plans, such as earnings per share (EPS), are not adjusted for longer-term risk factors. Total shareholder return (TSR), another common measure, includes in its measurement dividend distributions, which can also be based on unadjusted earnings data. If incentive plans mature within a two to four year period and are based on EPS or TSR, strategies can be devised to boost EPS or TSR during the life of the plan, to the detriment of the true longer-term health of a firm. For example, increasing leverage is a technique which can be used to boost EPS and TSR. Firms should take account of these factors when developing risk-adjustment methods.
- (2) Firms that have long-term incentive plans should structure them with vesting subject to appropriate performance conditions, and at least half of the award vesting after not less than five years and the remainder after not less than three years.
- (3) Long-term incentive plan awards may be included in the calculation of the deferred portion of variable remuneration only if upside incentives are adequately balanced by downside adjustments. The valuation of the award should be based on its value when the award is granted, and determined using an appropriate technique.
- 01/04/2013
SYSC 19A.3.25
See Notes
- 01/04/2013
SYSC 19A.3.26
See Notes
- (1) Performance measures based primarily on revenues or turnover are unlikely to pay sufficient regard to the quality of business undertaken or services provided. Profits are a better measure provided they are adjusted for risk, including future risks not adequately captured by accounting profits.
- (2) Management accounts should provide profit data at such levels within the firm's structure as to enable a firm to see as accurate a picture of contributions of relevant staff to a firm's performance as is reasonably practicable. If revenue or turnover is used as a component in performance assessment, processes should be in place to ensure that the quality of business undertaken or services provided and their appropriateness for clients are taken into account.
- 01/04/2013
SYSC 19A.3.27
See Notes
A firm must ensure that its total variable remuneration is generally considerably contracted where subdued or negative financial performance of the firm occurs, taking into account both current remuneration and reductions in payouts of amounts previously earned , including through malus or clawback arrangements.
[Note: article 94(1)(n) of CRD and Standard 5 of the FSB Compensation Standards]
- 01/01/2014
SYSC 19A.3.28
See Notes
- 01/04/2013
Remuneration Principle 9: Pension policy
SYSC 19A.3.29
See Notes
A firm must ensure that:
- (1) its pension policy is in line with its business strategy, objectives, values and long-term interests;
- (2) when an employee leaves the firm before retirement, any discretionary pension benefits are held by the firm for a period of five years in the form of instruments referred to in SYSC 19A.3.47R (1); and
- (3) when an employee reaches retirement, discretionary pension benefits are paid to the employee in the form of instruments referred to in SYSC 19A.3.47R (1) and subject to a five-year retention period.
[Note: article 94(1)(o) of CRD]
- 01/01/2014
Remuneration Principle 10: Personal investment strategies
SYSC 19A.3.30
See Notes
- (1) A firm must ensure that its employees undertake not to use personal hedging strategies or remuneration- or liability-related contracts of insurance to undermine the risk alignment effects embedded in their remuneration arrangements.
- (2) A firm must maintain effective arrangements designed to ensure that employees comply with their undertaking.
[Note: article 94(1)(p) of CRD and Standard 14 of the FSB Compensation Standards]
- 01/01/2014
SYSC 19A.3.31
See Notes
- 01/04/2013
Remuneration Principle 11: Non-compliance with the Remuneration Code
SYSC 19A.3.32
See Notes
A firm must ensure that variable remuneration is not paid through vehicles or methods that facilitate non-compliance with the Remuneration Code.
[Note: article 94(1)(q) of CRD]
- 01/01/2014
Remuneration Principle 12: Remuneration structures - introduction
SYSC 19A.3.33
See Notes
- 01/04/2013
SYSC 19A.3.34
See Notes
- (1) Taking account of the remuneration principles proportionality rule, the appropriate regulator does not generally consider it necessary for a firm to apply the rules referred to in (2) where, in relation to an individual ("X"), both the following conditions are satisfied:
- (a) Condition 1 is that Xs variable remuneration is no more than 33% of total remuneration; and
- (b) Condition 2 is that Xs total remuneration is no more than 500,000.
- (2) The rules referred to in (1) are those relating to:
- (a) guaranteed variable remuneration (SYSC 19A.3.40 R);
- (b) retained shares or other instruments (SYSC 19A.3.47 R);
- (c) deferral (SYSC 19A.3.49 R); and
- (d) performance adjustment (SYSC 19A.3.51 R).
[Note: The FSA also gave guidance on the application of certain rules on remuneration structures in relation to individuals who are Remuneration Code staff for only part of a given performance year. This guidance has been adopted by the FCA and is available in the FCA website at www.fca.org.uk/your-fca/documents/finalised-guidance/remuneration-code.]
- 01/01/2014
Remuneration Principle 12(a): Remuneration structures - general requirement
SYSC 19A.3.35
See Notes
- 01/04/2013
SYSC 19A.3.35A
See Notes
A firm must ensure that the remuneration policy makes a clear distinction between criteria for setting:
- (1) basic fixed remuneration that primarily reflects an employee's professional experience and organisational responsibility as set out in the employee's job description and terms of employment; and
- (2) variable remuneration that reflects performance in excess of that required to fulfil the employee's job description and terms of employment and that is subject to performance adjustment in accordance with the Remuneration Code.
