SYSC 4

General organisational requirements [Note: Not mandatory for a common platform firm until 01/11/07. See SYSC TP1]

SYSC 4.1

General requirements

[Note: ESMA has also issued guidelines under article 16(3) of the ESMA Regulation covering certain aspects of the MiFID compliance function requirements. See http://www.esma.europa.eu/content/Guidelines-certain-aspects-MiFID-compliance-function-requirements.]

SYSC 4.1.1

See Notes

handbook-rule
  1. (1) A firm must have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.
  2. (2) [deleted]

[Note: article 74 (1) of CRD, article 13(5) second paragraph of MiFID, article 12(1)(a) of the UCITS Directive, and article 18(1) of AIFMD]

SYSC 4.1.2

See Notes

handbook-rule

For a common platform firm, the arrangements, processes and mechanisms referred to in SYSC 4.1.1 R must be comprehensive and proportionate to the nature, scale and complexity of the common platform firm's activities and must take into account the specific technical criteria described in SYSC 4.1.7 R, SYSC 5.1.7 R, SYSC 7 Band whichever of the following as applicable:

  1. (1) (for a firm to which SYSC 19A applies) SYSC 19A (IFPRU Remuneration Code);
  2. (2) (for a full-scope UK AIFM) SYSC 19B (AIFM Remuneration Code);
  3. (3) (for a firm to which SYSC 19C applies) SYSC 19C (BIPRU Remuneration Code);
  4. (4) (for a firm to which SYSC 19D applies) SYSC 19D (Dual-regulated firms Remuneration Code); or
  5. (5) (for a firm to which the Remuneration part of the PRA Rulebook applies) the Remuneration part of the PRA Rulebook.

[Note: article 22(2) of the Banking Consolidation Directive]

SYSC 4.1.2A

See Notes

handbook-guidance

Other firms should take account of the comprehensiveness and proportionality rule (SYSC 4.1.2 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G.

Mechanisms and procedures for a firm

SYSC 4.1.4

See Notes

handbook-rule

A firm (with the exception of a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements)) must, taking into account the nature, scale and complexity of the business of the firm, and the nature and range of the financial services and activities undertaken in the course of that business:

  1. (1) (if it is a common platform firm or a management company) establish, implement and maintain decision-making procedures and an organisational structure which clearly and in a documented manner specifies reporting lines and allocates functions and responsibilities;
  2. (2) establish, implement and maintain adequate internal control mechanisms designed to secure compliance with decisions and procedures at all levels of the firm;
  3. (3) (if it is a common platform firm) establish, implement and maintain effective internal reporting and communication of information at all relevant levels of the firm; and
  4. (4) (if it is a management company) establish, implement and maintain effective internal reporting and communication of information at all relevant levels of the management company as well as effective information flows with any third party involved.

[Note: articles 5(1) final paragraph, 5(1)(a), 5(1)(c) and 5(1)(e) of the MiFID implementing Directive and articles 4(1) final paragraph, 4(1)(a), 4(1)(c) and 4(1)(d) of the UCITS implementing Directive]

SYSC 4.1.4A

See Notes

handbook-guidance

A firm that is not a common platform firm or a management company should take into account the decision-making procedures and effective internal reporting rules (SYSC 4.1.4R (1), (3) and (4)) as if they were guidance (and as if "should" appeared in those rules instead of "must") as explained in SYSC 1 Annex 1.3.3 G.

SYSC 4.1.5

See Notes

handbook-rule

A MiFID investment firm and a management company must establish, implement and maintain systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question.

[Note: article 5(2) of the MiFID implementing Directive and article 4(2) of the UCITS implementing Directive]

Business continuity

SYSC 4.1.6

See Notes

handbook-rule

A common platform firm must take reasonable steps to ensure continuity and regularity in the performance of its regulated activities. To this end the common platform firm must employ appropriate and proportionate systems, resources and procedures.

[Note: article 13(4) of MiFID]

SYSC 4.1.7

See Notes

handbook-rule

A common platform firm and a management company must establish, implement and maintain an adequate business continuity policy aimed at ensuring, in the case of an interruption to its systems and procedures, that any losses are limited, the preservation of essential data and functions, and the maintenance of its regulated activities, or, in the case of a management company, its collective portfolio management activities, or, where that is not possible, the timely recovery of such data and functions and the timely resumption of those activities.

