Related provisions for SYSC 3.2.1
21 - 40 of 91 items.
In determining whether the UK recognised body meets the recognition requirement in Regulation 6(3), the FCA3 may have regard to whether that body has ensured that the person who performs that function on its behalf:3(1) has sufficient resources to be able to perform the function (after allowing for any other activities);(2) has adequate systems and controls to manage that function and to report on its performance to the UK recognised body;(3) is managed by persons of sufficient
In determining whether a UK recognised body continues to satisfy the recognition requirements where it has made arrangements for any function to be performed on its behalf by any person , the FCA3 may have regard, in addition to any of the matters described in the appropriate section of this chapter, to the arrangements made to exercise control over the performance of the function, including:3(1) the contracts (and other relevant documents) between the UK recognised body and the
Before entering into, or significantly changing, an outsourcing arrangement, a firm should:(1) analyse how the arrangement will fit with its organisation and reporting structure; business strategy; overall risk profile; and ability to meet its regulatory obligations;(2) consider whether the agreements establishing the arrangement will allow it to monitor and control its operational risk exposure relating to the outsourcing;(3) conduct appropriate due diligence of the service
In some circumstances, a firm may find it beneficial to use externally validated reports commissioned by the service provider, to seek comfort as to the adequacy and effectiveness of its systems and controls. The use of such reports does not absolve the firm of responsibility to maintain other oversight. In addition, the firm should not normally have to forfeit its right to access, for itself or its agents, to the service provider's premises.
In determining whether a matter is significant, a firm should have regard to:(1) the size of any monetary loss or potential monetary loss to itself or its customers (either in terms of a single incident or group of similar or related incidents);(2) the risk of reputational loss to the firm; and(3) whether the incident or a pattern of incidents reflects weaknesses in the firm's internal controls.
2The information referred to in ICOBS 8.4.4R (1)(b)(ii) is:(1) a description of the ways in which the firm, in its production of the register, is not materially compliant;(2) the number of policies, in relation to which, either:(a) the firm is not able to include any information in the register; and/or(b) information is included in the register but information may be incorrect or incomplete;in each case as a proportion of the total number of policies required to be included in
2In relation to the written statement referred to in ICOBS 8.4.4R (1)(b):(1) ICOBS 8.4.4R (1)(b) does not preclude the relevant director from, in addition, including in the director's statement any of the following as relevant:(a) if a firm's employers’ liability register is more than materially compliant, a statement to this effect, and/or a statement of the extent to which the director considers, to the best of his knowledge, the firm to be compliant in its production of the
2The requirement referred to in ICOBS 8.4.9R (7)(b) is that the report must include an opinion from the auditor confirming whether, in all material respects, the tracing office maintains a database which accurately and reliably stores information submitted to it by firms for the purpose of complying with relevant requirements in ICOBS 8.4 and that it has systems which can adequately keep it up to date in the light of new information provided by firms.
Subject to DTR 7.2.11 R, an issuer which is required to prepare a group directors’ report within the meaning of section 415(2) of the Companies Act 2006 must include in that report a description of the main features of the group’s internal control and risk management systems in relation to the process for preparing consolidated accounts. In the event that the issuer presents its own annual report and its consolidated annual report as a single report, this information must be
The model review process may be conducted through a series of visits covering various aspects of the firm's control and IT environment. Before these visits the appropriate regulator may ask the firm to provide some information relating to its waiver request accompanied by some specified background material. The model review visits are organised on a timetable that allows a firm being visited sufficient time to arrange the visit and provide the appropriate pre-visit informatio
As part of the model review process, the following may be reviewed: organisational structure and personnel; details of the firm's market position in the relevant products; profit and risk information; valuation and reserving policies; operational controls; IT systems; model release and control procedures; risk management and control framework; risk appetite and limit structure and future developments relevant to model recognition.
