Related provisions for BIPRU 4.3.31

1 - 20 of 110 items.
Results filter

Search Term(s)

Filter by Modules

Filter by Documents

Filter by Keywords

Effective Period

Similar To

To access the FCA Handbook Archive choose a date between 1 January 2001 and 31 December 2004 (From field only).

COCON 4.2.1GRP
An SMF manager's role and responsibilities are set out in the statement of responsibilities.
COCON 4.2.2GRP
(1) Strategy and plans will often dictate the risk which the business is prepared to take on and high-level controls will dictate how the business is to be run. If the strategy of the business is to enter high-risk areas, then the degree of control and strength of monitoring reasonably required within the business will be high. In organising the business for which they are responsible, senior conduct rules staff members should bear this in mind.4(2) (a) Strategy and plans for
COCON 4.2.3GRP
To comply with the obligations of rule SC1 in COCON 2.2.1R, senior conduct rules staff members may find it helpful to review whether each area of the business for which they are responsible has been clearly assigned to a particular individual or individuals.
COCON 4.2.6GRP
Senior conduct rules staff members should take reasonable steps to satisfy themselves, on reasonable grounds, that each area of the business for which they are responsible has appropriate policies and procedures for reviewing the competence, knowledge, skills and performance of each individual member of staff.
COCON 4.2.7GRP
If an individual's performance is unsatisfactory, the relevant senior conduct rules staff member should review carefully whether to allow that individual to continue in their position. In particular:(1) If the senior conduct rules staff member is aware of concerns relating to the compliance with requirements and standards of the regulatory system (or internal controls) of the individual concerned, or of staff reporting to that individual, the senior conduct rules staff member
COCON 4.2.8GRP
As part of organising the business, a senior conduct rules staff member should ensure that there is an orderly transition when another senior conduct rules staff member under their oversight or responsibility ceases to perform that function and someone else takes up that function. It would be appropriate for the individual vacating such a position to prepare a comprehensive set of handover notes for their successor. Those notes should, at a minimum, specify any matter that is
COCON 4.2.9GRP
In organising the business, a senior conduct rules staff member should pay attention to any temporary vacancies which exist. They should take reasonable steps to ensure that suitable cover for responsibilities is arranged. This could include taking on temporary staff or external consultants. The senior conduct rules staff member should assess the risk to compliance with the requirements and standards of the regulatory system as a result of the vacancy, and the higher the risk
COCON 4.2.10GRP
The following is a non-exhaustive list of examples of conduct that would be in breach of rule SC1.(1) Failing to take reasonable steps to apportion responsibilities for all areas of the business under the approved person's control.(2) Failing to take reasonable steps to apportion responsibilities clearly among those to whom responsibilities have been delegated, which includes establishing confusing or uncertain:(a) reporting lines; or(b) authorisation levels; or(c) job descriptions
COCON 4.2.11GRP
A senior conduct rules staff member must take reasonable steps to ensure their firm's compliance with the relevant requirements and standards of the regulatory system and to ensure that all staff are aware of the need for compliance.
COCON 4.2.12GRP
Senior conduct rules staff members do not themselves need to put in place the systems of control for the business, unless it is within their role and responsibilities. However, they should take reasonable steps to ensure that the business for which they are responsible has operating procedures and systems with well-defined steps for complying with the detail of relevant requirements and standards of the regulatory system and for ensuring that the business is run prudently. The
COCON 4.2.13GRP
Where a senior conduct rules staff member becomes aware of actual or suspected problems that involve possible breaches of relevant requirements and standards of the regulatory system within their area of responsibility, they should take reasonable steps to ensure that they are dealt with in a timely and appropriate manner. This may involve an adequate investigation to find out whether any systems or procedures have failed and why. They may need to obtain expert opinion on the
COCON 4.2.14GRP
If an issue raises questions of law or interpretation, senior conduct rules staff members may need to take legal advice. If appropriate legal expertise is not available in-house, they may need to consider appointing an appropriate external adviser.
COCON 4.2.15GRP
Where independent reviews of systems and procedures have been undertaken and result in recommendations for improvement, the senior conduct rules staff member responsible for that business area should ensure that, unless there are good reasons not to, any reasonable recommendations are implemented in a timely manner. What is reasonable will depend on the nature of the issue to be addressed and the cost of the improvement. It will be reasonable for a senior conduct rules staff member
COCON 4.2.16GRP
