SYSC 4

General organisational requirements

SYSC 4.1

General requirements

[Note: ESMA has also issued guidelines under article 16(3) of the ESMA Regulation covering certain aspects of the MiFID compliance function requirements. See http://www.esma.europa.eu/content/Guidelines-certain-aspects-MiFID-compliance-function-requirements.]

SYSC 4.1.1

See Notes

handbook-rule
  1. (1) A firm must have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.
  2. (2) A BIPRU firm and a third country BIPRU firm must comply with the Remuneration Code.

[Note: article 22(1) of the Banking Consolidation Directive, article 13(5) second paragraph of MiFID and article 12(1)(a) of the UCITS Directive]

SYSC 4.1.2

See Notes

handbook-rule

For a common platform firm, the arrangements, processes and mechanisms referred to in SYSC 4.1.1 R must be comprehensive and proportionate to the nature, scale and complexity of the common platform firm's activities and must take into account the specific technical criteria described in SYSC 4.1.7 R, SYSC 5.1.7 R, SYSC 7 and (for a BIPRU firm and a third country BIPRU firm) SYSC 19A .

[Note: article 22(2) of the Banking Consolidation Directive]

SYSC 4.1.2A

See Notes

handbook-guidance

Other firms should take account of the comprehensiveness and proportionality rule (SYSC 4.1.2 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G.

Mechanisms and procedures for a BIPRU firm

SYSC 4.1.3

See Notes

handbook-rule

A BIPRU firm must ensure that its internal control mechanisms and administrative and accounting procedures permit the verification of its compliance with rules adopted in accordance with the Capital Adequacy Directive at all times.

[Note: article 35(1) final sentence of the Capital Adequacy Directive]

SYSC 4.1.4

See Notes

handbook-rule

A firm (with the exception of a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements)) must, taking into account the nature, scale and complexity of the business of the firm, and the nature and range of the financial services and activities undertaken in the course of that business:

  1. (1) (if it is a common platform firm or a management company) establish, implement and maintain decision-making procedures and an organisational structure which clearly and in a documented manner specifies reporting lines and allocates functions and responsibilities;
  2. (2) establish, implement and maintain adequate internal control mechanisms designed to secure compliance with decisions and procedures at all levels of the firm;
  3. (3) (if it is a common platform firm) establish, implement and maintain effective internal reporting and communication of information at all relevant levels of the firm; and
  4. (4) (if it is a management company) establish, implement and maintain effective internal reporting and communication of information at all relevant levels of the management company as well as effective information flows with any third party involved.

[Note: articles 5(1) final paragraph, 5(1)(a), 5(1)(c) and 5(1)(e) of the MiFID implementing Directive and articles 4(1) final paragraph, 4(1)(a), 4(1)(c) and 4(1)(d) of the UCITS implementing Directive]

SYSC 4.1.4A

See Notes

handbook-guidance

A firm that is not a common platform firm or a management company should take into account the decision-making procedures and effective internal reporting rules (SYSC 4.1.4R (1), (3) and (4)) as if they were guidance (and as if "should" appeared in those rules instead of "must") as explained in SYSC 1 Annex 1.3.3 G.

SYSC 4.1.5

See Notes

handbook-rule

A MiFID investment firm and a management company must establish, implement and maintain systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question.

[Note: article 5(2) of the MiFID implementing Directive and article 4(2) of the UCITS implementing Directive]

Business continuity

SYSC 4.1.6

See Notes

handbook-rule

A common platform firm must take reasonable steps to ensure continuity and regularity in the performance of its regulated activities. To this end the common platform firm must employ appropriate and proportionate systems, resources and procedures.

[Note: article 13(4) of MiFID]

SYSC 4.1.7

See Notes

handbook-rule

A common platform firm and a management company must establish, implement and maintain an adequate business continuity policy aimed at ensuring, in the case of an interruption to its systems and procedures, that any losses are limited, the preservation of essential data and functions, and the maintenance of its regulated activities, or, in the case of a management company, its collective portfolio management activities, or, where that is not possible, the timely recovery of such data and functions and the timely resumption of those activities.

[Note: article 5(3) of the MiFID implementing Directive, annex V paragraph 13 of the Banking Consolidation Directive and article 4(3) of the UCITS implementing Directive]

SYSC 4.1.7A

See Notes

handbook-guidance

Other firms should take account of the business continuity rules (SYSC 4.1.6 R and 4.1.7 R) as if they were guidance (and as if "should" appeared in those rules instead of "must") as explained in SYSC 1 Annex 1.3.3 G.