(1) A firm should have a conceptually sound risk management system which is implemented with integrity and should meet the minimum standards set out in this paragraph.(2) A firm should have a risk control unit that is independent of business trading units and reports directly to senior management. The unit should be responsible for designing and implementing the firm's risk management system. It should produce and analyse daily reports on the risks run by the business and on the
Recognised bodies may receive complaints from time to time from their members and other people, both about the conduct of members and about the recognised body itself. A UK recognised body will need to have satisfactory arrangements to investigate these complaints in order to satisfy the relevant recognition requirements (see REC 2.15 and REC 2.16) or RAP recognition requirements (see REC 2A.3.2 G).1
Where the FCA2 receives a complaint about a recognised body, it will, in the first instance, seek to establish whether the complainant has approached the recognised body. Where this is not the case, the FCA2 will ask the complainant to complain to the recognised body. Where the complainant is dissatisfied with the handling of the complaint, but has not exhausted the recognised body's own internal complaints procedures (in the case of a complaint against a UK recognised body, including
A common platform firm and a management company5 must, where appropriate and proportionate in view of the nature, scale and complexity of its business and the nature and range of its financial services and activities,5 undertaken in the course of that business, establish and maintain an internal audit function which is separate and independent from the other functions and activities of the firm and which has the following responsibilities:5(1) to establish, implement and maintain
1The term 'internal audit function' in SYSC 6.2.1 R (and SYSC 4.1.11 G) refers to the generally understood concept of internal audit within a firm, that is, the function of assessing adherence to and the effectiveness of internal systems and controls, procedures and policies.The internal audit function is not a controlled function itself, but is part of the systems and controls function (CF28).42
(1) [deleted]88(2) In this context, the FCA will interpret the term 'appropriate88' as meaning sufficient in terms of quantity, quality and availability, and 'resources' as including all financial resources (though only in the case of firms not carrying on, or seeking to carry on, a PRA-regulated activity)8, non-financial resources and means of managing its resources; for example, capital, provisions against liabilities, holdings of or access to cash and other liquid assets, human
(1) [deleted]88(2) Relevant matters to which the FCA may have regard when assessing whether a firm will satisfy, and continue to satisfy, this threshold condition8may include but are not limited to:(a) (in relation to a firm other than a firm carrying on, or seeking to carry on, a PRA-regulated activity),8 whether there are any indications that the firm may have difficulties if the application is granted, at the time of the grant or in the future, in complying with any of the
(1) CASS
5.4 permits a firm, which
has adequate resources, systems and controls, to declare a trust on terms
which expressly authorise it, in its capacity as trustee, to make advances
of credit to the firm'sclients. The client
money trust required by CASS
5.4 extends to such debt obligations
which will arise if the firm,
as trustee, makes credit advances, to enable a client's3premium obligations
to be met before the premium is
remitted to the firm and similarly
if it allows claims
A firm may
not handle client money in accordance
with the rules in this section
unless each of the following conditions is satisfied:(1) the firm must have and maintain systems and controls
which are adequate to ensure that the firm is
able to monitor and manage its client money transactions
and any credit risk arising from the operation of the trust arrangement and,
if in accordance with CASS 5.4.2 R a firm complies
with both the rules in CASS
5.3 and CASS
5.4, such systems and
A firm should establish and maintain appropriate systems and controls for the management of the risks involved in expected changes, such as by ensuring:(1) the adequacy of its organisation and reporting structure for managing the change (including the adequacy of senior management oversight);(2) the adequacy of the management processes and systems for managing the change (including planning, approval, implementation and review processes); and(3) the adequacy of its strategy
The high level requirement for appropriate systems and controls at SYSC 3.1.1 R applies at all times, including when a business continuity plan is invoked. However, the appropriate regulator recognises that, in an emergency, a firm may be unable to comply with a particular rule and the conditions for relief are outlined in GEN 1.3 (Emergency).