[Note: article 92(2)(g) of CRD]
- 01/01/2014
Remuneration Principle 12(b): Remuneration structures - assessment of performance
SYSC 19A.3.36
See Notes
A firm must ensure that where remuneration is performance-related:
- (1) the total amount of remuneration is based on a combination of the assessment of the performance of:
- (a) the individual;
- (b) the business unit concerned; and
- (c) the overall results of the firm; and
- (2) when assessing individual performance, financial as well as non-financial criteria are taken into account.
[Note: article 94(1)(a) of CRD and Standard 6 of the FSB Compensation Standards]
- 01/01/2014
SYSC 19A.3.37
See Notes
- 01/04/2013
SYSC 19A.3.38
See Notes
A firm must ensure that the assessment of performance is set in a multi-year framework in order to ensure that the assessment process is based on longer-term performance and that the actual payment of performance-based components of remuneration is spread over a period which takes account of the underlying business cycle of the firm and its business risks.
[Note: article 94(1)(b) of CRD]
- 01/01/2014
SYSC 19A.3.39
See Notes
- 01/04/2013
Remuneration Principle 12(c): Remuneration structures - guaranteed variable remuneration
SYSC 19A.3.40
See Notes
A firm must ensure that guaranteed variable remuneration is not part of prospective remuneration plans. A firm must not award, pay or provide guaranteed variable remuneration unless:
- (1) it is exceptional;
- (2) it occurs in the context of hiring new Remuneration Code staff;
- (3) the firm has a sound and strong capital base; and
- (4) it is limited to the first year of service.
[Note: article 94(1)(d) and (e) of CRD and Standard 11 of the FSB Compensation Standards]
- 01/01/2014
SYSC 19A.3.40A
See Notes
A firm must ensure that remuneration packages relating to compensation for, or buy out from, an employee's contracts in previous employment align with the long term interests of the firm and are subject to appropriate retention, deferral and performance and clawback arrangements.
[Note: article 94(1)(i) of CRD]
- 01/01/2014
SYSC 19A.3.41
See Notes
- (1) A firm should not award, pay or provide guaranteed variable remuneration in the context of hiring new Remuneration Code staff (X) unless:
- (a) it has taken reasonable steps to ensure that the remuneration is not more generous in either its amount or terms (including any deferral or retention periods) than the variable remuneration awarded or offered by Xs previous employer; and
- (b) it is subject to appropriate performance adjustment requirements.
- (2) Contravention of (1) may be relied on as tending to establish contravention of the rule on guaranteed variable remuneration (SYSC 19A.3.40 R).
- 01/04/2013
SYSC 19A.3.42
See Notes
- 01/04/2013
SYSC 19A.3.43
See Notes
- 01/04/2013
Remuneration Principle 12(d): Remuneration structures - ratios between fixed and variable components of total remuneration
SYSC 19A.3.44
See Notes
A firm must set appropriate ratios between the fixed and variable components of total remuneration and ensure that:
- (1) fixed and variable components of total remuneration are appropriately balanced;
- (2) the fixed component represents a sufficiently high proportion of the total remuneration to allow the operation of a fully flexible policy on variable remuneration components, including the possibility to pay no variable remuneration component; and
- (3) subject to SYSC 19A.3.44A R, the ratio of the variable component of total remuneration to the fixed component does not exceed 1:1.
[Note: Paragraph 23(l) of Annex V to the Banking Consolidation Directive]
- 01/01/2014
SYSC 19A.3.44A
See Notes
A firm may set a ratio between the fixed and the variable components of total remuneration that exceeds 1:1 provided the ratio:
- (1) does not exceed 1:2; and
- (2) is approved by the shareholders or owners or members of the firm in accordance with SYSC 19A.3.44B R.
[Note: article 94(1)(g)(ii) of CRD]
- 01/01/2014
SYSC 19A.3.44B
See Notes
A firm must ensure that any approval by the shareholders or owners or members of the firm of a ratio that exceeds 1:1 is carried out in accordance with the following procedure:
- (1) the firm must give reasonable notice to all shareholders or owners or members of the firm that the firm intends to seek approval of a ratio that exceeds 1:1;
- (2) the firm must make a detailed recommendation to all shareholders or owners or members of the firm giving the reasons for, and the scope of, the approval sought, including the number of staff affected, their functions and the expected impact on the requirement to maintain a sound capital base;
- (3) the firm must, without delay, inform the appropriate regulator of the recommendation to its shareholders or owners or members, including the proposed ratio and the reasons therefor and must demonstrate to the appropriate regulator that the proposed higher ratio does not conflict with the firm's obligations under the CRD and the CRR, having regard in particular to the firm's own funds obligations;
- (4) the firm must ensure that employees who have an interest in the proposed higher ratio are not allowed to exercise, directly or indirectly, any voting rights they may have as shareholders or owners or members of the firm in respect of the approval sought; and
- (5) the higher ratio is approved by a majority of:
[Note: article 94(1)(g)(ii) of CRD]
- 01/01/2014
SYSC 19A.3.44C
See Notes
A firm must notify without delay the appropriate regulator of the decisions taken by its shareholders or members or owners including any approved higher maximum ratio.