[Note: article 5(3) of the MiFID implementing Directive, annex V paragraph 13 of the Banking Consolidation Directive, article 4(3) of the UCITS implementing Directive and article 85(2) of the CRD]

SYSC 4.1.7A

See Notes

handbook-guidance

Other firms should take account of the business continuity rules (SYSC 4.1.6 R and 4.1.7 R) as if they were guidance (and as if "should" appeared in those rules instead of "must") as explained in SYSC 1 Annex 1.3.3 G.

SYSC 4.1.8

See Notes

handbook-guidance

The matters dealt with in a business continuity policy should include:

  1. (1) resource requirements such as people, systems and other assets, and arrangements for obtaining these resources;
  2. (2) the recovery priorities for the firm's operations;
  3. (3) communication arrangements for internal and external concerned parties (including the appropriate regulator, clients and the press);
  4. (4) escalation and invocation plans that outline the processes for implementing the business continuity plans, together with relevant contact information;
  5. (5) processes to validate the integrity of information affected by the disruption; and
  6. (6) regular testing of the business continuity policy in an appropriate and proportionate manner in accordance with SYSC 4.1.10 R.

Accounting policies

SYSC 4.1.9

See Notes

handbook-rule

A common platform firm and a management company must establish, implement and maintain accounting policies and procedures that enable it, at the request of the appropriate regulator, to deliver in a timely manner to the appropriate regulator financial reports which reflect a true and fair view of its financial position and which comply with all applicable accounting standards and rules.

[Note: article 5(4) of the MiFID implementing Directive and article 4(4) of the UCITS implementing Directive]

Regular monitoring

SYSC 4.1.10

See Notes

handbook-rule

A common platform firm and a management company must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with SYSC 4.1.4 R to SYSC 4.1.9 R and take appropriate measures to address any deficiencies.

[Note: article 5(5) of the MiFID implementing Directive and article 4(5) of the UCITS implementing Directive]

SYSC 4.1.10A

See Notes

handbook-guidance

Other firms should take account of the regular monitoring rule (SYSC 4.1.10 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G, but ignoring the cross-reference to SYSC 4.1.5 R and 4.1.9 R.

Audit committee

SYSC 4.1.11

See Notes

handbook-guidance

Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to form an audit committee. An audit committee could typically examine management's process for ensuring the appropriateness and effectiveness of systems and controls, examine the arrangements made by management to ensure compliance with requirements and standards under the regulatory system, oversee the functioning of the internal audit function (if applicable) and provide an interface between management and external auditors. It should have an appropriate number of non-executive directors and it should have formal terms of reference.

Risk control: additional guidance

SYSC 4.1.13

See Notes

handbook-guidance

Firms should also consider the additional guidance on risk-centric governance arrangements for effective risk management contained in SYSC 21.

Apportionment of responsibilities: the role of the non-executive director

SYSC 4.1.14

See Notes

handbook-guidance

The role undertaken by a non-executive director will vary from one firm to another. Where a non-executive director is an approved person, for example where the firm is a body corporate, his responsibility and therefore liability will be limited by the role that he undertakes.

SYSC 4.1.15

See Notes

handbook-rule
  1. (1) A firm must have in place appropriate procedures for its employees to report breaches internally through a specific, independent and autonomous channel.
  2. (2) The channel in (1) may be provided through arrangements provided for by social partners.

[Note: article 71 (3) of CRD]

SYSC 4.2

Persons who effectively direct the business

SYSC 4.2.1

See Notes

handbook-rule

The senior personnel of a common platform firm, a management company a full-scope UK AIFM, or of the UK branch of a non-EEA bank must be of sufficiently good repute and sufficiently experienced as to ensure the sound and prudent management of the firm.

[Note: article 9(1) of MiFID, article 7(1)(b) of the UCITS Directive article 8(1)(c) of AIFMD, article 11(1) second paragraph of the Banking Consolidation Directive and article 13(1) of the CRD]

SYSC 4.2.1A

See Notes

handbook-guidance

Other firms should take account of the senior personnel rule (SYSC 4.2.1 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G.

SYSC 4.2.2

See Notes

handbook-rule

A common platform firm, a management company, a full-scope UK AIFM and the UK branch of a non-EEA bank must ensure that its management is undertaken by at least two persons meeting the requirements laid down in SYSC 4.2.1 R and, for a full-scope UK AIFM, SYSC 4.2.7 R.

[Note: article 9(4) first paragraph of MiFID, article 7(1)(b) of the UCITS Directive, article 8(1)(c) of AIFMD and article 13(1) of CRD]

SYSC 4.2.3

See Notes

handbook-guidance

In the case of a body corporate, the persons referred to in SYSC 4.2.2 R should either be executive directors or persons granted executive powers by, and reporting immediately to, the governing body. In the case of a partnership, they should be active partners.

