Content Options

View Options

Status: You are viewing the version of the handbook as on 2019-12-18.

SYSC 4.1 General requirements

[Note: ESMA has also issued guidelines under article 16(3) of the ESMA Regulation covering certain aspects of the MiFID compliance function requirements. See http://www.esma.europa.eu/content/Guidelines-certain-aspects-MiFID-compliance-function-requirements.]

Application to a common platform firm

SYSC 4.1.-2 G RP

21For a common platform firm:

  1. (1)

    the MiFID Org Regulation applies, as summarised in SYSC 1 Annex 1 3.2G, SYSC 1 Annex 1 3.2-AR and SYSC 1 Annex 1 3.2-BR; and

  2. (2)

    the rules and guidance apply as set out in the table below:

    Subject

    Applicable rule or guidance

    General requirements

    SYSC 4.1.1R, SYSC 4.1.1CR, SYSC 4.1.2R, SYSC 4.1.2AAR

    Business continuity

    SYSC 4.1.6R, SYSC 4.1.7R, SYSC 4.1.8G

    Audit committee

    SYSC 4.1.11G, SYSC 4.1.13G, SYSC 4.1.14G

    Persons who effectively direct the business

    SYSC 4.2.1R, SYSC 4.2.2R, SYSC 4.2.3G, SYSC 4.2.4G, SYSC 4.2.5G, SYSC 4.2.6R

    Responsibility of senior personnel

    SYSC 4.3.3G

    Management body

    SYSC 4.3A.-1R to SYSC 4.3A.7R

    Nominations committee

    SYSC 4.3A.8R to SYSC 4.3A.11R

    22

    22

    22

    22

Application to a MiFID optional exemption firm and to a third country firm

SYSC 4.1.-1 G RP

21For a MiFID optional exemption firm and a third country firm:

  1. (1)

    the rules and guidance in this chapter apply to them as if they were rules or as guidance in accordance with SYSC 1 Annex 1 3.2CR(1); and

  2. (2)

    those articles of the MiFID Org Regulation in SYSC 1 Annex 1 2.8AR and 3.2CR apply to them as if they were rules or as guidance in accordance with SYSC 1 Annex 1 3.2CR(2).

General requirements

SYSC 4.1.1 R RP
3
  1. (1)

    A firm must have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.8

  2. (2)

    [deleted]

    1313

[Note: article 74 (1) of CRD, article 1621(5) second paragraph of MiFID,12 article 12(1)(a) of the UCITS Directive, and article 18(1) of AIFMD12]10

12
  1. (3)

    Without prejudice to the ability of the FCA or any other relevant competent authority to require access to communications in accordance with MiFID and MiFIR, a common platform firm must have sound security mechanisms in place for the following, while maintaining the confidentiality of the data at all times:21

    1. (a)

      to guarantee the security and authentication of the means of transfer of information;21

    2. (b)

      to minimise the risk of data corruption and unauthorised access; and21

    3. (c)

      to prevent information leakage. 21

[Note: article 16(5) third paragraph of MiFID]21

SYSC 4.1.1A R RP

[Note: article 13(1) of AIFMD]

SYSC 4.1.1B R RP

14A full-scope UK AIFM must, in particular:

  1. (1)

    have rules for personal transactions by its employees or for the holding or management of investments it invests on its own account;

  2. (2)

    ensure that each transaction involving the AIFs may be reconstructed according to its origin, the parties to it, its nature, and the time and place at which it was effected; and

  3. (3)

    ensure that the assets of the AIFs managed by the AIFM are invested in accordance with the instrument constituting the fund and the legal provisions in force.

[Note: article 18(1) second paragraph of AIFMD]

SYSC 4.1.1C R RP
SYSC 4.1.1D R RP

19A UK UCITS management company must comply with the UCITS Remuneration Code if it:

  1. (1)

    manages a UCITS scheme; or

  2. (2)

    manages an EEA UCITS scheme.