[Note: article 94(1)(g)(ii) of CRD]
- 01/01/2014
SYSC 19A.3.44D
See Notes
A firm may apply a discount rate to a maximum of 25% of an employee's total variable remuneration provided it is paid in instruments that are deferred for a period of not less than five years.
[Note: article 94(1)(g)(iii) of CRD]
- 01/01/2014
Remuneration Principle 12(e): Remuneration structures - payments related to early termination
SYSC 19A.3.45
See Notes
A firm must ensure that payments relating to the early termination of a contract reflect performance achieved over time and are designed in a way that does not reward failure or misconduct.
[Note: article 94(1)(h) of CRD and Standard 12 of the FSB Compensation Standards]
- 01/01/2014
SYSC 19A.3.46
See Notes
Firms should review existing contractual payments related to termination of employment with a view to ensuring that these are payable only where there is a clear basis for concluding that they are consistent with the Remuneration Code general requirement.
[Note: Standard 12 of the FSB Compensation Standards]
- 01/04/2013
Remuneration Principle 12(f): Remuneration structures - retained shares or other instruments
SYSC 19A.3.47
See Notes
- (1) A firm must ensure that a substantial portion, which is at least 50%, of any variable remuneration consists of an appropriate balance of:
- (a) shares or equivalent ownership interests, subject to the legal structure of the firm concerned, or share-linked instruments or equivalent non-cash instruments in the case of a non-listed firm; and
- (b) where possible other instruments which are eligible as Additional Tier 1 instruments or are eligible as Tier 2 instruments or other instruments that can be fully converted to Common Equity Tier 1 instruments or written down, that in each case adequately reflect the credit quality of the firm as a going concern and are appropriate for use as variable remuneration.
- (2) The instruments in (1) must be subject to an appropriate retention policy designed to align incentives with the longer-term interests of the firm.
- (3) This rule applies to both the portion of the variable remuneration component deferred in accordance with SYSC 19A.3.49 R and the portion not deferred.
[Note: article 94(1)(l) of CRD and Standard 8 of the FSB Compensation Standards]
- 01/01/2014
SYSC 19A.3.48
See Notes
- (1) The Committee of European Banking Supervisors has given guidance on the interpretation of the Directive provision transposed by SYSC 19A.3.47R (3). Its Guidelines provide that this requirement means that the 50% minimum threshold for instruments must be applied equally to the non-deferred and the deferred components; in other words, firms must apply the same chosen ratio between instruments and cash for their total variable remuneration to both the upfront and deferred components. (Guidelines on Remuneration Policies and Practices, 10 December 2010, paragraph 133.)
- (2) This simplified example illustrates the operation of (1). The variable remuneration of a material risk taker (X) is 100, and by SYSC 19A.3.49R (3) X is required to defer 60%. Xs upfront component is 40 and Xs deferred component is 60. At least 20 of Xs upfront component, and at least 30 of Xs deferred component, must be in instruments referred to in SYSC 19A.3.47R (1).
- 01/04/2013
Remuneration Principle 12(g): Remuneration structures - deferral
SYSC 19A.3.49
See Notes
- (1) A firm must not award, pay or provide a variable remuneration component unless a substantial portion of it, which is at least 40%, is deferred over a period which is not less than three to five years.
- (2) Remuneration under (1) must vest no faster than on a pro-rata basis.
- (3) In the case of a variable remuneration component:
- (a) of a particularly high amount, or
- (b) payable to a director of a firm that is significant in terms of its size, internal organisation and the nature, scope and complexity of its activities;
- at least 60% of the amount must be deferred.
- (4) Paragraph (3)(b) does not apply to a non-executive director.
- (5) The length of the deferral period must be established in accordance with the business cycle, the nature of the business, its risks and the activities of the employee in question.
- [Note: article 94(1)(m) of CRD and Standards 6 and 7 of the FSB Compensation Standards]
- (6) 500,000 is a particularly high amount for the purpose of (3)(a).
- (7) Paragraph (6) is without prejudice to the possibility of lower sums being considered a particularly high amount.
- 01/01/2014
SYSC 19A.3.50
See Notes
- (1) Deferred remuneration paid in shares or share-linked instruments should be made under a scheme which meets appropriate criteria, including risk adjustment of the performance measure used to determine the initial allocation of shares. Deferred remuneration paid in cash should also be subject to performance criteria.
- (2) The appropriate regulator would generally expect a firm to have a firm-wide policy (and group-wide policy, where appropriate) on deferral. The proportion deferred should generally rise with the ratio of variable remuneration to fixed remuneration and with the amount of variable remuneration. While any variable remuneration component of 500,000 or more paid to Remuneration Code staff must be subject to 60% deferral, firms should also consider whether lesser amounts should be considered to be 'particularly high' taking account, for example, of whether there are significant differences within Remuneration Code staff in the levels of variable remuneration paid.
- 01/04/2013
Remuneration Principle 12(h): Remuneration structures - performance adjustment, etc.
