- (1)
In the FCA's view:
- (a)
- (b)
a person who performs a significant influence function for, or is a senior manager of, a firm would normally be expected to be part of the firm'sBIPRU Remuneration Code staff;
- (c)
the table in (2) provides a non-exhaustive list of examples of key positions that should, subject to (d), be within a firm's definition of staff who are risk takers;
- (d)
firms should consider how the examples in the table in (2) apply to their own organisational structure;
1 - (e)
firms may find it useful to set their own metrics to identify their risk takers based, for example, on trading limits; and
- (f)
a firm should treat a person as being BIPRU Remuneration Code staff in relation to remuneration in respect of a given performance year if they were BIPRU Remuneration Code staff for any part of that year.
[Note: The FCA has published guidance on the application of particular rules on remuneration structures in relation to individuals who are BIPRU Remuneration Code staff for only part of a given performance year. This guidance is available at
http://www.fca.org.uk/firms/markets/international-markets/remuneration-code
.]
- (2)
High-level category
Suggested business lines
Heads of significant business lines (including regional heads) and any individuals or groups within their control who have a material impact on the firm's risk profile
Fixed income
Foreign exchange
Commodities
Securitisation
Sales areas
Investment banking (including mergers and acquisitions advisory)
Commercial banking
Equities
Structured finance
Lending quality
Trading areas
Research
Heads of support and control functions and other individuals within their control who have a material impact on the firm's risk profile
Credit/market/operational risk
Legal
Treasury controls
Human resources
Compliance
Internal audit
Related provisions for SYSC 3.2.6C
21 - 40 of 113 items.
(1) A firm that is significant in terms of its size, internal organisation and the nature, scope and complexity of its activities must establish a remuneration committee. (2) The remuneration committee must be constituted in a way that enables it to exercise competent and independent judgment on remuneration policies and practices and the incentives created for managing risk, capital and liquidity. (3) The chairman and the members of the remuneration committee must be members
(1) Performance measures based primarily on revenues or turnover are unlikely to pay sufficient regard to the quality of business undertaken or services provided. Profits are a better measure provided they are adjusted for risk, including future risks not adequately captured by accounting profits.(2) Management accounts should provide profit data at such levels within the firm's structure as to enable a firm to see as accurate a picture of contributions of relevant staff to a
(1) A firm must ensure that a substantial portion, at least 50%, of any variable remuneration consists of an appropriate balance of: (a) shares or equivalent ownership interests, subject to the legal structure of the firm concerned, or share-linked instruments or equivalent non-cash instruments for a non-listed firm; and(b) where appropriate, capital instruments which are eligible for inclusion at stage B1 of the calculation in the capital resources table, where applicable, adequately
2The information referred to in ICOBS 8.4.4R (1)(b)(ii) is:(1) a description of the ways in which the firm, in its production of the register, is not materially compliant;(2) the number of policies, in relation to which, either:(a) the firm is not able to include any information in the register; and/or(b) information is included in the register but information may be incorrect or incomplete;in each case as a proportion of the total number of policies required to be included in
2In relation to the written statement referred to in ICOBS 8.4.4R (1)(b):(1) ICOBS 8.4.4R (1)(b) does not preclude the relevant director from, in addition, including in the director's statement any of the following as relevant:(a) if a firm's employers’ liability register is more than materially compliant, a statement to this effect, and/or a statement of the extent to which the director considers, to the best of his knowledge, the firm to be compliant in its production of the
2The requirement referred to in ICOBS 8.4.9R (7)(b) is that the report must include an opinion from the auditor confirming whether, in all material respects, the tracing office maintains a database which accurately and reliably stores information submitted to it by firms for the purpose of complying with relevant requirements in ICOBS 8.4 and that it has systems which can adequately keep it up to date in the light of new information provided by firms.