The following is a non-exhaustive list of examples of conduct that would be in breach of rule SC2.(1) Failing to take reasonable steps to implement (either personally or through a compliance department or other departments) adequate and appropriate systems of control to comply with the relevant requirements and standards of the regulatory system for the activities of the firm.(2) Failing to take reasonable steps to monitor (either personally or through a compliance department
COCON 4.2.17GRP
An SMF manager may delegate the investigation, resolution or management of an issue or authority for dealing with a part of the business to individuals who report to them or to others.
COCON 4.2.18GRP
A senior conduct rules staff member should have reasonable grounds for believing that the delegate has the competence, knowledge, skill and time to deal with the issue. For instance, if the compliance department only has sufficient resources to deal with day-to-day issues, it would be unreasonable to delegate to it the resolution of a complex or unusual issue without ensuring it had sufficient capacity to deal with the matter adequately.
COCON 4.2.19GRP
The FCA recognises that a senior conduct rules staff member will have to exercise their own judgement in deciding how issues are dealt with and sometimes that judgement will, with the benefit of hindsight, be shown to have been wrong. The senior conduct rules staff member will not be in breach of rule SC3 in COCON 2.2.3R unless they fail to exercise due and reasonable consideration before they delegate the resolution of an issue or authority for dealing with a part of the business
COCON 4.2.20GRP
Senior conduct rules staff members will not always manage the business on a day-to-day basis themselves. The extent to which they do so will depend on a number of factors, including the nature, scale and complexity of the business and their position within it. The larger and more complex the business, the greater the need for clear and effective delegation and reporting lines, which may involve documenting the scope of that delegation and the reporting lines in writing. The FCA
COCON 4.2.22GRP
Although a senior conduct rules staff member may delegate the resolution of an issue, or authority for dealing with a part of the business, they cannot delegate responsibility for it. It is that person's responsibility to ensure that they receive reports on progress and question those reports where appropriate. For instance, if progress appears to be slow or if the issue is not being resolved satisfactorily, the senior conduct rules staff member may need to challenge the explanations
COCON 4.2.23GRP
The following is a non-exhaustive list of examples of conduct that would be in breach of rule SC3.(1) Failing to take reasonable steps to maintain an appropriate level of understanding about an issue or part of the business that the senior conduct rules staff member has delegated to an individual(s) (whether in-house or outside contractors) including:(a) disregarding an issue or part of the business once it has been delegated;(b) failing to require adequate reports once the resolution
COCON 4.2.24GRP
In determining whether or not the conduct of a senior conduct rules staff member complies with rule SC3 in COCON 2.2.3R, the factors which the FCA would expect to take into account include:(1) the competence, knowledge or seniority of the delegate; and (2) the past performance and record of the delegate.
COCON 4.2.26GRP
SC4 applies to senior conduct rules staff members in addition to rule 3 in COCON 2.1.3R. Although, the rules have some overlap, they are different. Rule 3 normally relates to responses from individuals to requests from the regulator, whereas rule SC4 imposes a duty on a senior conduct rules staff member to disclose appropriately any information of which the appropriate regulator would reasonably expect, including making a disclosure in the absence of any request or enquiry from
COCON 4.2.27GRP
Where a senior conduct rules staff member is responsible within the firm (individually or with other senior conduct rules staff members) for reporting matters to the regulator, failing promptly to inform the regulator concerned of information of which they are aware and which it would be reasonable to assume would be of material significance to the regulator concerned, whether in response to questions or otherwise, constitutes a breach of rule SC4 in COCON 2.2.4R.
COCON 4.2.28GRP
(1) If a senior conduct rules staff member comes across a piece of information that is something of3 which they think the FCA or PRA could reasonably expect notice, they should determine whether that information falls within the scope of their responsibilities:2(a) (for an SMF manager)2 by virtue of that person’sstatement of responsibilities; or2(b) (for an approved person performing a significant influence function in a Solvency II firm or a small non-directive insurer3) including
SYSC 4.7.4GRP
The purpose of this section is to ensure, together with the equivalent PRA requirements, that an SMF manager is responsible and accountable for every area of a firm's activities.
SYSC 4.7.7RRP

Table: FCA-prescribed senior management responsibilities

FCA-prescribed senior management responsibility

Explanation

Equivalent PRA-prescribed senior management responsibility

Part One (applies to all firms)

(1) Responsibility for the firm's performance of its obligations under the senior management regime

The senior management regime means the requirements of the regulatory system applying to relevant authorised persons insofar as they relate to SMF managers performing designated senior management functions, including SUP 10C (FCA senior management regime for approved persons in relevant authorised persons).

