Content Options

Content Options

View Options

SYSC 4.1 General requirements

SYSC 4.1.1 R RP

2A common platform firm must have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.

[Note: article 22(1) of the Banking Consolidation Directive, article 13(5) second paragraph of MiFID]

SYSC 4.1.2 R RP

The arrangements, processes and mechanisms referred to in SYSC 4.1.1 R must be comprehensive and proportionate to the nature, scale and complexity ofSYSC 4.1.7 R, SYSC 5.1.7 R and SYSC 7.

[Note: article 22(2) of the Banking Consolidation Directive]

SYSC 4.1.3 R

A BIPRU firm must ensure that its internal control mechanisms and administrative and accounting procedures permit the verification of its compliance with rules adopted in accordance with the Capital Adequacy Directive at all times.

[Note: article 35(1) final sentence of the Capital Adequacy Directive]

SYSC 4.1.4 R RP

A common platform firm must, taking into account the nature, scale and complexity of the business of the firm, and the nature and range of the investment services and activities undertaken in the course of that business:

  1. (1)

    establish, implement and maintain decision-making procedures and an organisational structure which clearly and in a documented manner specifies reporting lines and allocates functions and responsibilities;

  2. (2)

    establish, implement and maintain adequate internal control mechanisms designed to secure compliance with decisions and procedures at all levels of the firm; and

  3. (3)

    establish, implement and maintain effective internal reporting and communication of information at all relevant levels of the firm.

[Note: articles 5(1) final paragraph, 5(1)(a), 5(1)(c) and 5(1)(e) of the MiFID implementing Directive]

SYSC 4.1.5 R RP

A MiFID investment firm must establish, implement and maintain systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question.


article 5(2) of the MiFID implementing Directive]

Business continuity

SYSC 4.1.6 R RP

A common platform firm must take reasonable steps to ensure continuity and regularity in the performance of its regulated activities. To this end the firm must employ appropriate and proportionate systems, resources and procedures.

[Note: article

13(4) of MiFID]

SYSC 4.1.7 R RP

A common platform firm must establish, implement and maintain an adequate business continuity policy aimed at ensuring, in the case of an interruption to its systems and procedures, that any losses are limited, the preservation of essential data and functions, and the maintenance of its regulated activities, or, where that is not possible, the timely recovery of such data and functions and the timely resumption of its regulated activities.


article 5(3) of the MiFID implementing Directive and annex V paragraph 13 of the Banking Consolidation Directive]

SYSC 4.1.8 G RP

The matters dealt with in a business continuity policy should include:

  1. (1)

    resource requirements such as people, systems and other assets, and arrangements for obtaining these resources;

  2. (2)

    the recovery priorities for the firm's operations;

  3. (3)

    communication arrangements for internal and external concerned parties (including the FSA, clients and the press);

  4. (4)

    escalation and invocation plans that outline the processes for implementing the business continuity plans, together with relevant contact information;

  5. (5)

    processes to validate the integrity of information affected by the disruption; and

  6. (6)

    regular testing of the business continuity policy in an appropriate and proportionate manner in accordance with SYSC 4.1.10 R.

SYSC 4.1.8A R RP

An operator of an electronic system in relation to lending must take reasonable steps to ensure that arrangements are in place to ensure that P2P agreements facilitated by it will continue to be managed and administered, in accordance with the contract terms, if at any time it ceases to carry on the activity of operating an electronic system in relation to lending.

Accounting policies

SYSC 4.1.9 R RP

A common platform firm must establish, implement and maintain accounting policies and procedures that enable it, at the request of the FSA, to deliver in a timely manner to the FSA financial reports which reflect a true and fair view of its financial position and which comply with all applicable accounting standards and rules.


article 5(4) of the MiFID implementing Directive]

Regular monitoring

SYSC 4.1.10 R RP

A common platform firm must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with SYSC 4.1.4 R to SYSC 4.1.9 R and take appropriate measures to address any deficiencies.


article 5(5) of the MiFID implementing Directive]

Audit committee

SYSC 4.1.11 G RP

Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to form an audit committee. An audit committee could typically examine management's process for ensuring the appropriateness and effectiveness of systems and controls, examine the arrangements made by management to ensure compliance with requirements and standards under the regulatory system, oversee the functioning of the internal audit function (if applicable) and provide an interface between management and external auditors. It should have an appropriate number of non-executive directors and it should have formal terms of reference.