If a firm is not a significant IFPRU firm its recovery plan must include:(1) a summary of the key elements of the recovery plan;(2) information on the governance of the firm, including: (a) how the recovery plan is integrated into the corporate governance of the firm; and (b) the firm's overall risk management framework;(3) a description of the legal and financial structures of the firm, including:(a) the core business lines; and(b) critical functions;(4) recovery options, including:(a)
(1) A significant IFPRU firm must update its recovery plan at least annually.(2) A firm that is not a significant IFPRU firm must update its recovery plan at least once every two years.(3) A firm must also update its recovery plan after a change to any of the following which could materially affect its recovery plan:(a) its legal or organisational structure; (b) its business; or(c) its financial situation.[Note: articles 4(1)(b) and 5(2) RRD]
In determining whether the UK recognised body meets the recognition requirement in Regulation 6(3), the FCA3 may have regard to whether that body has ensured that the person who performs that function on its behalf:3(1) has sufficient resources to be able to perform the function (after allowing for any other activities);(2) has adequate systems and controls to manage that function and to report on its performance to the UK recognised body;(3) is managed by persons of sufficient
In determining whether a UK recognised body continues to satisfy the recognition requirements where it has made arrangements for any function to be performed on its behalf by any person , the FCA3 may have regard, in addition to any of the matters described in the appropriate section of this chapter, to the arrangements made to exercise control over the performance of the function, including:3(1) the contracts (and other relevant documents) between the UK recognised body and the
Subject to DTR 7.2.11 R, an issuer which is required to prepare a group directors’ report within the meaning of section 415(2) of the Companies Act 2006 must include in that report a description of the main features of the group’s internal control and risk management systems in relation to the financial reporting process for the undertakings included in the consolidation, taken as a whole4. In the event that the issuer presents its own annual report and its consolidated annual
If the RRD group includes an IFPRU 730k firm that is not a significant IFPRU firm (and does not include an IFPRU 730k firm that is a significant IFPRU firm) the group recovery plan must include:(1) a summary of the key elements of the group recovery plan;(2) information on the governance of the group, including: (a) how the group recovery plan is integrated into the corporate governance of the group; and (b) the group's overall risk management framework;(3) a description of the
(1) A firm or qualifying parent undertaking must update the group recovery plan at least:(a) annually, if the group: (i) includes an IFPRU 730k firm that is a significant IFPRU firm; or(ii) does not include an IFPRU 730k firm; or(b) once every two years, if the group includes an IFPRU 730k firm that is not a significant IFPRU firm.(2) A firm or qualifying parent undertaking must also update its group recovery plan after a change to any of the following which could materially affect
3(1) A firm must have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.8(2) [deleted]1313[Note: article 74
A common platform firm and a management company10 must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with SYSC 4.1.4 R to SYSC 4.1.9 R and take appropriate measures to address any deficiencies.[Note: article 5(5) of the MiFID implementing Directive and article 4(5) of the UCITS implementing Directive]10
Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to form an audit committee. An audit committee could typically examine management's process for ensuring the appropriateness and effectiveness of systems and controls, examine the arrangements made by management to ensure compliance with requirements and standards under the regulatory system, oversee the functioning of the internal audit function (if applicable) and provide an interface
The records and internal controls required by CASS 8.3.1 R must include:(1) an up-to-date list of each mandate that the firm has obtained, including a record of any conditions placed by the client or the firm's management on the use of the mandate and, where a mandate was received in non-written form in the course of, or in connection with, its designated investment business, the details required under CASS 8.3.2C R1;(2) a record of each transaction entered into under each mandate
Before entering into, or significantly changing, an outsourcing arrangement, a firm should:(1) analyse how the arrangement will fit with its organisation and reporting structure; business strategy; overall risk profile; and ability to meet its regulatory obligations;(2) consider whether the agreements establishing the arrangement will allow it to monitor and control its operational risk exposure relating to the outsourcing;(3) conduct appropriate due diligence of the service
In some circumstances, a firm may find it beneficial to use externally validated reports commissioned by the service provider, to seek comfort as to the adequacy and effectiveness of its systems and controls. The use of such reports does not absolve the firm of responsibility to maintain other oversight. In addition, the firm should not normally have to forfeit its right to access, for itself or its agents, to the service provider's premises.
The model review process may be conducted through a series of visits covering various aspects of the firm's control and IT environment. Before these visits the appropriate regulator may ask the firm to provide some information relating to its waiver request accompanied by some specified background material. The model review visits are organised on a timetable that allows a firm being visited sufficient time to arrange the visit and provide the appropriate pre-visit informatio
As part of the model review process, the following may be reviewed: organisational structure and personnel; details of the firm's market position in the relevant products; profit and risk information; valuation and reserving policies; operational controls; IT systems; model release and control procedures; risk management and control framework; risk appetite and limit structure and future developments relevant to model recognition.