SYSC 4.1.8

See Notes

handbook-guidance

The matters dealt with in a business continuity policy should include:

  1. (1) resource requirements such as people, systems and other assets, and arrangements for obtaining these resources;
  2. (2) the recovery priorities for the firm's operations;
  3. (3) communication arrangements for internal and external concerned parties (including the appropriate regulator, clients and the press);
  4. (4) escalation and invocation plans that outline the processes for implementing the business continuity plans, together with relevant contact information;
  5. (5) processes to validate the integrity of information affected by the disruption; and
  6. (6) regular testing of the business continuity policy in an appropriate and proportionate manner in accordance with SYSC 4.1.10 R.

Accounting policies

SYSC 4.1.9

See Notes

handbook-rule

A common platform firm and a management company must establish, implement and maintain accounting policies and procedures that enable it, at the request of the appropriate regulator, to deliver in a timely manner to the appropriate regulator financial reports which reflect a true and fair view of its financial position and which comply with all applicable accounting standards and rules.

[Note: article 5(4) of the MiFID implementing Directive and article 4(4) of the UCITS implementing Directive]

Regular monitoring

SYSC 4.1.10

See Notes

handbook-rule

A common platform firm and a management company must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with SYSC 4.1.4 R to SYSC 4.1.9 R and take appropriate measures to address any deficiencies.

[Note: article 5(5) of the MiFID implementing Directive and article 4(5) of the UCITS implementing Directive]

SYSC 4.1.10A

See Notes

handbook-guidance

Other firms should take account of the regular monitoring rule (SYSC 4.1.10 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G, but ignoring the cross-reference to SYSC 4.1.5 R and 4.1.9 R.

Audit committee

SYSC 4.1.11

See Notes

handbook-guidance

Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to form an audit committee. An audit committee could typically examine management's process for ensuring the appropriateness and effectiveness of systems and controls, examine the arrangements made by management to ensure compliance with requirements and standards under the regulatory system, oversee the functioning of the internal audit function (if applicable) and provide an interface between management and external auditors. It should have an appropriate number of non-executive directors and it should have formal terms of reference.

Risk control: additional guidance

SYSC 4.1.13

See Notes

handbook-guidance

Firms should also consider the additional guidance on risk-centric governance arrangements for effective risk management contained in SYSC 21.

Apportionment of responsibilities: the role of the non-executive director

SYSC 4.1.14

See Notes

handbook-guidance

The role undertaken by a non-executive director will vary from one firm to another. Where a non-executive director is an approved person, for example where the firm is a body corporate, his responsibility and therefore liability will be limited by the role that he undertakes.

SYSC 4.2

Persons who effectively direct the business

SYSC 4.2.1

See Notes

handbook-rule

The senior personnel of a common platform firm, a management company or of the UK branch of a non-EEA bank must be of sufficiently good repute and sufficiently experienced as to ensure the sound and prudent management of the firm.

[Note: article 9(1) of MiFID, article 7(1)(b) of the UCITS Directive and article 11(1) second paragraph of the Banking Consolidation Directive]

SYSC 4.2.1A

See Notes

handbook-guidance

Other firms should take account of the senior personnel rule (SYSC 4.2.1 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G.

SYSC 4.2.2

See Notes

handbook-rule

A common platform firm, a management company and the UK branch of a non-EEA bank must ensure that its management is undertaken by at least two persons meeting the requirements laid down in SYSC 4.2.1 R.

[Note: article 9(4) first paragraph of MiFID, article 7(1)(b) of the UCITS Directive and article 11(1) first paragraph of the Banking Consolidation Directive]

SYSC 4.2.3

See Notes

handbook-guidance

In the case of a body corporate, the persons referred to in SYSC 4.2.2 R should either be executive directors or persons granted executive powers by, and reporting immediately to, the governing body. In the case of a partnership, they should be active partners.

SYSC 4.2.4

See Notes

handbook-guidance

At least two independent minds should be applied to both the formulation and implementation of the policies of a common platform firm, a management company and the UK branch of a non-EEA bank. Where such a firm nominates just two individuals to direct its business, the appropriate regulator will not regard them as both effectively directing the business where one of them makes some, albeit significant, decisions relating to only a few aspects of the business. Each should play a part in the decision-making process on all significant decisions. Both should demonstrate the qualities and application to influence strategy, day-to-day policy and its implementation. This does not require their day-to-day involvement in the execution and implementation of policy. It does, however, require involvement in strategy and general direction, as well as knowledge of, and influence on, the way in which strategy is being implemented through day-to-day policy.

SYSC 4.2.5

See Notes

handbook-guidance

Where there are more than two individuals directing the business of a common platform firm, a management company or the UK branch of a non-EEA bank, the appropriate regulator does not regard it as necessary for all of these individuals to be involved in all decisions relating to the determination of strategy and general direction. However, at least two individuals should be involved in all such decisions. Both individuals' judgement should be engaged so that major errors leading to difficulties for the firm are less likely to occur. Similarly, each individual should have sufficient experience and knowledge of the business and the necessary personal qualities and skills to detect and resist any imprudence, dishonesty or other irregularities by the other individual. Where a single individual, whether a chief executive, managing director or otherwise, is particularly dominant in such a firm this will raise doubts about whether SYSC 4.2.2 R is met.

