1. (1)

   A firm must have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.8

2. (2)

   [deleted]

   1313

[Note: article 74 (1) of CRD, article 1621(5) second paragraph of MiFID,12 article 12(1)(a) of the UCITS Directive, and article 18(1) of AIFMD12]10

1. (3)

   Without prejudice to the ability of the FCA or any other relevant competent authority to require access to communications in accordance with MiFID and MiFIR, a common platform firm must have sound security mechanisms in place for the following, while maintaining the confidentiality of the data at all times:21

   1. (a)

      to guarantee the security and authentication of the means of transfer of information;21

   2. (b)

      to minimise the risk of data corruption and unauthorised access; and21

   3. (c)

      to prevent information leakage. 21

[Note: article 16(5) third paragraph of MiFID]21

14A full-scope UK AIFM must comply with the AIFM Remuneration Code.

14A full-scope UK AIFM must, in particular:

1. (1)

   have rules for personal transactions by its employees or for the holding or management of investments it invests on its own account;

2. (2)

   ensure that each transaction involving the AIFs may be reconstructed according to its origin, the parties to it, its nature, and the time and place at which it was effected; and

3. (3)

   ensure that the assets of the AIFs managed by the AIFM are invested in accordance with the instrument constituting the fund and the legal provisions in force.

19A UK UCITS management company must comply with the UCITS Remuneration Code if it manages a UCITS scheme.25

[Note: article 14a(1) of the UCITS Directive]

19A UK UCITS management company must have appropriate procedures for its employees to report potential or actual breaches of UK provisions which implemented25 the UCITS Directive internally through a specific, independent and autonomous channel.

For a common platform firm, the 3 arrangements, processes and mechanisms referred to in SYSC 4.1.1 R must be comprehensive and proportionate to the nature, scale and complexity of the risks inherent in the business model and of13 the common platform firm's activities and must take into account the specific technical criteria described in article 21(3) of the MiFID Org Regulation21, SYSC 5.1.7 R, SYSC 7 and whichever of the following is28 applicable:

1. (1)

   [deleted]28;

2. (2)

   (for a full-scope UK AIFM) SYSC 19B (AIFM Remuneration Code);

3. (3)

   [deleted]28;

4. (4)

   (for a firm to which SYSC 19D applies) SYSC 19D (Dual-regulated firms Remuneration Code); 28

5. (5)

   (for a firm to which the remuneration part of the PRA Rulebook applies) the remuneration part of the PRA Rulebook; or28

   17
6. (6)

   28(for a firm to which SYSC 19G applies) SYSC 19G (MIFIDPRU Remuneration Code).

28

10For a management company or a full-scope UK AIFM14, the arrangements, processes and mechanisms referred to in SYSC 4.1.1 R and SYSC 4.1.1A R14 must also take account of the UCITS schemes25managed by the management company or the AIFs managed by the full-scope UK AIFM14.

10A management company and25 a full-scope UK AIFM25 must have, and employ effectively, the resources and procedures that are necessary for the proper performance of its business activities.

14A full-scope UK AIFM must use, at all times, adequate and appropriate human and technical resources that are necessary for the proper management of AIFs.

A firm (with the exception of a common platform firm and a 21sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements))3 must, taking into account the nature, scale and complexity of the business of the firm, and the nature and range of the financial services, claims management services and other23 activities undertaken in the course of that business:

1. (1)

   (if it is 21a management company)10 establish, implement and maintain decision-making procedures and an organisational structure which clearly and in a documented manner specifies reporting lines and allocates functions and responsibilities;

   3
2. (2)

   establish, implement and maintain adequate internal control mechanisms designed to secure compliance with decisions and procedures at all levels of the firm;

   10
3. (3)

   21establish, implement and maintain effective internal reporting and communication of information at all relevant levels of the firm; and10

   3
4. (4)

   10(if it is a management company) establish, implement and maintain effective internal reporting and communication of information at all relevant levels of the management company as well as effective information flows with any third party involved.

[Note: 21articles 4(1) final paragraph, 4(1)(a), 4(1)(c) and 4(1)(d) of the UCITS implementing Directive]10

A 21management company10 must establish, implement and maintain systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question.