SYSC 19A.3.51
See Notes
A firm must ensure that:
- (1) any variable remuneration, including a deferred portion, is paid or vests only if it is sustainable according to the financial situation of the firm as a whole, and justified on the basis of the performance of the firm, the business unit and the individual concerned;
- (2) any variable remuneration is subject to clawback, such that it is not awarded save where an amount corresponding to it can be recovered from the individual by the firm if the recovery is justified on the basis of the circumstances described in SYSC 19A.3.51AR (3) and SYSC 19A.3.51B R; and
- [Note: article 94(1)(n) of CRD and Standards 6 and 9 of the FSB Compensation Standards]
- (3) variable remuneration is subject to clawback for a period of at least 7 years from the date on which it is awarded.
- [Note: article 94(1)(n) of CRD and Standards 6 and 9 of the FSB Compensation Standards]
[Note: This provision is shown with PRA changes made by PRA 2014/22. To see the FCA provision, select the date 31/12/14 from the date picker above]
- 01/01/2015
SYSC 19A.3.51A
See Notes
A firm must:
- (1) [deleted]
- (2) set specific criteria for the application of malus and clawback; and
- (3) ensure that the criteria for the application of malus and clawback in particular cover situations where the employee:
- (a) participated in or was responsible for conduct which resulted in significant losses to the firm;
- (b) failed to meet appropriate standards of fitness and propriety.
[Note: This provision is shown with PRA changes made by PRA 2014/22. To see the FCA provision, select the date 31/12/14 from the date picker above]
[Note: article 94(1)(n) of CRD]
- 01/01/2015
SYSC 19A.3.51B
See Notes
A firm must make all reasonable efforts to recover an appropriate amount corresponding to some or all vested variable remuneration where either of the following circumstances arise during the period in which clawback applies:
A firm must take into account all relevant factors (including, where the circumstances described in (b) arise, the proximity of the employee to the failure of risk-management in question and the employee's level of responsibility) in deciding whether and to what extent it is reasonable to seek recovery of any or all of their vested variable remuneration.
- 01/01/2015
SYSC 19A.3.52
See Notes
- (1) A firm should reduce unvested deferred variable remuneration when, as a minimum:
- (a) there is reasonable evidence of employee misbehaviour or material error; or
- (b) the firm or the relevant business unit suffers a material downturn in its financial performance; or
- (c) the firm or the relevant business unit suffers a material failure of risk management.
- (2) For performance adjustment purposes, awards of deferred variable remuneration made in shares or other non-cash instruments should provide the ability for the firm to reduce the number of shares or other non-cash instruments.
- (3) Contravention of (1) or (2) may be relied on as tending to establish contravention of the rule on performance adjustment (SYSC 19A.3.51 R).
- 01/04/2013
SYSC 19A.3.53
See Notes
- (1) Variable remuneration may be justified, for example, to incentivise employees involved in new business ventures which could be loss-making in their early stages.
- (2) The governing body (or, where appropriate, the remuneration committee) should approve performance adjustment policies, including the triggers under which adjustment would take place. The appropriate regulator may ask firms to provide a copy of their policies and expects firms to make adequate records of material decisions to operate the adjustments.
- 01/04/2013
Effect of breaches of the Remuneration Principles
SYSC 19A.3.53A
See Notes
- 01/04/2013
SYSC 19A.3.54
See Notes
- (1) Subject to (1A) to (3), the rules in SYSC 19A Annex 1.1R to 1.4R apply in relation to the prohibitions on Remuneration Code staff being remunerated in the ways specified in:
- (a) SYSC 19A.3.40 R (guaranteed variable remuneration);
- (b) SYSC 19A.3.49 R (non-deferred variable remuneration);
- (c) SYSC 19A.3.51R (2) (performance adjustment - clawback); and
- (d) SYSC 19A Annex 1.7R (replacing payments recovered or property transferred).
- [Note: This provision is shown with PRA changes made by PRA 2014/22. To see the FCA provision, select the date 31/12/14 from the date picker above]
- (1A) Paragraph (1) applies only to those prohibitions as they apply in relation to a firm that satisfies at least one of the conditions set out in (1B) and (1D).
- (1B) Condition 1 is that the firm is a UK bank, a building society, a designated investment firm, or a relevant IFPRU 730k firm that has relevant total assets exceeding £50 billion.
- (1C) [deleted]
- (1D) Condition 2 is that the firm:
- (a) is a full credit institution, a designated investment firm, a relevant IFPRU 730k firm or a relevant third country IFPRU 730k firm; and
- (b) is part of a group containing a firm that has relevant total assets exceeding £50 billion and that is a UK bank, a building society, a designated investment firm or a relevant IFPRU 730k firm.
- (1E) In this rule:
- (a) a "relevant IFPRU 730k firm" is any IFPRU 730k firm that is not a limited activity firm or a limited licence firm;
- (b) a "relevant third country IFPRU 730k firm" is any third country IFPRU 730k firm that is not a limited activity firm or a limited licence firm; and
- (c) "relevant total assets" means the arithmetic mean of the firm's total assets as set out in its balance sheet on its last three accounting reference dates.
- (2) This rule does not apply in relation to the prohibition on Remuneration Code staff being remunerated in the way specified in SYSC 19A.3.40 R (guaranteed variable remuneration) if both the conditions in paragraphs (2) and (3) of that rule are met.