This responsibility includes:

(1) compliance with conditions and time limits on approval;

(2) compliance with the requirements about the statements of responsibilities (but not the allocation of responsibilities recorded in them);4

(3) compliance by the firm with its obligations under section 60A of the Act (Vetting of candidates by relevant authorised persons); and4

4(4) compliance by the firm with the requirements in SYSC 22 (Regulatory references) so far as they relate to the senior management regime, including the giving of references to another firm about an SMF manager or former SMF manager.

PRA-prescribed senior management responsibility 4.1(1)

(2) Responsibility for the firm's performance of its obligations under the employee certification regime

The employee certification regime means the requirements of sections 63E and 63F of the Act (Certification of employees) and all other requirements of the regulatory system about the matters dealt with in those sections, including:4

4(1) SYSC 5.2 (Certification Regime);

4(2) the requirements in SYSC 22 (Regulatory references) so far as they relate to the employee certification regime, including the giving of references to another firm about a certification employee or former certification employee; and

4(3) the corresponding PRA requirements.

PRA-prescribed senior management responsibility 4.1(2)

(3) Responsibility for compliance with the requirements of the regulatory system about the management responsibilities map

This responsibility does not include allocating responsibilities recorded in it

PRA-prescribed senior management responsibility 4.1(3)

(4) Overall responsibility for the firm's policies and procedures for countering the risk that the firm might be used to further financial crime

(1)2 This includes the function in SYSC 6.3.8R (firm must allocate to a director or senior manager overall responsibility within the firm for the establishment and maintenance of effective anti-money laundering systems and controls), if that rule applies to the firm.

(2)2 The firm may allocate this FCA-prescribed senior management responsibility to the MLRO but does not have to.

(3)2 If the firm does not allocate this FCA-prescribed senior management responsibility to the MLRO, this FCA-prescribed senior management responsibility includes responsibility for supervision of the MLRO.

None

2(4A) Acting as the firm’swhistleblowers’ champion

The whistleblowers’ champion’s allocated responsibilities are set out in SYSC 18.4.4R

Part Two (applies to all firms except for small CRR firms and credit unions)

(5) Responsibility for:

(a) leading the development of; and

(b) monitoring the effective implementation of;

policies and procedures for the induction, training and professional development of all members of the firm'sgoverning body.

PRA-prescribed senior management responsibility 4.1(13)

(6) Responsibility for monitoring the effective implementation of policies and procedures for the induction, training and professional development of all persons performing designated senior management functions on behalf of the firm other than members of the governing body.

PRA-prescribed senior management responsibility 4.1(5)

(7) Responsibility for:

(a) safeguarding the independence of; and

(b) oversight of the performance of;

the internal audit function, in accordance with SYSC 6.2 (Internal Audit)

This responsibility includes responsibility for:

(a) safeguarding the independence of; and

(b) oversight of the performance of;

a person approved to perform the PRA's Head of Internal Audit designated senior management function for the firm.

PRA-prescribed senior management responsibility 4.1(15)

(8) Responsibility for:

(a) safeguarding the independence of; and

(b) oversight of the performance of;

the compliance function in accordance with SYSC 6.1 (Compliance

).

This responsibility includes responsibility for:

(a) safeguarding the independence of; and

(b) oversight of the performance of;

the person performing the compliance oversight function for the firm.

PRA-prescribed senior management responsibility 4.1(16)

(9) Responsibility for:

(a) safeguarding the independence of; and

(b) oversight of the performance of;

the risk function, in accordance with SYSC 7.1.21R and SYSC 7.1.22R (Risk control).

This responsibility includes responsibility for:

(a) safeguarding the independence of; and

(b) oversight of the performance of;

a person approved to perform the PRA's Chief Risk designated senior management function for the firm.

