A firm should consult SYSC 3.2.2 G to SYSC 3.2.5 G for guidance on reporting lines and delegation of functions within a firm and SYSC 3.2.13 G to SYSC 3.2.14 G for guidance on the suitability of employees and appointed representatives or, where applicable, its tied agents1. This section provides additional guidance on management of employees and other human resources in the context of operational risk.
its operational risk culture, and any variations in this or its human resource management practices, across its operations (including, for example, the extent to which the compliance culture is extended to in-house IT staff);
whether the way employees are remunerated exposes the firm to the risk that it will not be able to meet its regulatory obligations (see SYSC 3.2.18 G). For example, a firm should consider how well remuneration and performance indicators reflect the firm's tolerance for operational risk, and the adequacy of these indicators for measuring performance;
the extent of its compliance with applicable regulatory and other requirements that relate to the welfare and conduct of employees;
its arrangements for the continuity of operations in the event of employee unavailability or loss;
the relationship between indicators of 'people risk' (such as overtime, sickness, and employee turnover levels) and exposure to operational losses; and
the relevance of all the above to employees of a third party supplier who are involved in performing an outsourcing arrangement. As necessary, a firm should review and consider the adequacy of the staffing arrangements and policies of a service provider.
clear policy statements and appropriate systems and procedures manuals that are effectively communicated to employees and available for employees to refer to as required. These should cover, for example, compliance, IT security and health and safety issues;
training processes that enable employees to attain and maintain appropriate competence; and
appropriate and properly enforced disciplinary and employment termination policies and procedures.
A firm should have regard to SYSC 13.6.3 G in relation to approved persons, people occupying positions of high personal trust (for example, security administration, payment and settlement functions); and people occupying positions requiring significant technical competence (for example, derivatives trading and technical security administration). A firm should also consider the rules and guidance for approved persons in other parts of the Handbook (including APER, COCON2 and SUP) and the rules and guidance on senior manager responsibilities in SYSC 2.1 (Apportionment of Responsibilities).