[Note: article 14a(1) of the UCITS Directive]

SYSC 4.1.1E R RP

19A UK UCITS management company must have appropriate procedures for its employees to report potential or actual breaches of national provisions transposing the UCITS Directive internally through a specific, independent and autonomous channel.

[Note: article 99d(5) of the UCITS Directive]

SYSC 4.1.1F G RP

19 SYSC 18 (Guidance on Public Interest Disclosure Act: Whistleblowing) contains further guidance on the effect of the Public Interest Disclosure Act 1998 in the context of the relationship between firms and the FCA.

SYSC 4.1.2 R RP

For a common platform firm, the 3 arrangements, processes and mechanisms referred to in SYSC 4.1.1 R must be comprehensive and proportionate to the nature, scale and complexity of the risks inherent in the business model and of13 the common platform firm's activities and must take into account the specific technical criteria described in article 21(3) of the MiFID Org Regulation21, SYSC 5.1.7 R, SYSC 7 and whichever of the following as applicable:

3 8 17 13 13 12 8 17
  1. (1)

    (for a firm to which SYSC 19A applies) SYSC 19A (IFPRU Remuneration Code);

  2. (2)

    (for a full-scope UK AIFM) SYSC 19B (AIFM Remuneration Code);

  3. (3)

    (for a firm to which SYSC 19C applies) SYSC 19C (BIPRU Remuneration Code);

  4. (4)

    (for a firm to which SYSC 19D applies) SYSC 19D (Dual-regulated firms Remuneration Code); or

  5. (5)

    (for a firm to which the remuneration part of the PRA Rulebook applies) the remuneration part of the PRA Rulebook.17

[Note: article 74 (2) of CRD13]

13
SYSC 4.1.2A G RP

3Other firms should take account of the comprehensiveness and proportionality rule (SYSC 4.1.2 R) as if it were guidance (and as if "should" appeared in that rule21 instead of "must") as explained in SYSC 1 Annex 1 3.3 R(1)21.9

5
SYSC 4.1.2AA R RP

Where SYSC 4.1.2 R applies to a BIPRU firm, it must take into account the specific technical criteria described in SYSC 19C.

SYSC 4.1.2B R RP

10For a management company or a full-scope UK AIFM14, the arrangements, processes and mechanisms referred to in SYSC 4.1.1 R and SYSC 4.1.1A R14 must also take account of the UCITS schemes and EEA UCITS schemes managed by the management company or the AIFs managed by the full-scope UK AIFM14.

[Note: article 12(1) second paragraph of the UCITS Directiveand article 18(1) second paragraph of AIFMD14]

Resources for management companies and AIFMs14

SYSC 4.1.2C R RP

10A management company, a full-scope UK AIFM and an incoming EEA AIFMbranch14 must have, and employ effectively, the resources and procedures that are necessary for the proper performance of its business activities.

[Note: articles 12(1)(a) and 14(1)(c) of the UCITS Directive and article 12(1)(c) of AIFMD14]

SYSC 4.1.2D R RP

14A full-scope UK AIFM must use, at all times, adequate and appropriate human and technical resources that are necessary for the proper management of AIFs.

[Note: article 18(1) first paragraph of AIFMD]

Subordinate measures relating to provisions implementing article 12(1) of AIFMD

SYSC 4.1.2E G RP

14Articles 16 to 29 of the AIFMD level 2 regulation provide detailed rules supplementing the provisions of article 12(1) of AIFMD, articles 57 to 66 of the AIFMD level 2 regulation provide detailed rules supplementing articles 12 and 18 of AIFMD.

13 13Mechanisms and procedures for a firm

SYSC 4.1.4 R RP

A firm (with the exception of a common platform firm and a 21sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements))3 must, taking into account the nature, scale and complexity of the business of the firm, and the nature and range of the financial services, claims management services and other23 activities undertaken in the course of that business:

3 10 3
  1. (1)

    (if it is 21a management company)10 establish, implement and maintain decision-making procedures and an organisational structure which clearly and in a documented manner specifies reporting lines and allocates functions and responsibilities;

    3
  2. (2)

    establish, implement and maintain adequate internal control mechanisms designed to secure compliance with decisions and procedures at all levels of the firm;

    10
  3. (3)

    21establish, implement and maintain effective internal reporting and communication of information at all relevant levels of the firm; and10

    3
  4. (4)

    10(if it is a management company) establish, implement and maintain effective internal reporting and communication of information at all relevant levels of the management company as well as effective information flows with any third party involved.