PRA-prescribed senior management responsibility 4.1(17)

(10) Responsibility for overseeing the development of and implementation of the firm's remuneration policies and practices in accordance with SYSC 19D (Remuneration Code)

PRA-prescribed senior management responsibility 4.1(18)

Part Three (applies in specified circumstances)

(11) Overall responsibility for the firm's compliance with CASS

(A) This responsibility only applies to a firm to which CASS applies.

(B) A firm may include in this FCA-prescribed senior management responsibility whichever of the following functions apply to the firm:

(a) CASS 1A.3.1R (certain CASS compliance functions for a CASS small firm);

(b) CASS 1A.3.1AR (certain CASS compliance functions for a CASS medium firm or a CASS large firm);

(c) CASS 11.3.1R (certain CASS compliance functions for certain CASS small debt management firms); or

(d) CASS 11.3.4R (certain CASS compliance functions for a CASS large debt management firm);

but it does not have to.

(C) If the firm does not include the functions in (B) in this FCA-prescribed senior management responsibility, this FCA-prescribed senior management responsibility includes responsibility for supervision of the person performing the functions in (B) that apply to the firm.

None

Allocation of overall responsibility for a firm’s activities, business areas and management functions

SYSC 4.7.8RRP
(1) A firm must ensure that, at all times, one or more of its SMF managers have overall responsibility for each of the activities, business areas and management functions of the firm.(2) This rule does not require a firm to ensure that SMF managers have overall responsibility for any activity, business area or management function that is: (a) included in an FCA-prescribed senior management responsibility;(b) included in an PRA-prescribed senior management responsibility; or(c)
SYSC 4.7.9GRP
The purpose of SYSC 4.7.8R (Allocation of overall responsibility for a firm’s activities, business areas and management functions) is to avoid gaps. It is to make sure that an SMF manager has responsibility for every part of a firm's activities, business areas and management functions not otherwise covered by other parts of this section or by the equivalent PRA requirements.
SYSC 4.7.15GRP
When this section refers to a person having overall responsibility for a function, it does not mean that that person has day-to-day management control of that function.
SYSC 4.7.19GRP
The FCA expects a firm to allocate all the functions in SYSC 4.7.5R (Allocation of FCA-prescribed senior management responsibilities) and SYSC 4.7.8R (Allocation of overall responsibility for a firm’s activities, business areas and management functions) to an individual and not to a legal person.
SYSC 4.7.21GRP
(1) A person may have overall responsibility for a matter without being a member of the firm'sgoverning body, which means that (ignoring (2)) a relatively junior person could have overall responsibility for an activity of a firm.(2) However, the FCA expects that anyone who has overall responsibility for a matter:(a) will be sufficiently senior and credible; and(b) will have sufficient resources and authority;to be able to exercise his management and oversight responsibilities
SYSC 4.7.22GRP
SYSC 4.7.21G(2) also applies to someone who has responsibility for an FCA-prescribed senior management responsibility.
SYSC 4.7.23GRP
(1) It will be common for a small non-complex firm to divide overall responsibility for its activities between members of its governing body and not to assign overall responsibility for any activity to someone who is not a member.(2) However, when deciding how to divide up overall responsibility for its activities, a firm should avoid assigning such a wide range of responsibilities to a particular person so that the person is not able to carry out those responsibilities effectively.
SYSC 4.7.24GRP
(1) The FCA expects that normally a firm will allocate the FCA-prescribed senior management responsibility in rows (5), (7), (8), (9) and (10) of the table in SYSC 4.7.7R to an SMF manager who is a non-executive director of the firm.(2) The FCA expects that normally a firm will allocate:(a) the other FCA-prescribed senior management responsibilities; and(b) functions under SYSC 4.7.8R (Allocation of overall responsibility for a firm’s activities, business areas and management
SYSC 4.7.25GRP
(1) The FCA expects that a firm will not normally split an FCA-prescribed senior management responsibility between several SMF managers, with each only having responsibility for part.(2) The FCA expects that a firm will not normally allocate responsibility for:(a) an FCA-prescribed senior management responsibility; or(b) a function under SYSC 4.7.8R (Allocation of overall responsibility for a firm’s activities, business areas and management functions);to two or more SMF managers
SYSC 4.7.26GRP
(1) Although the norm should be for a firm to have a single individual performing each FCA-prescribed senior management responsibility or function allocated under SYSC 4.7.8R (Allocation of overall responsibility for a firm’s activities, business areas and management functions), there may be circumstances in which responsibilities can be divided or shared (see (2)).(2) A firm should only divide or share a responsibility where this is appropriate and can be justified.(3) For example,
SYSC 4.7.30GRP
(1) As explained in SYSC 4.7.2R, there is no territorial limitation to the application of this section.(2) This means that a firm should allocate:(a) the FCA-prescribed senior management responsibilities; and(b) overall responsibilities under SYSC 4.7.8R;so that they cover activities, transactions, business areas and management functions that are located or take place wholly or partly outside, as well as ones in, the United Kingdom.