BIPRU 7.10 sets out the minimum standards that the appropriate regulator expects firms to meet before granting a VaR model permission. The appropriate regulator will not grant a VaR model permission unless it is satisfied that the requirements of BIPRU 7.10 are met and it is satisfied about the procedures in place at a firm to calculate the model PRR. In particular the appropriate regulator will not normally grant a VaR model permission unless it is satisfied about the quality
As part of the process for dealing with an application for a VaR model permission the following may be reviewed: organisational structure and personnel; details of the firm's market position in the relevant products; revenue and risk information; valuation and reserving policies; operational controls; information technology systems; model release and control procedures; risk management and control framework; risk appetite and limit structure; future developments relevant to model
In assessing whether the VaR model is implemented with integrity as described in BIPRU 7.10.58R (Stress testing), the appropriate regulator will consider in particular the information technology systems used to run the model and associated calculations. The assessment may include:(1) feeder systems; risk aggregation systems; time series databases; the VaR model system; stress testing system; the backtesting system including profit and loss cleaning systems where appropriate; data
Under Principle 11 and SUP 15.3.1 R, a firm must notify the appropriate regulator immediately of any operational risk matter of which the appropriate regulator would reasonably expect notice. SUP 15.3.8 G provides guidance on the occurrences that this requirement covers, which include a significant failure in systems and controls and a significant operational loss.
1A firm operating an MTF must:(1) report to the FCA:(a) significant breaches of the firm's rules;(b) disorderly trading conditions; and(c) conduct that may involve market abuse; (2) supply the information required under this rule without delay to the FCA and any other authority competent for the investigation and prosecution of market abuse; and (3) provide full assistance to the FCA, and any other authority competent for the investigation and prosecution of market abuse, in
A firm should consider whether it should notify the FCA and the PRA (if it is a PRA-authorisedfirm) or the FCA (in all other cases) under Principle 11 if:(1) the firm expects or knows its auditor will qualify his report on the audited annual financial statements or add an explanatory paragraph; or (2) the firm receives a written communication from its auditor commenting on internal controls (see also SUP 15.3).
10Situations when the FCA may impose restrictions or limitations on the services a sponsor can provide include (but are not limited to) where it appears to the FCA that: (1) the sponsor has no or limited relevant experience and expertise of providing certain types of sponsor services or of providing sponsor services to certain types of company; or(2) the sponsor does not have systems and controls in place which are appropriate for the nature of the sponsor services which the sponsor
A sponsor must notify the FCA in writing as soon as possible if:(1) 8(a) 8the sponsor ceases to satisfy the criteria for approval as a sponsor set out in LR 8.6.5 R or becomes aware of any matter which, in its reasonable opinion, would be relevant to the FCA in considering whether the sponsor continues to comply with LR 8.6.6 R; or(b) 8the sponsor becomes aware of any fact or circumstance relating to the sponsor or any of its employees engaged in the provision of sponsor services
4The financial risk assessment should be based on a methodology which provides a reasonable estimate of the potential business losses which a UK RIE might incur in stressed but plausible market conditions. The FCA5 would expect a UK RIE to carry out a financial risk assessment at least once in every twelve-month period, or more frequently if there are material changes in the nature, scale or complexity of the UK RIE's operations or its business plans that suggest such financial
4The FCA5 would expect to consider the financial risk assessment, any proposal with respect to an operational risk buffer and, if applicable, the consolidated balance sheet, in formulating its guidance on the amount of eligible financial resources it considers to be sufficient for the UK RIE to hold in order to meet the recognition requirements. In formulating its guidance, the FCA5 would, where relevant, consider whether or not the financial risk assessment makes adequate provision
Firms should also consider whether their systems and controls provide sufficient information to permit senior management to identify the crystallisation of risks in a timely manner so as to provide them with the opportunity to respond and allow the firm to obtain the full value of the modelled management action. Firms should also analyse the wider implications of the management actions, particularly where they represent significant divergence from the business plan and use this