- (3) This rule does not apply in relation to Remuneration Code staff (X) in respect of whom both the following conditions are satisfied:
- (a) Condition 1 is that Xs variable remuneration is no more than 33% of total remuneration; and
- (b) Condition 2 is that Xs total remuneration is no more than 500,000.
- (4) In relation to (3):
- (a) references to remuneration are to remuneration awarded or paid in respect of the relevant performance year;
- (b) the amount of any remuneration is:
- (i) if it is money, its amount when awarded;
- (ii) otherwise, whichever of the following is greatest: its value to the recipient when awarded; its market value when awarded; and the cost of providing it;
- (c) where remuneration is, when awarded, subject to any condition, restriction or other similar provision which causes the amount of the remuneration to be less than it otherwise would be, that condition, restriction or provision is to be ignored in arriving at its value; and
- (d) it is to be assumed that the member of Remuneration Code staff will remain so for the duration of the relevant performance year.
- 01/01/2015
SYSC 19A.3.55
See Notes
- (1) Sections 137H and 137I of the Act enables the appropriate regulator to make rules that render void any provision of an agreement that contravenes specified prohibitions in the Remuneration Code, and that provide for the recovery of any payment made, or other property transferred, in pursuance of such a provision. SYSC 19A.3.53A R and SYSC 19A.3.54 R (together with SYSC 19A Annex 1) are such rules and render void provisions of an agreement that contravene the specified prohibitions on guaranteed variable remuneration, non-deferred variable remuneration and replacing payments recovered or property transferred. This is an exception to the general position set out in section 138E(2) of the Act that a contravention of a rule does not make any transaction void or unenforceable.
- (2) [deleted]
- 01/04/2013
SYSC 19A Annex 1
Detailed provisions on voiding and recovery (SYSC 19A.3.53AR and SYSC 19A.3.54R)
- 01/01/2012
Rendering contravening provisions of agreements void | |||
1 | R | Any provision of an agreement that contravenes a prohibition on persons being remunerated in a way specified in a rule to which this rule applies (a "contravening provision") is void. | |
1A | R | A contravening provision does not cease to be void because: | |
(1) | the firm concerned ceases to satisfy any of the conditions set out in SYSC 19A.3.54R (1B) to (1D); or | ||
(2) | the member of Remuneration Code staff concerned starts to satisfy both of the conditions set out in SYSC 19A.3.54R (3)(a) and (b). | ||
2 | R | A contravening provision that, at the time a rule to which this rule applies was made, is contained in an agreement made before that time is not rendered void by 1R unless it is subsequently amended so as to contravene such a rule. | |
3 | G | The effect of 2R, in accordance with sections 137H and 137I of the Act, is to prevent contravening provisions being rendered void retrospectively. Contravening provisions may however be rendered void if they are contained in an agreement made after the rule containing the prohibition is made by the appropriate regulator but before the rule comes into effect. For further relevant transitional provisions, see SYSC TP 3.6A. | |
3A | R | (1) | A pre-existing provision is not rendered void by 1R. |
(2) | In this Annex a pre-existing provision is any provision of an agreement that would (but for this rule) be rendered void by 1R that was agreed at a time when either: | ||
(a) the firm concerned did not satisfy any of the conditions set out in SYSC 19A.3.54R (1B) to (1D); or | |||
(b) the member of Remuneration Code staff concerned satisfied both of the conditions set out in SYSC 19A.3.54R (3)(a) and (b). | |||
(3) | But an amendment to, or in relation to, a pre-existing provision is not to be treated as a pre-existing provision where the amendment is agreed at a time when both: | ||
(a) the firm concerned satisfies at least one of the conditions set out in SYSC 19A.3.54R (1B) to (1D); and | |||
(b) the member of Remuneration Code staff concerned does not satisfy both of the conditions set out in SYSC 19A.3.54R (3)(a) and (b). | |||
4 | R | For the purposes of this chapter it is immaterial whether the law which (apart from this annex) governs a contravening provision is the law of the United Kingdom, or of a part of the United Kingdom. | |
Recovery of payments made or property transferred pursuant to a void contravening provision | |||
5 | R | In relation to any payment made or other property transferred in pursuance of a contravening provision other than a pre-existing provision, a firm must take reasonable steps to: | |
(1) | recover any such payment made or other property transferred by the firm; and | ||
(2) | ensure that any other person ("P") recovers any such payment made or other property transferred by that person. | ||
5A | R | Paragraph 5R continues to apply in one or both of the following cases: | |
(1) | the firm concerned ceases to satisfy any of the conditions set out in SYSC 19A.3.54R (1B) to (1D); | ||
(2) | the member of Remuneration Code staff concerned starts to satisfy both of the conditions set out in SYSC 19A.3.54R (3)(a) and (b). | ||
6 | G | The rule in 5R(2) would, for example, apply in the context of a secondment. Where a group member seconds an individual to a firm and continues to be responsible for the individuals remuneration in respect of services provided to the firm, the firm would need to take reasonable steps to ensure that the group member recovers from the secondee any remuneration paid in pursuance of a contravening provision. | |
Replacing payments recovered or property transferred | |||