[Note: 21articles 4(1) final paragraph, 4(1)(a), 4(1)(c) and 4(1)(d) of the UCITS implementing Directive]10

SYSC 4.1.4A G RP

3A firm that is not a common platform firm or a management company10 should take into account the decision-making procedures and effective internal reporting rules (SYSC 4.1.4R (1),10(3) and (4))10 as if they were guidance (and as if "should" appeared in those rules21 instead of "must") as explained in SYSC 1 Annex 1 3.3 R(1)21.

5
SYSC 4.1.5 R RP

A 21management company10 must establish, implement and maintain systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question.

[Note: 21 article 4(2) of the UCITS implementing Directive]10

Business continuity

SYSC 4.1.6 R RP

A common platform firm must take reasonable steps to ensure continuity and regularity in the performance of its regulated activities. To this end the common platform firm3 must employ appropriate and proportionate systems, resources and procedures.

[Note: article 1621(4) of MiFID]

SYSC 4.1.7 R RP

A CRR firm21 and a management company10 must establish, implement and maintain an adequate business continuity policy aimed at ensuring, in the case of an interruption to its systems and procedures, that any losses are limited, the preservation of essential data and functions, and the maintenance of its regulated activities, or, in the case of a management company, its collective portfolio management activities,10 or, where that is not possible, the timely recovery of such data and functions and the timely resumption of those activities.10

[Note: 21 article 4(3) of the UCITS implementing Directive and article 85(2) of 21CRD11]10

10 10 10
SYSC 4.1.7A G RP

3Other firms should take account of the business continuity rules (SYSC 4.1.6 R and 4.1.7 R) as if they were guidance (and as if "should" appeared in those rules21 instead of "must") as explained in SYSC 1 Annex 1 3.3 R(1)21.

5
SYSC 4.1.8 G RP

The matters dealt with in a business continuity policy should include:

  1. (1)

    resource requirements such as people, systems and other assets, and arrangements for obtaining these resources;

  2. (2)

    the recovery priorities for the firm's operations;

  3. (3)

    communication arrangements for internal and external concerned parties (including the FCA21, clients and the press);

  4. (4)

    escalation and invocation plans that outline the processes for implementing the business continuity plans, together with relevant contact information;

  5. (5)

    processes to validate the integrity of information affected by the disruption; and

  6. (6)

    regular testing of the business continuity policy in an appropriate and proportionate manner in accordance with SYSC 4.1.10R and for a common platform firm with article 21(5) of the MiFID Org Regulation21.

16Operators of electronic systems in relation to lending: arrangements to administer loans in the event of platform failure

SYSC 4.1.8A R RP
16
  1. (1)

    An operator of an electronic system in relation to lending must have arrangements in place to ensure that P2P agreements facilitated by it will have a reasonable likelihood of being24 managed and administered, in accordance with the contract terms between the firm and its relevant borrower and lender customers,24 if at any time it ceases to manage and administer those P2P agreements.24

  2. (2)

    Under (1), and wherever the requirement in (1) is referenced in the FCA’s rules and guidance, the reference to P2P agreements includes any non-P2P agreement included in a P2P portfolio.24

  3. (3)

    The arrangements under (1) must not be designed to prefer any particular customers or class of customers for whom it manages and administers P2P agreements or non-P2P agreements.24

SYSC 4.1.8B R RP

[deleted]24

16
SYSC 4.1.8C G RP

16Arrangements that are required to be put in place under SYSC 4.1.8AR24 may include any one or more of the following24:

  1. (1)

    entering into an arrangement with another firm that has the appropriate permissions24 to take over the management and administration of P2P agreements if the operator ceases to operate the electronic system in relation to lending and, where appropriate:24

    1. (a)

      obtaining prior and informed consent from lender clients to fund the continued cost of management and administration of their respective loans, for example through increased commissions; and/or24

    2. (b)

      obtaining prior and informed consent from lender clients and borrower clients for the transfer of the service of managing and administration of P2P agreements from the firm to that other firm; or24

  2. (2)

    holding sufficient collateral 24to cover the cost of management and administration while the loan book is wound down, ensuring that the collateral is held through a structure that is ring-fenced in the event of the firm’s insolvency24; or

  3. (3)

    [deleted]24

  4. (4)

    managing the loan book in a way that ensures that income from P2P agreements facilitated by the firm is sufficient to cover the costs of managing and administering those agreements during the winding down process, taking into account the reduction of the loan pool and fee income from it.

SYSC 4.1.8D G RP
16
  1. (1)

    When designing its arrangements, a firm should take into account the general24 law to ensure that the insolvency of the firm does not prejudice the operation of arrangements that the firm has put in place.24

  2. (2)

    A firm should consider the need to obtain professional advice on the adequacy of its arrangements. For example, a firm may benefit from obtaining legal advice or advice from a qualified insolvency practitioner on the likelihood of its arrangements securing the required outcome for continuity of management and administration of P2P agreements.24

  3. (3)

    In assessing the adequacy of its arrangements, a firm should consider, in particular:24

    1. (a)

      whether any terms included in relevant contracts as part of its arrangements are enforceable, for example terms in customer, service and supplier contracts; 24

    2. (b)

      the extent to which other practical obstacles could foreseeably prevent the implementation of the arrangements or frustrate the required outcome, including whether the firm will be likely to have sufficient financial resources to fund the implementation of the arrangements at the relevant time; 24

    3. (c)

      whether the arrangements make adequate provision for any activities that are ancillary to the management and administration of P2P agreements upon which the required outcome is, or could be, dependent;24

    4. (d)

      whether, having regard to SYSC 4.1.8AR(3), its arrangements are designed so as not to produce a better outcome for its customers who are party to non-P2P agreements than for customers who are party to P2P agreements;24

    5. (e)

      whether its arrangements take into account any relevant security arrangements in relation to loans; and24

    6. (f)

      whether its arrangements take into account any relevant tax arrangements for lender clients.24

  4. (4)

    Firms are reminded of the disclosure requirements in COBS 18.12.28R (Information concerning platform failure).24

  5. (5)

    Firms may find it useful to refer to the FCA’s Wind-down Planning Guide (WDPG) when designing their arrangements.24

SYSC 4.1.8DA G

24In line with Principle 11 and SUP 15.3.8G (Communication with the appropriate regulator in accordance with Principle 11), a firm should notify the FCA in writing if it is contemplating:

  1. (1)

    ceasing to manage and administer P2P agreements facilitated by it;

  2. (2)

    implementing its arrangements under SYSC 4.1.8AR; or

  3. (3)

    implementing any other arrangements that have a similar purpose.

SYSC 4.1.8DB R

24An operator of an electronic system in relation to lending must produce and keep up to date a P2P resolution manual which contains information about the firm that, in the event of the firm’s insolvency, would assist in resolving the firm’s business of management and administration of P2P agreements that it has facilitated. For these purposes, the reference to P2P agreements includes any non-P2P agreement included in a P2P portfolio. It must, as a minimum, include a written explanation of each of the following:

  1. (1)

    how the firm conducts the business of management and administration of P2P agreements that it has facilitated, what the day-to-day operation of that business entails and what resources would be needed to continue that business if the firm ceased to carry it on, including a specification of:

    1. (a)

      critical staff and their respective roles;

    2. (b)

      critical premises;

    3. (c)

      the firm’s IT systems, including details of data storage and data recovery arrangements;

    4. (d)

      the firm’s record-keeping systems, including how records are organised;