SYSC 4.2.4

See Notes

handbook-guidance

At least two independent minds should be applied to the formulation and implementation of the policies of a common platform firm, a management company, a full-scope UK AIFM and the UK branch of a non-EEA bank. Where a firm nominates just two individuals to direct its business, the appropriate regulator will not regard them as both effectively directing the business where one of them makes some, albeit significant, decisions relating to only a few aspects of the business. Each should play a part in the decision-making process on all significant decisions. Both should demonstrate the qualities and application to influence strategy, day-to-day policy and its implementation. This does not require their day-to-day involvement in the execution and implementation of policy. It does, however, require involvement in strategy and general direction, as well as knowledge of, and influence on, the way in which strategy is being implemented through day-to-day policy.

SYSC 4.2.5

See Notes

handbook-guidance

Where there are more than two individuals directing the business of a common platform firm, a management company, a full-scope UK AIFM or the UK branch of a non-EEA bank, the appropriate regulator does not regard it as necessary for all of these individuals to be involved in all decisions relating to the determination of strategy and general direction. However, at least two individuals should be involved in all such decisions. Both individuals' judgement should be engaged so that major errors leading to difficulties for the firm are less likely to occur. Similarly, each individual should have sufficient experience and knowledge of the business and the necessary personal qualities and skills to detect and resist any imprudence, dishonesty or other irregularities by the other individual. Where a single individual, whether a chief executive, managing director or otherwise, is particularly dominant in such a firm this will raise doubts about whether SYSC 4.2.2 R is met.

SYSC 4.2.6

See Notes

handbook-rule

If a common platform firm, (other than a credit institution or AIFM investment firm) or the UK branch of a non-EEA bank, is:

  1. (1) a natural person; or
  2. (2) a legal person managed by a single natural person;

it must have alternative arrangements in place which ensure sound and prudent management of the firm.

[Note: article 9(4) second paragraph of MiFID]

SYSC 4.3

Responsibility of senior personnel

SYSC 4.3.1

See Notes

handbook-rule

A firm (with the exception of a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements)), when allocating functions internally, must ensure that senior personnel and, where appropriate, the supervisory function, are responsible for ensuring that the firm complies with its obligations under the regulatory system. In particular, senior personnel and, where appropriate, the supervisory function must assess and periodically review the effectiveness of the policies, arrangements and procedures put in place to comply with the firm's obligations under the regulatory system and take appropriate measures to address any deficiencies.

[Note: article 9(1) of the MiFID implementing Directive and articles 9(1) and 9(3) of the UCITS implementing Directive]

SYSC 4.3.2

See Notes

handbook-rule

A common platform firm (with the exception of a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements)) and a management company, must ensure that:

  1. (1) its senior personnel receive on a frequent basis, and at least annually, written reports on the matters covered by SYSC 6.1.2 R to SYSC 6.1.5 R, SYSC 6.2.1 R and SYSC 7.1.2 R, SYSC 7.1.3 R and SYSC 7.1.5 R to SYSC 7.1.7 R, indicating in particular whether the appropriate remedial measures have been taken in the event of any deficiencies; and
  2. (2) the supervisory function, if any, receives on a regular basis written reports on the same matters.

[Note: article 9(2) and article 9(3) of the MiFID implementing Directive and articles 9(4) and 9(6) of the UCITS implementing Directive]

SYSC 4.3.2A

See Notes

handbook-guidance

Other firms should take account of the written reports rule (SYSC 4.3.2 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G.

SYSC 4.3.3

See Notes

handbook-guidance

The supervisory function does not include a general meeting of the shareholders of a firm , or equivalent bodies, but could involve, for example, a separate supervisory board within a two-tier board structure or the establishment of a non-executive committee of a single-tier board structure.

SYSC 4.3A

CRR firms

Management body

SYSC 4.3A.1

See Notes

handbook-rule

A CRR firm must ensure that the management body defines, oversees and is accountable for the implementation of governance arrangements that ensure effective and prudent management of the firm, including the segregation of duties in the organisation and the prevention of conflicts of interest. The firm must ensure that the management body:

  1. (1) has overall responsibility for the firm;
  2. (2) approves and oversees implementation of the firm's strategic objectives, risk strategy and internal governance;
  3. (3) ensures the integrity of the firm's accounting and financial reporting systems, including financial and operational controls and compliance with the regulatory system.
  4. (4) oversees the process of disclosure and communications;
  5. (5) has responsibility for providing effective oversight of senior management.
  6. (6) monitors and periodically assesses the effectiveness of the firm's governance arrangements and takes appropriate steps to address any deficiencies.