7 | R | (1) | A firm must not award, pay or provide variable remuneration to a person who has received remuneration in pursuance of a contravening provision other than a pre-existing provision (the "contravening remuneration") unless the firm has obtained a legal opinion stating that the award, payment or provision of the remuneration complies with the Remuneration Code. |
(2) | This rule applies only to variable remuneration relating to a performance year to which the contravening remuneration related. | ||
(3) | The legal opinion in (1) must be properly reasoned and be provided by an appropriately qualified independent individual. | ||
(4) | Paragraph (1) continues to apply in one or both of the following cases: | ||
(a) the firm concerned ceases to satisfy any of the conditions set out in SYSC 19A.3.54R (1B) to (1D); | |||
(b) the member of Remuneration Code staff concerned starts to satisfy both of the conditions set out in SYSC 19A.3.54R (3)(a) and (b). | |||
Notification to the appropriate regulator | |||
8 | G | The appropriate regulator considers any breach of a rule to which this annex applies to be a significant breach which should be notified to the appropriate regulator in accordance with SUP 15.3.11 R (Breaches of rules and other requirements in or under the Act). Such a notification should include information on the steps which a firm or other person has taken or intends to take to recover payments or property in accordance with 5R. |
- 01/04/2013
SYSC 20
Reverse stress testing
SYSC 20.1
Application and purpose
- 14/12/2010
Application
SYSC 20.1.1
See Notes
- (1) SYSC 20 applies to:
- (a) a firm which is:
- (i) a bank; or
- (ii) a building society; or
- (iii) a designated investment firm which meets any of the criteria set out in (2) on an individual basis, or in (3) on a consolidated basis; and
- (b) an insurer unless it is:
- (i) a non-directive friendly society; or
- (ii) a Swiss general insurer; or
- (iii) an EEA-deposit insurer; or
- (iv) an incoming EEA firm; or
- (v) an incoming Treaty firm.
- (2) Subject to (4), SYSC 20 applies to a designated investment firm if:
- (a) it has assets under management or administration of at least £10 billion (or the equivalent amount in foreign currency); or
- (b) the total annual fee and commission income arising from its regulated activities is at least £250 million (or the equivalent amount in foreign currency); or
- (c) it has assets or liabilities of at least £2 billion (or the equivalent amount in foreign currency).
- (3) Subject to (4), where all of the designated investment firms within the same consolidation group or non-EEA sub-group, taken together as if they were one firm, meet any of the criteria in (2), SYSC 20 applies to each of those designated investment firms as if it individually met the inclusion criteria in (2).
- (4) Any designated investment firm which is included within the scope of SYSC 20 in accordance with (2) or (3) in any given year will continue to be subject to SYSC 20 for the following two years irrespective of whether or not it continues to meet the inclusion criteria in any of those subsequent years.
- 01/04/2014
Purpose
SYSC 20.1.3
See Notes
- 01/04/2013
SYSC 20.1.4
See Notes
- 01/04/2013
SYSC 20.2
Reverse stress testing requirements
- 14/12/2010
SYSC 20.2.1
See Notes
As part of its business planning and risk management obligations under SYSC, a firm must reverse stress test its business plan; that is, it must carry out stress tests and scenario analyses that test its business plan to failure. To that end, the firm must:
- (1) identify a range of adverse circumstances which would cause its business plan to become unviable and assess the likelihood that such events could crystallise; and
- (2) where those tests reveal a risk of business failure that is unacceptably high when considered against the firm's risk appetite or tolerance, adopt effective arrangements, processes, systems or other measures to prevent or mitigate that risk.
- 01/04/2013
SYSC 20.2.2
See Notes
Where the firm is a member of:
- (1) an insurance group, in respect of which it is required to maintain group capital;
- (2) a UK consolidation group; or
- (3) a non-EEA sub-group;
it must conduct the reverse stress test on a solo basis as well as on a consolidated basis in relation to the insurance group, the UK consolidation group or the non-EEA sub-group, as the case may be.
- 01/04/2013
SYSC 20.2.3
See Notes
- 01/04/2013
SYSC 20.2.4
See Notes
- (1) Business plan failure in the context of reverse stress testing should be understood as the point at which the market loses confidence in a firm and this results in the firm no longer being able to carry out its business activities. Examples of this would be the point at which all or a substantial portion of the firm's counterparties are unwilling to continue transacting with it or seek to terminate their contracts, or the point at which the firm's existing shareholders are unwilling to provide new capital. Such a point may be reached well before the firm's financial resources are exhausted.
- (2) The appropriate regulator may request a firm to quantify the level of financial resources which, in the firm's view, would place it in a situation of business failure should the identified adverse circumstances crystallise.
- (3) In carrying out the stress tests and scenario analyses required by SYSC 20.2.1 R, a firm should at least take into account each of the sources of risk identified in accordance with GENPRU 1.2.30R (2).
- 01/04/2013
SYSC 20.2.5
See Notes
- 01/04/2013
SYSC 20.2.6
See Notes
- 01/04/2013
SYSC 20.2.7
See Notes
- (1) The appropriate regulator may request a firm to submit the design and results of its reverse stress tests and any subsequent updates as part of its risk assessment.