SYSC 4.7.33GRP
A firm may rely on an employee of a company in the same group to perform an FCA-prescribed senior management responsibility. However, SYSC 4.7.5R (Allocation of FCA-prescribed senior management responsibilities) also requires this to be arranged in such a way that the person performing the responsibility is approved as an SMF manager of the firm.
SYSC 4.7.35GRP
(1) A firm should allocate between its SMF managers responsibility for every area of its activities.(2) This is required by a mixture of:(a) SYSC 4.7.5R (Allocation of FCA-prescribed senior management responsibilities); (b) SYSC 4.7.8R (Allocation of overall responsibility for a firm’s activities, business areas and management functions); (c) the requirements for FCA-designated senior management functions; and(d) the corresponding PRA requirements.
SYSC 4.7.36GRP
(1) Having overall responsibility for an activity under SYSC 4.7.8R requires approval as an SMF manager. This is because a person who has overall responsibility for an activity will be:(a) performing the other overall responsibility function; or(b) approved to perform another designated senior management function.(2) The other overall responsibility function applies because this is the effect of SUP 10C.7.1R (definition of other overall responsibility function).(3) SUP 10C.7.1R
SYSC 4.7.38GRP
SYSC 4.7.26G (a firm should normally allocate responsibility for particular areas to a single SMF manager) does not mean that the FCA expects there to be a separate person with overall responsibility for each individual business area in SYSC 4 Annex 1G (The main business activities and functions of a relevant authorised person).
SUP 10C.11.1GRP
(1) Section 60(2A) of the Act (Applications for approval) says that, if a firm is applying for approval from the FCA or the PRA for a person to perform a designated senior management function, the regulator to which the application is being made must require the application to contain, or be accompanied by, a statement setting out the aspects of the affairs of the firm which it is intended that the person will be responsible for managing in performing the function. (2) That statement
SUP 10C.11.2GRP
(1) This section is about the FCA's requirements for statements of responsibilities.(2) However, where applications and notifications relate both to FCA-designated senior management functions and to PRA ones, the regulators’ requirements are consistent with each other.(3) The general material in this section (SUP 10C.11.13G to SUP 10C.11.35G) applies to statements of responsibilities submitted in all the cases covered by this section. It covers statements of responsibilities
SUP 10C.11.3DRP
An application by a firm for the FCA's approval under section 59 of the Act (Approval for particular arrangements) for the performance of an FCA-designated senior management function must be accompanied by a statement of responsibilities (SUP 10C Annex 5D).
SUP 10C.11.5GRP
Under section 62A of the Act, a firm must provide the FCA with a revised statement of responsibilities if there has been any significant change in the responsibilities of an FCA-approved SMF manager. More precisely:(1) if a firm has made an application (which was granted) to the FCA for approval for a person to perform an FCA-designated senior management function; (2) the application contained, or was accompanied by, a statement of responsibilities; and(3) since the granting of
SUP 10C.11.6GRP
(1) This paragraph sets out non-exhaustive examples of potential changes which, in the FCA's view, may be significant and thus require the submission of a revised statement of responsibilities.(2) A variation of the FCA-approved SMF manager's approval, either at the firm's request or at the FCA's or PRA's initiative, resulting in the imposition, variation or removal of a condition or time limit, may involve a significant change.(3) Fulfilling or failing to fulfil a condition on
SUP 10C.11.7DRP
(1) A firm must provide a revised statement of responsibilities under section 62A of the Act under cover of Form J (SUP 10C Annex 5D).(2) A firm must not use Form J where the revisions are to be made as part of arrangements involving an application:(a) for approval for the FCA-approved SMF manager concerned to perform another designated senior management function for the same firm; or(b) to vary (under section 63ZA of the Act (Variation of senior manager’s approval at request
SUP 10C.11.12RRP
If:(1) an FCA-approved SMF manager ceases to perform a designated senior management function for a firm; but(2) continues to perform an FCA-designated senior management function for that firm;the firm must (under Form J) submit a statement of responsibilities for the remaining functions.
SUP 10C.11.13DRP
(1) A firm must prepare statements of responsibilities (including revised ones) for one of its FCA-approved SMF managers as a single document covering every designated senior management function for which:(a) that FCA-approved SMF manager has approval; or(b) for which an application for approval is being made;for that firm.(2) The statement must be up to date for each designated senior management function.
SUP 10C.11.14GRP
(1) SUP 10C.11.13D means that, at any time, a firm should have a single document for an SMF manager that:(a) contains statements of responsibilities for all designated senior management functions for which that SMF manager has approval; and(b) where relevant, contains statements of responsibilities for all designated senior management functions for which the firm is applying for approval.(2) The document in (1) should cover PRA-designated senior management functions as well as
SUP 10C.11.19GRP