[Note: article 88(1) of CRD]

SYSC 4.3A.2

See Notes

handbook-rule

A CRR firm must ensure that the chairman of the firm's management body does not exercise simultaneously the chief executive function within the same firm, unless justified by the firm and authorised by the appropriate regulator.

[Note: article 88(1)(e) of CRD]

SYSC 4.3A.3

See Notes

handbook-rule

A CRR firm must ensure that the members of the management body of the firm:

  1. (1) are of sufficiently good repute;
  2. (2) possess sufficient knowledge, skills and experience to perform their duties;
  3. (3) possess adequate collective knowledge, skills and experience to understand the firm's activities, including the main risks;
  4. (4) reflect an adequately broad range of experiences;
  5. (5) commit sufficient time to perform their functions in the firm; and
  6. (6) act with honesty, integrity and independence of mind to effectively assess and challenge the decisions of senior management where necessary and to effectively oversee and monitor management decision-making.

[Note: article 91(1)-(2) and (7)-(8) of the CRD]

SYSC 4.3A.4

See Notes

handbook-rule

A CRR firm must devote adequate human and financial resources to the induction and training of members of the management body.

[Note: article 91(3) of the CRD]

SYSC 4.3A.5

See Notes

handbook-rule

A CRR firm must ensure that the members of the management body of the firm do not hold more directorships than is appropriate taking into account individual circumstances and the nature, scale and complexity of the firm's activities.

[Note: article 91(3) of the CRD]

SYSC 4.3A.6

See Notes

handbook-rule
  1. (1) A CRR firm that is significant must ensure that the members of the management body of the firm do not hold more than one of the following combinations of directorship in any organisation at the same time:
    1. (a) one executive directorship with two non-executive directorships; and
    2. (b) four non-executive directorships.
  2. (2) Paragraph (1) does not apply to members of the management body that represent the United Kingdom.

[Note: article 91(3) of the CRD]

SYSC 4.3A.6A

See Notes

handbook-guidance

In SYSC 4.3A.6 R a 'CRR firm that is significant' means a deposit-taker or designated investment firm whose size, interconnectedness, complexity and business type gives it the capacity to cause some disruption to the UK financial system (and through that to economic activity more widely) by failing or by carrying on its business in an unsafe manner.

SYSC 4.3A.6B

See Notes

handbook-guidance

The limits on directorships set out in SYSC 4.3A.6 R also apply to members of the management body of the UK consolidation group or non-EEA sub group in accordance with SYSC 12.1.13 R. Individuals in any of the entities belonging to the UK consolidation group or non-EEA sub group are capable of forming part of this management body. For example, members of the management body of a non-CRR firm that is a parent financial holding company in a Member State and is a member of a UK consolidation group could be caught by the limits in SYSC 4.3A.6 R (SYSC 12.1.14 R). In particular, a person who requires approval under SUP 10B.6.2 R or SUP 10B.6.4 R because of the influence they exercise over the CRR firm is a member of the management body of the UK consolidation group or non-EEA sub group and therefore subject to the limit on directorships in SYSC 4.3A.6 R.

[Note: article 91(3) and article 109(2) of the CRD]

SYSC 4.3A.7

See Notes

handbook-rule

For the purposes of SYSC 4.3A.5 R and SYSC 4.3A.6 R:

  1. (1) directorships in organisations which do not pursue predominantly commercial objectives shall not count; and
  2. (2) the following shall count as a single directorship:
    1. (a) executive or non-executive directorships held within the same group; or
    2. (b) executive or non-executive directorships held within:
      1. (i) firms that are members of the same institutional protection scheme provided that the conditions set out in Article 113(7) of the CRR are fulfilled; or
      2. (ii) undertakings (including non-financial entities) in which the firm holds a qualifying holding.

[Note: article 91(4) and (5) of the CRD]

Nomination Committee

SYSC 4.3A.8

See Notes

handbook-rule

A CRR firm that is significant must:

  1. (1) establish a nomination committee composed of members of the management body who do not perform any executive function in the firm;
  2. (2) ensure that the nomination committee is able to use any forms of resources the nomination committee deems appropriate, including external advice; and
  3. (3) ensure that the nomination committee receives appropriate funding.