- (2) In the light of the results of a firm's reverse stress tests, the appropriate regulator may require the firm to implement specific measures to prevent or mitigate the risk of business failure where that risk is not sufficiently mitigated by the measures adopted by the firm in accordance with SYSC 20.2.1 R, and the firm's potential failure poses an unacceptable risk to the appropriate regulator's statutory objectives.
- (3) The appropriate regulator recognises that not every business failure is driven by lack of financial resources and will take this into account when reviewing a firm's reverse stress test design and results.
- 01/04/2013
SYSC 21
Risk control: additional guidance
SYSC 21.1
Risk control: guidance on governance arrangements
- 01/05/2011
Additional guidance on governance arrangements
SYSC 21.1.1
See Notes
- (1) This chapter provides additional guidance on risk-centric governance arrangements for effective risk management. It expands upon the general organisational requirements in SYSC 2, SYSC 3, SYSC 4, SYSC 7 and FUND 3.7, and so applies to the same extent as SYSC 3.1.1 R (for insurers, managing agents and the Society), SYSC 4.1.1 R (for every other firm) and FUND 3.7 (for a full-scope UK AIFM of an authorised AIF).
- (2) Firms should, taking account of their size, nature and complexity, consider whether in order to fulfil the general organisational requirements in SYSC 2, SYSC 3, SYSC 4, SYSC 7 and (for a full-scope UK AIFM of an authorised AIF) FUND 3.7 their risk control arrangements should include:
- (a) appointing a Chief Risk Officer; and
- (b) establishing a governing body risk committee.
- The functions of a Chief Risk Officer and governing body risk committee are explained further in this section.
- (3) The appropriate regulator considers that banks and insurers that are included in the FTSE 100 Index are examples of the types of firm that should structure their risk control arrangements in this way. However, this guidance will also be relevant to some similar sized firms (whether or not listed) and some smaller firms, by virtue of their risk profile or complexity.
- 23/07/2013
Chief Risk Officer
SYSC 21.1.2
See Notes
- (1) A Chief Risk Officer should:
- (a) be accountable to the firm's governing body for oversight of firm-wide risk management;
- (b) be fully independent of a firm's individual business units;
- (c) have sufficient authority, stature and resources for the effective execution of his responsibilities;
- (d) have unfettered access to any parts of the firm's business capable of having an impact on the firm's risk profile;
- (e) ensure that the data used by the firm to assess its risks are fit for purpose in terms of quality, quantity and breadth;
- (f) provide oversight and challenge of the firm's systems and controls in respect of risk management;
- (g) provide oversight and validation of the firm's external reporting of risk;
- (h) ensure the adequacy of risk information, risk analysis and risk training provided to members of the firm's governing body;
- (i) report to the firm's governing body on the firm's risk exposures relative to its risk appetite and tolerance, and the extent to which the risks inherent in any proposed business strategy and plans are consistent with the governing body's risk appetite and tolerance. The Chief Risk Officer should also alert the firm's governing body to and provide challenge on, any business strategy or plans that exceed the firm's risk appetite and tolerance;
- (j) provide risk-focused advice and information into the setting and individual application of the firm's remuneration policy (Where the Remuneration Code applies, see in particular SYSC 19A.3.15 E. Where the BIPRU Remuneration Code applies, see in particular SYSC 19C.3.15 E).
- (2) Firms will need to seek the appropriate regulator's approval for a Chief Risk Officer to perform the systems and controls function (see SUP 10 (Approved persons)).
- (3) The appropriate regulator expects that where a firm is part of a group it will structure its arrangements so that a Chief Risk Officer at an appropriate level within the group will exercise functions in (1) taking into account group-wide risks.
- 01/01/2014
Reporting lines of Chief Risk Officer
SYSC 21.1.3
See Notes
- (1) The Chief Risk Officer should be accountable to a firm's governing body.
- (2) The appropriate regulator recognises that in addition to the Chief Risk Officers primary accountability to the governing body, an executive reporting line will be necessary for operational purposes. Accordingly, to the extent necessary for effective operational management, the Chief Risk Officer should report into a very senior executive level in the firm. In practice, the appropriate regulator expects this will be to the chief executive, the chief finance officer or to another executive director.
- 01/04/2013
Appointment of Chief Risk Officer
SYSC 21.1.4
See Notes
- (1) Firms should ensure that a Chief Risk Officers remuneration is subject to approval by the firm's governing body, or an appropriate sub-committee.
- (2) Firms should also ensure that the Chief Risk Officer may not be removed from that role without the approval of the firm's governing body.
- 01/04/2013
Governing body risk committee
SYSC 21.1.5
See Notes
- (1) The appropriate regulator considers that, while the firm's governing body is ultimately responsible for risk governance throughout the business, firms should consider establishing a governing body risk committee to provide focused support and advice on risk governance.