Table: examples of how the requirements for submitting statements of responsibilities work

1Example

Comments

(1) A firm applies for approval for A to perform the executive director function and the money laundering function.

There should be a single statement of responsibilities document that covers the two functions.

The combined document should be included with the application for approval.

(2) Firm X applies for approval for A to perform the executive director function. Firm Y applies for approval for A to perform the money laundering function. Both firms are relevant authorised persons.

There should be separate statements of responsibilities for each firm.

This is the case even if Firm X and Firm Y are in the same group.

(3) A firm applies for approval for A to perform an FCA-designated senior management function and a PRA-designated senior management function.

The arrangements in SUP 10C.9 for FCA functions to be absorbed into PRA ones do not apply and so there are separate applications to the FCA and PRA.

The single statement of responsibilities document should cover both the FCA and the PRA functions.

(4) A has approval to perform the executive director function. Later, A is to be appointed to perform the money laundering function for the same firm. This will also result in substantial changes to A’s duties as an executive director.

The firm should not use Form J to notify the changes to A’s duties as an executive director.

The firm should submit a revised single statement of responsibilities document along with the application to perform the money laundering function.

The single statement of responsibilities document should cover both functions. The part relating to A’s duties as an executive director should be updated.

(5) A has approval to perform the executive director function. Later, A is to be appointed to perform the PRA's chief risk officer designated senior management function for the same firm. This will also result in substantial changes to A’s duties as an executive director.

The firm should not use Form J to notify the changes to A’s duties as an executive director.

The firm should submit a revised single statement of responsibilities document along with the application to perform the PRA function.

The firm should not submit the revised single statement of responsibilities document separately to the FCA. Instead, it should include it as part of the application to the PRA.

The single statement of responsibilities document should cover both the FCA and the PRA functions. The part relating to A’s duties as an executive director should be updated.

(6) A has approval to perform the money laundering function. The approval to perform the money laundering function is subject to a condition. The firm is applying to vary that condition.

The firm should include a revised statement of responsibilities with the application.

The firm should not use Form J. It should submit a revised statement of responsibilities along with the application to vary the approval.

(7) A has approval to perform the executive director function and the money laundering function for the same firm. The approval to perform the money laundering function is subject to a condition. The firm is applying to vary that condition. As part of the same arrangements, there are to be substantial changes to A’s job as an executive director.

The firm should not use Form J to notify the changes to A’s duties as an executive director.

The firm should submit a revised single statement of responsibilities document along with the application to vary the approval for the money laundering function.

The single statement of responsibilities document should be updated and should cover both functions.

(8) A has approval to perform the executive director function and the PRA's chief risk officer designated senior management function for the same firm. The arrangements in SUP 10C.9 for FCA functions to be absorbed into PRA ones do not apply and so there are separate FCA and PRA approvals.

The approval to perform the PRA's chief risk officer designated senior management function is subject to a condition. The firm is applying to vary that condition. As part of the same arrangements, there are to be substantial changes to A’s job as an executive director.