[Note: 21 article 4(2) of the UCITS implementing Directive]10

A common platform firm must take reasonable steps to ensure continuity and regularity in the performance of its regulated activities. To this end the common platform firm3 must employ appropriate and proportionate systems, resources and procedures.

[Note: article 1621(4) of MiFID]

A CRR firm21 and a management company10 must establish, implement and maintain an adequate business continuity policy aimed at ensuring, in the case of an interruption to its systems and procedures, that any losses are limited, the preservation of essential data and functions, and the maintenance of its regulated activities, or, in the case of a management company, its collective portfolio management activities,10 or, where that is not possible, the timely recovery of such data and functions and the timely resumption of those activities.10

[Note: 21 article 4(3) of the UCITS implementing Directive and article 85(2) of 21CRD11]10

1. (1)

   26An operator of an electronic system in relation to lending must have arrangements in place to ensure that P2P agreements facilitated by it will have a reasonable likelihood of being26 managed and administered, in accordance with the contract terms between the firm and its relevant borrower and lender customers26, if at any time it ceases to manage and administer those P2P agreements26.

2. (2)

   Under (1), and wherever the requirement in (1) is referenced in the FCA’s rules and guidance, the reference to P2P agreements includes any non-P2P agreement included in a P2P portfolio.26

3. (3)

   The arrangements under (1) must not be designed to prefer any particular customers or class of customers for whom it manages and administers P2P agreements or non-P2P agreements.26

26An operator of an electronic system in relation to lending must produce and keep up to date a P2P resolution manual which contains information about the firm that, in the event of the firm’s insolvency, would assist in resolving the firm’s business of management and administration of P2P agreements that it has facilitated. For these purposes, the reference to P2P agreements includes any non-P2P agreement included in a P2P portfolio. It must, as a minimum, include a written explanation of each of the following:

1. (1)

   how the firm conducts the business of management and administration of P2P agreements that it has facilitated, what the day-to-day operation of that business entails and what resources would be needed to continue that business if the firm ceased to carry it on, including a specification of:

   1. (a)

      critical staff and their respective roles;

   2. (b)

      critical premises;

   3. (c)

      the firm’s IT systems, including details of data storage and data recovery arrangements;

   4. (d)

      the firm’s record-keeping systems, including how records are organised;

   5. (e)

      all relevant bank accounts and payment facilities;

   6. (f)

      all relevant persons outside of the firm, and their respective roles, including any outsourced service providers;

   7. (g)

      all relevant legal documentation, including customer, service and supplier contracts;

   8. (h)

      the firm’s group, using a structure chart showing:

      1. (i)

         the legal entities in the group;

      2. (ii)

         the ownership structure of those entities; and

      3. (iii)

         the jurisdiction of those entities; and

   9. (i)

      how the firm holds and manages any security for loans;

2. (2)

   the steps that would need to be implemented under the arrangements in place under SYSC 4.1.8AR in order for P2P agreements facilitated by the firm to continue to be managed and administered;

3. (3)

   any terms in contracts that may need to be relied on to ensure P2P agreements facilitated by it will continue to be managed and administered under those arrangements; and

4. (4)

   how the firm’s systems can produce the detail specified in COBS 18.12.31R (Ongoing disclosures) for each P2P agreement facilitated by it.

26An operator of an electronic system in relation to lending must put in place arrangements to ensure that its P2P resolution manual would be immediately available to:

1. (1)

   an administrator, receiver, trustee, liquidator or analogous officer appointed in respect of it or any material part of its property; and

2. (2)

   the FCA, on request.

26A operator of an electronic system in relation to lending must store its P2P resolution manual in the same place as its CASS resolution pack, if CASS 10 (CASS resolution pack) applies to it.

1. (1)

   An operator of an electronic system in relation to lending must not accept, take, or receive the transfer of full ownership of money relating to P2P agreements.18

2. (2)

   If an operator of an electronic system in relation to lending has made a client money election under CASS 7.10.7AR, when it is operating an electronic system in relation to non-P2P agreements it must also not accept, take, or receive the transfer of full ownership of money relating to non-P2P agreements.18

A 21management company10 must establish, implement and maintain accounting policies and procedures that enable it, at the request of the FCA20, to deliver in a timely manner to the FCA20 financial reports which reflect a true and fair view of its financial position and which comply with all applicable accounting standards and rules.