- (2) Where a firm has established a governing body risk committee, its responsibilities will typically include:
- (a) providing advice to the firm's governing body on risk strategy, including the oversight of current risk exposures of the firm, with particular, but not exclusive, emphasis on prudential risks;
- (b) development of proposals for consideration by the governing body in respect of overall risk appetite and tolerance, as well as the metrics to be used to monitor the firm's risk management performance;
- (c) oversight and challenge of the design and execution of stress and scenario testing;
- (d) oversight and challenge of the day-to-day risk management and oversight arrangements of the executive;
- (e) oversight and challenge of due diligence on risk issues relating to material transactions and strategic proposals that are subject to approval by the governing body;
- (f) provide advice to the firm's remuneration committee on risk weightings to be applied to performance objectives incorporated in the incentive structure for the executive;
- (g) providing advice, oversight and challenge necessary to embed and maintain a supportive risk culture throughout the firm.
- (3) Where a governing body risk committee is established, its chairman should be a non-executive director, and while its membership should predominantly be non-executive it may be appropriate to include senior executives such as the chief finance officer.
- 01/04/2013
SYSC 21.1.6
See Notes
- 01/04/2013
Transitional Provisions and Schedules
SYSC TP 2
Firms other than common platform firms, insurers, managing agents and the Society
(1) | (2) | (3) | (4) | (5) | (6) |
Material to which the transitional provision applies | Transitional provision | Transitional provision: dates in force | Handbook provisions: Coming into force |
||
2.1 | SYSC 8.1 | R | If a firm other than a common platform firm, insurer, managing agent or the Society has in force on 1 April 2009 outsourcing arrangements which would be covered by SYSC 8.1 it need not amend those contracts to comply with these provisions but should comply with the new rules and guidance in respect of any outsourcing contracts which are entered into, or materially amended, on or after 1 April 2009. | 1 April 2009 indefinitely | 1 April 2009 |
- 01/01/2015
SYSC TP 3
Remuneration code
1 | R | [deleted] | ||
2 | R | [deleted] | ||
3 | R | [deleted] | ||
4 | G | [deleted] | ||
5 | G | [deleted] | ||
6 | R | [expired] | ||
6A | R | (1) | Paragraph (2) applies in relation to a firm that was not subject to the version of the Remuneration Code that applied before 1 January 2011 but satisfies at least one of the conditions set out in SYSC 19A.3.54 R (1B) to SYSC 19A.3.54 R (1D). | |
(2) | Where this paragraph applies, a contravening provision that is contained in an agreement made before 3 November 2011 is not rendered void by SYSC 19A Annex 1.1R unless it is subsequently amended so as to contravene a rule to which SYSC 19A Annex 1.1R applies. | |||
6B | G | The effect of 6R is to limit the provisions on voiding and recovery to firms which were subject to the version of the Remuneration Code which applied before 1 January 2011. That transitional provision comes to an end on 1 January 2012. A new limit providing for voiding to apply only in relation to certain types of firm is provided in SYSC 19A.3.54 R (1B) to SYSC 19A.3.54 R (1D). Paragraph 6AR applies to firms which become subject to the provisions on voiding after the transitional provision in 6R comes to an end. It prevents certain contravening provisions which predate the making of the new rules limiting the application of voiding from becoming void. | ||
7 | G | [expired] |
- 01/01/2015
SYSC Sch 1
Record keeping requirements
- 01/12/2004
SYSC Sch 1.1
See Notes
The aim of the guidance in the following table is to give the reader a quick over-all view of the relevant record keeping requirements. |
It is not a complete statement of those requirements and should not be relied on as if it were. |
- 01/04/2013
SYSC Sch 1.2
See Notes
Handbook reference | Subject of record | Contents of record | When record must be made | Retention period |
SYSC 2.2.1 R | Arrangements made to satisfy SYSC 2.1.1 R (apportionment) and SYSC 2.1.3 R (allocation) | Those arrangements | On making the arrangements and when they are updated | Six years from the date on which the record is superseded by a more up-to-date record |
SYSC 3.2.20 R | Matters and dealings (including accounting records) which are the subject of requirements and standards under the regulatory system | Adequate | Adequate time | Adequate |
SYSC 9.1.1R | Business and internal organisation | Details of the firm's orderly records of services and transactions undertaken | Within a reasonable time | Adequate |
SYSC 10.1.6 R | Conflict of interest | Kinds of service or activity carried out by or on behalf of the firm in which a conflict of interest entailing a material risk of damage to the interests of one or more clients has arisen or, in the case of an ongoing service or activity, may arise. | Not specified | 5 years |
SYSC 14.1.53 R | Prudential risk management and systems and controls | Accounting and other records that are sufficient to enable the firm to demonstrate to the PRA: (1) that the firm is financially sound and has appropriate systems and controls; (2) the firm's financial position and exposure to risk (to a reasonable degree of accuracy); (3) the firm's compliance with the rules in GENPRU, INSPRU and SYSC. | Not specified | 3 years, or longer as appropriate |
- 02/02/2015
SYSC Sch 2
Notification requirements
- 01/12/2004
SYSC Sch 2.1
See Notes
There are no notification or reporting requirements in SYSC. |
- 01/04/2013
SYSC Sch 3
Fees and other required payments
- 01/12/2004
SYSC Sch 3.1
See Notes
There are no requirement for fees or other payments in SYSC. |
- 01/04/2013
SYSC Sch 6
Rules that can be waived
- 01/12/2004
SYSC Sch 6.1B
See Notes
- 01/04/2013