SYSC 4.2 Persons who effectively direct the business

SYSC 4.2.1 R RP

The senior personnel of a common platform firmmust be of sufficiently good repute and sufficiently experienced as to ensure the sound and prudent management of the firm.

[Note: article 9

(1) of MiFID and article 11(1) second paragraph of the Banking Consolidation Directive ]

SYSC 4.2.2 R RP

A common platform firmmust ensure that its management is undertaken by at least two persons meeting the requirements laid down in SYSC 4.2.1 R


[Note: article 9(4) first paragraph of MiFID and article 11(1) first paragraph of the Banking Consolidation Directive]

SYSC 4.2.3 G RP

In the case of a body corporate, the persons referred to in SYSC 4.2.2 R should either be executive directors or persons granted executive powers by, and reporting immediately to, the governing body. In the case of a partnership, they should be active partners.

SYSC 4.2.4 G RP

At least two independent minds should be applied to both the formulation and implementation of the policies of a common platform firm. Where a common platform firm nominates just two individuals to direct its business, the FSA will not regard them as both effectively directing the business where one of them makes some, albeit significant, decisions relating to only a few aspects of the business. Each should play a part in the decision-making process on all significant decisions. Both should demonstrate the qualities and application to influence strategy, day-to-day policy and its implementation. This does not require their day-to-day involvement in the execution and implementation of policy. It does, however, require involvement in strategy and general direction, as well as knowledge of, and influence on, the way in which strategy is being implemented through day-to-day policy.

SYSC 4.2.5 G RP

Where there are more than two individuals directing the business, the FSA does not regard it as necessary for all of these individuals to be involved in all decisions relating to the determination of strategy and general direction. However, at least two individuals should be involved in all such decisions. Both individuals' judgement should be engaged so that major errors leading to difficulties for the firm are less likely to occur. Similarly, each individual should have sufficient experience and knowledge of the business and the necessary personal qualities and skills to detect and resist any imprudence, dishonesty or other irregularities by the other individual. Where a single individual, whether a chief executive, managing director or otherwise, is particularly dominant in a firm this will raise doubts about whether SYSC 4.2.2 R is met.

SYSC 4.2.6 R RP

If a common platform firm, other than a credit institution, is:

  1. (1)

    a natural person; or

  2. (2)

    a legal person managed by a single natural person;

it must have alternative arrangements in place which ensure sound and prudent management of the firm.

[Note: article 9(4) second paragraph of MiFID]

SYSC 4.3 Responsibility of senior personnel

SYSC 4.3.1 R RP

A common platform firm1,2 when allocating functions internally, must ensure that senior personnel and, where appropriate, the supervisory function, are responsible for ensuring that the firm complies with its obligations under the regulatory system1. In particular, senior personnel and, where appropriate, the supervisory function must assess and periodically review the effectiveness of the policies, arrangements and procedures put in place to comply with the firm's obligations under the regulatory system1 and take appropriate measures to address any deficiencies.


article 9(1) of the MiFID implementing Directive]

1 1 1
SYSC 4.3.2 R RP

A common platform firm1, must ensure:

  1. (1)

    that its senior personnel receive on a frequent basis, and at least annually, written reports on the matters covered by SYSC 6.1.2 R to SYSC 6.1.5 R, SYSC 6.2.1 R and SYSC 7.1.2 R, SYSC 7.1.3 R and SYSC 7.1.5 R to SYSC 7.1.7 R, indicating in particular whether the appropriate remedial measures have been taken in the event of any deficiencies; and

  2. (2)

    the supervisory function, if any, must receive on a regular basis written reports on the same matters.


    article 9(2) and article 9(3) of the MiFID implementing Directive]

SYSC 4.3.3 G RP

The supervisory function does not include a general meeting of the shareholders of a common platform firm, or equivalent bodies, but could involve, for example, a separate supervisory board within a two-tier board structure or the establishment of a non-executive committee of a single-tier board structure.

SYSC 4.3.4 G