[Note: 21article 4(4) of the UCITS implementing Directive]10

A 21management company10 must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with SYSC 4.1.4 R to SYSC 4.1.9 R and take appropriate measures to address any deficiencies.

[Note: 21article 4(5) of the UCITS implementing Directive]10

The senior personnel of a common platform firm, a management company3, a full-scope UK AIFM,5 or of the UK branch of a non-UK bank10 must be of sufficiently good repute and sufficiently experienced as to ensure the sound and prudent management of the firm.

[Note: article 9(1)(4) 9of MiFID, article 7(1)(b) of the UCITS Directive,9 article 8(1)(c) of AIFMD9 and article 91(1) 9of CRD4]

7For a full-scope UK AIFM, the senior personnel must, in complying with SYSC 4.2.1 R, be sufficiently experienced in relation to the investment strategies pursued by the AIFs it manages.

A common platform firm, a management company, a full-scope UK AIFM53 and the UK branch of a non-UK bank10 must ensure that its management is undertaken by at least two persons meeting the requirements laid down in SYSC 4.2.1 R and : 9

1. (a)

   for a full-scope UK AIFM, SYSC 4.2.7R; or9

2. (b)

   for a common platform firm, SYSC 4.3A.3R.9

[Note: article 9(6) 9first paragraph of MiFID, article 7(1)(b) of the UCITS Directive3, article 8(1)(c) of AIFMD5and article 13(1) of CRD]

If a common platform firm, (other than a credit institution or AIFM investment firm5) or the UK branch of a third country firm9, is:

1. (1)

   a natural person; or

2. (2)

   a legal person managed by a single natural person;

then:9

1. (3)

   it must have alternative arrangements in place which ensure: 9

   1. (a)

      sound and prudent management of the firm; and9

   2. (b)

      adequate consideration of the interests of clients and the integrity of the market; and9

2. (4)

   the natural persons concerned must be of sufficiently good repute, possess sufficient knowledge, skills and experience and commit sufficient time to perform their duties.9

it must have alternative arrangements in place which ensure sound and prudent management of the firm.

[Note: article 9(6) 9second paragraph of MiFID]

A full-scope UK AIFM must notify the FCA of the names of the senior personnel of the firm and of every person succeeding them in office.

Afirm (with the exception of a common platform firm and 5a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements)),2 when allocating functions internally, must ensure that senior personnel and, where appropriate, the supervisory function, are responsible for ensuring that the firm complies with its obligations under the regulatory system1. In particular, senior personnel and, where appropriate, the supervisory function must assess and periodically review the effectiveness of the policies, arrangements and procedures put in place to comply with the firm's obligations under the regulatory system1 and take appropriate measures to address any deficiencies.

[Note: 5articles 9(1) and 9(3) of the UCITS implementing Directive]4

A firm that is a6management company or an operator of an electronic system in relation to lending6 must ensure that:2

1. (1)

   its senior personnel receive on a frequent basis, and at least annually, written reports on the matters covered by SYSC 6.1.2 R to 66.1.5 R, SYSC 6.2.1 R, SYSC 7.1.2 R, SYSC 7.1.3 R and SYSC 7.1.5 R to 67.1.7 R, indicating in particular whether the appropriate remedial measures have been taken in the event of any deficiencies; and

   2
2. (2)

   the supervisory function, if any, receives 2on a regular basis written reports on the same matters.

   [Note: 5articles 9(4) and 9(6) of the UCITS implementing Directive]4

   2

1A common platform firm4 must ensure that the management body defines, oversees and is accountable for the implementation of governance arrangements that ensure effective and prudent management of the firm, including the segregation of duties in the organisation and the prevention of conflicts of interest, and in a manner that promotes the integrity of the market and the interests of clients4. The firm must ensure that the management body:

1. (1)

   has overall responsibility for the firm;

2. (2)

   approves and oversees implementation of the firm's strategic objectives, risk strategy and internal governance;

3. (3)

   ensures the integrity of the firm's accounting and financial reporting systems, including financial and operational controls and compliance with the regulatory system.