The firm should not use Form J to notify the changes to A’s duties as an executive director.

The firm should submit a revised single statement of responsibilities document along with the application to vary the PRA function.

The firm should not submit the revised document separately to the FCA. Instead it should include it as part of the application to the PRA.

The single statement of responsibilities document should cover both the FCA and the PRA functions and should be updated.

(9) A has approval to perform the executive director function and the money laundering function for the same firm.

Sometime later, A is to give up the

money laundering function and take up the PRA's chief risk officer designated senior management function. This will involve major changes to A’s role as executive director.

The answer to example (5) applies.

The application to the PRA to perform the PRA function should be accompanied by a single document that:

(1) contains the statement of responsibilities for the new function;

(2) contains the revised statement of responsibilities for the executive director function; and

(3) reflects the fact that A is no longer performing the money laundering function.

(10) A firm has approval for A to perform the executive director function and the money laundering function.

A then ceases to perform the money laundering function but continues to perform the executive director function.

The firm must submit:

(a) Form C for the money laundering function;

(b) Form J; and

(c) a single updated statement of responsibilities document that covers the executive director function.

(11) A has approval to perform the executive director function and the PRA's chief risk officer designated senior management function for the same firm. Later, A gives up his role as chief risk officer.

The firm must submit:

(a) Form C for the PRA function;

(b) Form J; and

(c) a single updated statement of responsibilities document that covers the executive director function.

The firm should not submit the revised single statement of responsibilities document separately to the FCA. Instead, it should include it as part of the notification to the PRA.

(12) A has approval to perform the executive director function. Later, A is to be appointed to perform the money laundering function for the same firm.

The application is rejected.

The single statement of responsibilities document submitted as part of the application will no longer be correct as it reflects the proposed new approval.

If the only changes to the single document in the version sent with the application are ones, clearly and exclusively tied to the new function, the firm will not need to amend the document as the changes will automatically fall away.

In any other case (for instance if the application is approved conditionally), it is likely that the firm will need to update it using Form J.

In any case, the FCA may contact the firm to agree a revised single statement of responsibilities document.

(13) A has approval to perform the executive director function. Later, A is to be appointed to perform the money laundering function for the same firm.

This will not result in any changes to A’s duties as an executive director. However, there have been some insignificant changes to A’s role as an executive director since the firm submitted the most recent single statement of responsibilities document. The changes are not connected to A’s appointment to perform the money laundering function.

The answer for example (4) applies.

The single statement of responsibilities document should be updated to cover the changes to A’s duties as executive director, as well as covering A’s new money laundering role. It does not matter that the changes to A’s role as an executive director are not significant.

(14) A has approval to perform the executive director function. Later, A’s business unit grows in size and so the firm needs to apply for A to be approved to perform the PRA's Head of Key Business Area designated senior management function. However, A’s responsibilities do not change.

The firm should submit a revised single statement of responsibilities document along with the application to perform the PRA function.

The firm should submit a single statement of responsibilities document that covers both the FCA and the PRA functions.

It should not submit the revised single statement of responsibilities document separately to the FCA. Instead, it should include it as part of the application to the PRA.

2(15) Firm X has a branch in the United Kingdom. Firm Y is a UK authorised subsidiary3 of firm X.

Firm X is a third-country relevant authorised person and firm3 Y is a UK relevant authorised person.

Both firms apply for approval for the same individual (P) to perform the executive3director function.

There should be separate statement of responsibilities for P for each firm.

The single statement of responsibilities document means the single document described in SUP 10C.11.13D