[Note: article 88(2) of the CRD]

SYSC 4.3A.8A

See Notes

handbook-guidance

In SYSC 4.3A.8 R a 'CRR firm that is significant' means a deposit-taker or designated investment firm whose size, interconnectedness, complexity and business type gives it the capacity to cause some disruption to the UK financial system (and through that to economic activity more widely) by failing or by carrying on its business in an unsafe manner.

SYSC 4.3A.9

See Notes

handbook-rule

A CRR firm that has a nomination committee must ensure that the nomination committee:

  1. (1) engage a broad set of qualities and competences when recruiting members to the management body and for that purpose puts in place a policy promoting diversity on the management body;
  2. (2) identifies and recommends for approval, by the management body or by general meeting, candidates to fill management body vacancies, having evaluated the balance of knowledge, skills, diversity and experience of the management body;
  3. (3) prepares a description of the roles and capabilities for a particular appointment, and assesses the time commitment required;
  4. (4) decides on a target for the representation of the underrepresented gender in the management body and prepares a policy on how to increase the number of the underrepresented gender in the management body in order to meet that target;
  5. (5) periodically, and at least annually, assesses the structure, size, composition and performance of the management body and makes recommendations to the management body with regard to any changes;
  6. (6) periodically, and at least annually, assesses the knowledge, skills and experience of individual members of the management body and of the management body collectively, and reports this to the management body;
  7. (7) periodically reviews the policy of the management body for selection and appointment of senior management and makes recommendations to the management body; and
  8. (8) in performing its duties, and to the extent possible, on an ongoing basis, takes account of the need to ensure that the management body's decision making is not dominated by any one individual or small group of individuals in a manner that is detrimental to the interest of the firm as a whole;

[Note: article 88(2) and article 91(10) of the CRD]

SYSC 4.3A.10

See Notes

handbook-rule

A CRR firm that does not have a nomination committee must engage a broad set of qualities and competences when recruiting members to the management body. For that purpose a CRR firm that does not have a nomination committee must put in place a policy promoting diversity on the management body.

[Note: article 91(10) of the CRD]

Website

SYSC 4.3A.11

See Notes

handbook-rule

A CRR firm that maintains a website must explain on the website how it complies with the requirements of SYSC 4.3A.1 R to SYSC 4.3A.3 R and SYSC 4.3A.4 R to SYSC 4.3A.11 R.

[Note: article 96 of the CRD]

SYSC 4.4

Apportionment of responsibilities

Application

SYSC 4.4.1

See Notes

handbook-rule

This section applies to:

  1. (1) an authorised professional firm in respect of its non-mainstream regulated activities unless the firm is also conducting other regulated activities and has appointed approved persons to perform the governing functions with equivalent responsibilities for the firm's non-mainstream regulated activities and other regulated activities;
  2. (2) activities carried on by a firm whose principal purpose is to carry on activities other than regulated activities and which is:
    1. (a) an oil market participant; or
    2. (b) a service company; or
    3. (c) an energy market participant; or
    4. (d) a wholly-owned subsidiary of:
      1. (i) a local authority; or
      2. (ii) a registered social landlord; or
    5. (e) a firm with permission to carry on insurance mediation activity in relation to non-investment insurance contracts but no other regulated activity;
  3. (3) [deleted]
  4. (4) [deleted]
  5. (5) [deleted]
    1. (a) [deleted]
    2. (b) [deleted]
  6. (6) [deleted]
  7. (7) an incoming Treaty firm, an incoming EEA firm or a UCITS qualifier (but only SYSC 4.4.5R (2) applies for these firms); and
  8. (8) a sole trader, but only if he employs any person who is required to be approved under section 59 of the Act (Approval for particular arrangements).

SYSC 4.4.2

See Notes

handbook-guidance

This section does not apply to a common platform firm.

Maintaining a clear and appropriate apportionment

SYSC 4.4.3

See Notes

handbook-rule

A firm must take reasonable care to maintain a clear and appropriate apportionment of significant responsibilities among its directors and senior managers in such a way that:

  1. (1) it is clear who has which of those responsibilities; and
  2. (2) the business and affairs of the firm can be adequately monitored and controlled by the directors, relevant senior managers and governing body of the firm.

Allocating functions of apportionment and oversight

SYSC 4.4.5

See Notes

handbook-rule

A firm must appropriately allocate to one or more individuals, in accordance with the following table, the functions of:

  1. (1) dealing with the apportionment of responsibilities under SYSC 4.4.3 R; and
  2. (2) overseeing the establishment and maintenance of systems and controls under SYSC 4.1.1 R.

SYSC 4.4.6

See Notes

handbook-guidance

Frequently asked questions about allocation of functions in SYSC 4.4.5 R