4. (4)

   oversees the process of disclosure and communications;

5. (5)

   has responsibility for providing effective oversight of senior management;4

6. (6)

   monitors and periodically assesses:4

   1. (a)

      the adequacy and the implementation of the firm’s strategic objectives in the provision of investment services and/or activities and ancillary services;4

   2. (b)

      the effectiveness of the firm's governance arrangements; and4

   3. (c)

      the adequacy of the policies relating to the provision of services to clients, and4

   takes appropriate steps to address any deficiencies; and 4

7. (7)

   has adequate access to information and documents which are needed to oversee and monitor management decision-making.4

[Note: article 88(1) of CRD and articles 9(1) and 9(3) of MiFID4]

4Without prejudice to SYSC 4.3A.1R, a common platform firm must ensure that the management body defines, approves and oversees:

1. (1)

   the organisation of the firm for the provision of investment services and/or activities and ancillary services, including the skills, knowledge and expertise required by personnel, the resources, the procedures and the arrangements for the provision of services and activities, taking into account the nature, scale and complexity of its business and all the requirements the firm has to comply with;

2. (2)

   a policy as to services, activities, products and operations offered or provided, in accordance with the risk tolerance of the firm and the characteristics and needs of the firm’s clients to whom they will be offered or provided, including carrying out appropriate stress testing, where appropriate; and

3. (3)

   a remuneration policy of persons involved in the provision of services to clients aiming to encourage responsible business conduct, fair treatment of clients as well as avoiding conflict of interest in the relationships with clients.

[Note: article 9(3) of MiFID]

A common platform firm4 must ensure that the chairman of the firm's management body does not exercise simultaneously the PRA’s Chief Executive function (controlled function SMF14) or 3chief executive function within the same firm4.

[Note: article 88(1)(e) of CRD and article 9(1) of MiFID4]

A common platform firm4 must ensure that the members of the management body of the firm:

1. (1)

   are of sufficiently good repute;

2. (2)

   possess sufficient knowledge, skills and experience to perform their duties;

3. (3)

   possess adequate collective knowledge, skills and experience to understand the firm's activities, including the main risks;

4. (4)

   reflect an adequately broad range of experiences;

5. (5)

   commit sufficient time to perform their functions in the firm; and

6. (6)

   act with honesty, integrity and independence of mind to effectively assess and challenge the decisions of senior management where necessary and to effectively oversee and monitor management decision-making.

[Note: article 91(1)-(2) and (7)-(8) of CRD and article 9(1) and 9(4) of MiFID4]

A common platform firm4 must devote adequate human and financial resources to the induction and training of members of the management body.

[Note: article 91(9) of CRD and article 9(1) of MiFID4]

A common platform firm4 must ensure that the members of the management body of the firm do not hold more directorships than is appropriate taking into account individual circumstances and the nature, scale and complexity of the firm's activities.

1. (1)

   A common platform firm4 that is a significant SYSC firm8 must ensure that the members of the management body of the firm do not hold more than one of the following combinations of directorship in any organisation at the same time:

   1. (a)

      one executive directorship with two non-executive directorships; and

   2. (b)

      four non-executive directorships.

2. (2)

   Paragraph (1) does not apply to members of the management body that represent the United Kingdom.

[Note: article 91(3) of CRD and article 9(1) of MiFID4]

For the purposes of SYSC 4.3A.5 R and SYSC 4.3A.6 R:

1. (1)

   directorships in organisations which do not pursue predominantly commercial objectives shall not count; and

2. (2)

   the following shall count as a single directorship:

   1. (a)

      executive or non-executive directorships held within the same group; or

   2. (b)

      executive or non-executive directorships held within:

      1. (i)

         [deleted]6

         5
      2. (ii)

         undertakings (including non-financial entities) in which the firm holds a qualifying holding.