(1) A firm should have a conceptually sound risk management system which is implemented with integrity and should meet the minimum standards set out in this paragraph.(2) A firm should have a risk control unit that is independent of business trading units and reports directly to senior management. The unit should be responsible for designing and implementing the firm's risk management system. It should produce and analyse daily reports on the risks run by the business and on the
Recognised bodies may receive complaints from time to time from their members and other people, both about the conduct of members and about the recognised body itself. A UK recognised body will need to have satisfactory arrangements to investigate these complaints in order to satisfy the relevant recognition requirements (see REC 2.15 and REC 2.16) or RAP recognition requirements (see REC 2A.3.2 G).1
Where the FCA2 receives a complaint about a recognised body, it will, in the first instance, seek to establish whether the complainant has approached the recognised body. Where this is not the case, the FCA2 will ask the complainant to complain to the recognised body. Where the complainant is dissatisfied with the handling of the complaint, but has not exhausted the recognised body's own internal complaints procedures (in the case of a complaint against a UK recognised body, including
A common platform firm and a management company5 must, where appropriate and proportionate in view of the nature, scale and complexity of its business and the nature and range of its financial services and activities,5 undertaken in the course of that business, establish and maintain an internal audit function which is separate and independent from the other functions and activities of the firm and which has the following responsibilities:5(1) to establish, implement and maintain
1The term 'internal audit function' in SYSC 6.2.1 R (and SYSC 4.1.11 G) refers to the generally understood concept of internal audit within a firm, that is, the function of assessing adherence to and the effectiveness of internal systems and controls, procedures and policies.The internal audit function is not a controlled function itself, but is part of the systems and controls function (CF28).42
(1) CASS
5.4 permits a firm, which
has adequate resources, systems and controls, to declare a trust on terms
which expressly authorise it, in its capacity as trustee, to make advances
of credit to the firm'sclients. The client
money trust required by CASS
5.4 extends to such debt obligations
which will arise if the firm,
as trustee, makes credit advances, to enable a client's3premium obligations
to be met before the premium is
remitted to the firm and similarly
if it allows claims
A firm may
not handle client money in accordance
with the rules in this section
unless each of the following conditions is satisfied:(1) the firm must have and maintain systems and controls
which are adequate to ensure that the firm is
able to monitor and manage its client money transactions
and any credit risk arising from the operation of the trust arrangement and,
if in accordance with CASS 5.4.2 R a firm complies
with both the rules in CASS
5.3 and CASS
5.4, such systems and
A firm should establish and maintain appropriate systems and controls for the management of the risks involved in expected changes, such as by ensuring:(1) the adequacy of its organisation and reporting structure for managing the change (including the adequacy of senior management oversight);(2) the adequacy of the management processes and systems for managing the change (including planning, approval, implementation and review processes); and(3) the adequacy of its strategy
The high level requirement for appropriate systems and controls at SYSC 3.1.1 R applies at all times, including when a business continuity plan is invoked. However, the appropriate regulator recognises that, in an emergency, a firm may be unable to comply with a particular rule and the conditions for relief are outlined in GEN 1.3 (Emergency).
BIPRU 7.10 sets out the minimum standards that the appropriate regulator expects firms to meet before granting a VaR model permission. The appropriate regulator will not grant a VaR model permission unless it is satisfied that the requirements of BIPRU 7.10 are met and it is satisfied about the procedures in place at a firm to calculate the model PRR. In particular the appropriate regulator will not normally grant a VaR model permission unless it is satisfied about the quality
As part of the process for dealing with an application for a VaR model permission the following may be reviewed: organisational structure and personnel; details of the firm's market position in the relevant products; revenue and risk information; valuation and reserving policies; operational controls; information technology systems; model release and control procedures; risk management and control framework; risk appetite and limit structure; future developments relevant to model
In assessing whether the VaR model is implemented with integrity as described in BIPRU 7.10.58R (Stress testing), the appropriate regulator will consider in particular the information technology systems used to run the model and associated calculations. The assessment may include:(1) feeder systems; risk aggregation systems; time series databases; the VaR model system; stress testing system; the backtesting system including profit and loss cleaning systems where appropriate; data
In determining whether a matter is significant, a firm should have regard to:(1) the size of any monetary loss or potential monetary loss to itself or its customers (either in terms of a single incident or group of similar or related incidents);(2) the risk of reputational loss to the firm; and(3) whether the incident or a pattern of incidents reflects weaknesses in the firm's internal controls.
Under Principle 11 and SUP 15.3.1 R, a firm must notify the appropriate regulator immediately of any operational risk matter of which the appropriate regulator would reasonably expect notice. SUP 15.3.8 G provides guidance on the occurrences that this requirement covers, which include a significant failure in systems and controls and a significant operational loss.
1A firm operating an MTF must:(1) report to the FCA:(a) significant breaches of the firm's rules;(b) disorderly trading conditions; and(c) conduct that may involve market abuse; (2) supply the information required under this rule without delay to the FCA and any other authority competent for the investigation and prosecution of market abuse; and (3) provide full assistance to the FCA, and any other authority competent for the investigation and prosecution of market abuse, in
A firm should consider whether it should notify the FCA and the PRA (if it is a PRA-authorisedfirm) or the FCA (in all other cases) under Principle 11 if:(1) the firm expects or knows its auditor will qualify his report on the audited annual financial statements or add an explanatory paragraph; or (2) the firm receives a written communication from its auditor commenting on internal controls (see also SUP 15.3).