    5. (e)

      all relevant bank accounts and payment facilities;

    6. (f)

      all relevant persons outside of the firm, and their respective roles, including any outsourced service providers;

    7. (g)

      all relevant legal documentation, including customer, service and supplier contracts;

    8. (h)

      the firm’s group, using a structure chart showing:

      1. (i)

        the legal entities in the group;

      2. (ii)

        the ownership structure of those entities; and

      3. (iii)

        the jurisdiction of those entities; and

    9. (i)

      how the firm holds and manages any security for loans;

  2. (2)

    the steps that would need to be implemented under the arrangements in place under SYSC 4.1.8AR in order for P2P agreements facilitated by the firm to continue to be managed and administered;

  3. (3)

    any terms in contracts that may need to be relied on to ensure P2P agreements facilitated by it will continue to be managed and administered under those arrangements; and

  4. (4)

    how the firm’s systems can produce the detail specified in COBS 18.12.31R (Ongoing disclosures) for each P2P agreement facilitated by it.

SYSC 4.1.8DC R

24An operator of an electronic system in relation to lending must put in place arrangements to ensure that its P2P resolution manual would be immediately available to:

  1. (1)

    an administrator, receiver, trustee, liquidator or analogous officer appointed in respect of it or any material part of its property; and

  2. (2)

    the FCA, on request.

SYSC 4.1.8DD R

24A operator of an electronic system in relation to lending must store its P2P resolution manual in the same place as its CASS resolution pack, if CASS 10 (CASS resolution pack) applies to it.

Operators of electronic systems in relation to lending: title transfer

SYSC 4.1.8E R RP
16
  1. (1)

    An operator of an electronic system in relation to lending must not accept, take, or receive the transfer of full ownership of money relating to P2P agreements.18

  2. (2)

    If an operator of an electronic system in relation to lending has made a client money election under CASS 7.10.7AR, when it is operating an electronic system in relation to non-P2P agreements it must also not accept, take, or receive the transfer of full ownership of money relating to non-P2P agreements.18

Accounting policies: management company

SYSC 4.1.9 R RP

A 21management company10 must establish, implement and maintain accounting policies and procedures that enable it, at the request of the FCA20, to deliver in a timely manner to the FCA20 financial reports which reflect a true and fair view of its financial position and which comply with all applicable accounting standards and rules.

[Note: 21article 4(4) of the UCITS implementing Directive]10

Regular monitoring: management company

SYSC 4.1.10 R RP

A 21management company10 must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with SYSC 4.1.4 R to SYSC 4.1.9 R and take appropriate measures to address any deficiencies.

[Note: 21article 4(5) of the UCITS implementing Directive]10

Regular monitoring: other firms

SYSC 4.1.10A G RP

3Other firms should take account of the regular monitoring rule (SYSC 4.1.10 R) as if it were guidance (and as if "should" appeared in that rule21 instead of "must") as explained in SYSC 1 Annex 1 3.3 R(1)21, but ignoring the cross-reference to SYSC 4.1.5 R and SYSC 4.1.9R21.

5

Audit committee

SYSC 4.1.11 G RP

Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to form an audit committee. An audit committee could typically examine management's process for ensuring the appropriateness and effectiveness of systems and controls, examine the arrangements made by management to ensure compliance with requirements and standards under the regulatory system, oversee the functioning of the internal audit function (if applicable) and provide an interface between management and external auditors. It should have an appropriate number of non-executive directors and it should have formal terms of reference.

SYSC 4.1.12 G

[deleted]8

8
6

Risk control: additional guidance

SYSC 4.1.13 G RP

7 Firms should also consider the additional guidance on risk-centric governance arrangements for effective risk management contained in SYSC 21.

Apportionment of responsibilities: the role of the non-executive director

SYSC 4.1.14 G RP

7The role undertaken by a non-executive director will vary from one firm to another. Where a non-executive director is an approved person, for example where the firm is a body corporate, his responsibility and therefore liability will be limited by the role that he undertakes.