[Note: article 91(4) and (5) of CRD and article 9(1) of MiFID4]

8 SYSC 4.3A.8R does not apply to a common platform firm that is a MIFIDPRU investment firm.

A common platform firm4 that is a significant SYSC firm8 must:

1. (1)

   establish a nomination committee composed of members of the management body who do not perform any executive function in the firm;

2. (2)

   ensure that the nomination committee is able to use any forms of resources the nomination committee deems appropriate, including external advice; and

3. (3)

   ensure that the nomination committee receives appropriate funding.

[Note: article 88(2) of CRD and article 9(1) of MiFID4]

A common platform firm4 that has a nomination committee must ensure that the nomination committee:

1. (1)

   engages 4a broad set of qualities and competences when recruiting members to the management body and for that purpose puts in place a policy promoting diversity on the management body;

2. (2)

   identifies and recommends for approval, by the management body or by general meeting, candidates to fill management body vacancies, having evaluated the balance of knowledge, skills, diversity and experience of the management body;

3. (3)

   prepares a description of the roles and capabilities for a particular appointment, and assesses the time commitment required;

4. (4)

   decides on a target for the representation of the underrepresented gender in the management body and prepares a policy on how to increase the number of the underrepresented gender in the management body in order to meet that target;

5. (5)

   periodically, and at least annually, assesses the structure, size, composition and performance of the management body and makes recommendations to the management body with regard to any changes;

6. (6)

   periodically, and at least annually, assesses the knowledge, skills and experience of individual members of the management body and of the management body collectively, and reports this to the management body;

7. (7)

   periodically reviews the policy of the management body for selection and appointment of senior management and makes recommendations to the management body; and

8. (8)

   in performing its duties, and to the extent possible, on an ongoing basis, takes account of the need to ensure that the management body's decision making is not dominated by any one individual or small group of individuals in a manner that is detrimental to the interest of the firm as a whole.4

[Note: article 88(2) and article 91(10) of CRD and article 9(1) of MiFID4]

A common platform firm4 that does not have a nomination committee must engage a broad set of qualities and competences when recruiting members to the management body. For that purpose a common platform firm4 that does not have a nomination committee must put in place a policy promoting diversity on the management body.

[Note: article 91(10) of CRD and article 9(1) of MiFID4]

A CRR firm that maintains a website must explain on the website how it complies with the requirements of SYSC 4.3A.1 R to SYSC 4.3A.3 R and SYSC 4.3A.4 R to SYSC 4.3A.11 R.

[Note: article 96 of CRD]

1. (-2)

   13This section applies to:

   1. (a)

      a limited scope SMCR firm other than:14

      1. (i)

         a firm in SUP 10C Annex 1 7.10R (Table: Limited scope SMCR firms to which no controlled functions apply); and14

      2. (ii)

         a limited scope SMCR benchmark firm; and14

   2. (b)

      an authorised professional firm that is a core SMCR firm.

2. (-1)

   13The application of this section is further limited by the rest of this rule.

3. (1)

   13This section applies to an authorised professional firm as follows:

   1. (a)

      it only applies in respect of its non-mainstream regulated activities; and

   2. (b)

      it does not apply if the firm:

      1. (i)

         is also conducting other regulated activities; and

      2. (ii)

         has appointed approved persons to perform the FCA governing functions with equivalent responsibilities for the firm’s non-mainstream regulated activities and other regulated activities.

4. (2)

   [deleted]13

5. (3)

   [deleted]13

6. (4)

   Only SYSC 4.4.5R(2) applies to an EEA SMCR firm. However, the limitation in this paragraph (4) does not apply to a firm within SYSC 23 Annex 1 6.13R (claims management)13.

7. (5)

   This section only applies to a sole trader13 if they:

   1. (a)

      have13 any person (other than themselves) who is required to be approved under section 59 of the Act (Approval for particular arrangements); or

   2. (b)

      13are an authorised approved person employer (except where they are the only approved person concerned); or

   3. (c)

      13have any certification employees.

A firm must take reasonable care to maintain a clear and appropriate apportionment of significant responsibilities among its directors and senior managers in such a way that:

1. (1)

   it is clear who has which of those responsibilities; and

2. (2)

   the business and affairs of the firm can be adequately monitored and controlled by the directors, relevant senior managers and governing body of the firm.