SYSC 4.2.6

See Notes

handbook-rule

If a common platform firm, (other than a credit institution) or the UK branch of a non-EEA bank, is:

  1. (1) a natural person; or
  2. (2) a legal person managed by a single natural person;

it must have alternative arrangements in place which ensure sound and prudent management of the firm.

[Note: article 9(4) second paragraph of MiFID]

SYSC 4.3

Responsibility of senior personnel

SYSC 4.3.1

See Notes

handbook-rule

A firm (with the exception of a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements)), when allocating functions internally, must ensure that senior personnel and, where appropriate, the supervisory function, are responsible for ensuring that the firm complies with its obligations under the regulatory system. In particular, senior personnel and, where appropriate, the supervisory function must assess and periodically review the effectiveness of the policies, arrangements and procedures put in place to comply with the firm's obligations under the regulatory system and take appropriate measures to address any deficiencies.

[Note: article 9(1) of the MiFID implementing Directive and articles 9(1) and 9(3) of the UCITS implementing Directive]

SYSC 4.3.2

See Notes

handbook-rule

A common platform firm (with the exception of a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements)) and a management company, must ensure that:

  1. (1) its senior personnel receive on a frequent basis, and at least annually, written reports on the matters covered by SYSC 6.1.2 R to SYSC 6.1.5 R, SYSC 6.2.1 R and SYSC 7.1.2 R, SYSC 7.1.3 R and SYSC 7.1.5 R to SYSC 7.1.7 R, indicating in particular whether the appropriate remedial measures have been taken in the event of any deficiencies; and
  2. (2) the supervisory function, if any, receives on a regular basis written reports on the same matters.

[Note: article 9(2) and article 9(3) of the MiFID implementing Directive and articles 9(4) and 9(6) of the UCITS implementing Directive]

SYSC 4.3.2A

See Notes

handbook-guidance

Other firms should take account of the written reports rule (SYSC 4.3.2 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G.

SYSC 4.3.3

See Notes

handbook-guidance

The supervisory function does not include a general meeting of the shareholders of a firm , or equivalent bodies, but could involve, for example, a separate supervisory board within a two-tier board structure or the establishment of a non-executive committee of a single-tier board structure.

SYSC 4.4

Apportionment of responsibilities

Application

SYSC 4.4.1

See Notes

handbook-rule

This section applies to:

  1. (1) an authorised professional firm in respect of its non-mainstream regulated activities unless the firm is also conducting other regulated activities and has appointed approved persons to perform the governing functions with equivalent responsibilities for the firm's non-mainstream regulated activities and other regulated activities;
  2. (2) activities carried on by a firm whose principal purpose is to carry on activities other than regulated activities and which is:
    1. (a) an oil market participant; or
    2. (b) a service company; or
    3. (c) an energy market participant; or
    4. (d) a wholly-owned subsidiary of:
      1. (i) a local authority; or
      2. (ii) a registered social landlord; or
    5. (e) a firm with permission to carry on insurance mediation activity in relation to non-investment insurance contracts but no other regulated activity;
  3. (3) [deleted]
  4. (4) [deleted]
  5. (5) [deleted]
    1. (a) [deleted]
    2. (b) [deleted]
  6. (6) [deleted]
  7. (7) an incoming Treaty firm, an incoming EEA firm or a UCITS qualifier (but only SYSC 4.4.5R (2) applies for these firms); and
  8. (8) a sole trader, but only if he employs any person who is required to be approved under section 59 of the Act (Approval for particular arrangements).

SYSC 4.4.2

See Notes

handbook-guidance

This section does not apply to a common platform firm.

Maintaining a clear and appropriate apportionment

SYSC 4.4.3

See Notes

handbook-rule

A firm must take reasonable care to maintain a clear and appropriate apportionment of significant responsibilities among its directors and senior managers in such a way that:

  1. (1) it is clear who has which of those responsibilities; and
  2. (2) the business and affairs of the firm can be adequately monitored and controlled by the directors, relevant senior managers and governing body of the firm.

Allocating functions of apportionment and oversight

SYSC 4.4.5

See Notes

handbook-rule

A firm must appropriately allocate to one or more individuals, in accordance with the following table, the functions of:

  1. (1) dealing with the apportionment of responsibilities under SYSC 4.4.3 R; and
  2. (2) overseeing the establishment and maintenance of systems and controls under SYSC 4.1.1 R.

SYSC 4.4.6

See Notes

handbook-guidance

Frequently asked questions about allocation of functions in SYSC 4.4.5 R