SUP 10C.11.23GRP
A statement of responsibilities should:(1) show clearly how the responsibilities that the SMF manager performs as part of their FCA-designated senior management function fit in with the firm's overall governance and management arrangements; and(2) be consistent with the firm'smanagement responsibilities map. (See SYSC 4.5.9G, SYSC 4.6.12G and SYSC 4.6.27G2 for more about this.)
SUP 10C.11.26GRP
(1) SYSC or another part of the regulatory system will generally impose requirements (referred to as ‘prescribed requirements’ in this paragraph) that relate to a particular post or set of responsibilities. (2) For instance, these include:(a) the responsibilities that go with the FCA required functions; and(b) the FCA-prescribed senior management responsibilities, the PRA-prescribed senior management responsibilities and the PRA-prescribed UK branch senior management responsibilities2.(3)
SUP 10C.11.29GRP
(1) The definition of every FCA-designated senior management function contains a responsibility which is inherent, inseparable from and intrinsically built into the specific role. (2) In many ways, this inherent responsibility is the most important responsibility of any given SMF manager, as it provides a rationale as to why that specific function is subject to pre-approval by the FCA in the first place.(3) Even where an SMF manager has not been allocated any other responsibilities
SUP 10C.11.32GRP
(1) Where:(a) an FCA-prescribed senior management responsibility; or(b) any function allocated under SYSC 4.7.8R (Allocation of overall responsibility for a firm’s activities, business areas and management functions) or SYSC 4.8.10R (Local responsibility for a branch’s activities, business areas and management functions)2;is divided or shared between several SMF managers, the statement of responsibilities for each SMF manager should:(c) explain why this has been done; and(d) give
DEPP 4.1.1GRP
1All statutory notice decisions under executive procedures and decisions referred to in DEPP 2.5.6A G3 will be taken either by a senior staff committee or by an individual FCA3 staff member.3
DEPP 4.1.2GRP
In the3 case of a senior staff committee,3 the decision will be taken by FCA3 staff who have not been directly involved in establishing the evidence on which the decision is based or by two or more FCA staff who include a person not directly involved in establishing that evidence,3 except in accordance with section 395(3) of the Act.33
DEPP 4.1.3GRP
The FCA's3 senior executive committee will from time to time determine that particular categories of statutory notice decision to be taken under executive procedures and decisions referred to in DEPP 2.5.6A G3 will be taken by a senior staff committee.3
DEPP 4.1.4GRP
A senior staff committee will consist of such FCA3 staff members as the FCA's3 senior executive committee may from time to time determine. The FCA's3 senior executive committee may authorise the chairman of a senior staff committee to select its other members. A senior staff committee is accountable for its decisions to the FCA's3 senior executive committee and, through it, to the FCA3 Board.33333
DEPP 4.1.5GRP
A senior staff committee may operate through standing or specific sub-committees to consider particular decisions or classes of decision, for which accountability will lie through the committee. Each meeting of a senior staff committee, or sub-committee, will include:(1) an individual with authority to act as its chairman; and(2) at least two other members.
DEPP 4.1.6GRP
A senior staff committee will operate on the basis of a recommendation from an FCA3 staff member of at least the level of associate, and with the benefit of legal advice from an FCA3 staff member of at least the level of associate.33
DEPP 4.1.7GRP
Statutory notice decisions to be taken under executive procedures and decisions referred to in DEPP 2.5.6A G,3 and not falling within the responsibility of a senior staff committee, will be taken by an individual FCA3 staff member. The decision will be:3(1) made by an executive director of the FCA3 Board or his delegate (who will be of at least the level of associate);3(2) on the recommendation of an FCA3 staff member of at least the level of associate; and3(3) with the benefit
DEPP 4.1.10GRP
If an individual responsible for a decision under executive procedures (or a more senior FCA3 staff member with responsibilities in relation to the decision concerned) considers that it warrants collective consideration, the individual may:3(1) take the decision himself, following consultation with other FCA3 staff members, as above; or3(2) refer it to a senior staff committee, which will take the decision itself.
DEPP 4.1.11GRP
(1) FCA3staff are required by their contract of employment to comply with a code of conduct which imposes strict rules to cover the handling of conflicts of interest which may arise from personal interests or associations. FCA3 staff subject to a conflict of interest must declare that interest to the person to whom they are immediately responsible for a decision.33(2) If a member of a senior staff committee has a potential conflict of interest in any matter in which he is asked
DEPP 4.1.12GRP
The secretariat to the senior staff committee will record and document all disclosures of potential conflicts of interest and the steps taken to manage them.
DEPP 4.1.13GRP
The procedure for taking decisions under executive procedures will generally be less formal and structured than that for decisions by the RDC. Broadly, however, FCA3 staff responsible for taking statutory notice decisions under executive procedures will follow a procedure similar to that described at DEPP 3.2.7 G to DEPP 3.2.27 G for the RDC except that:3(1) in a case where the decision will be taken by a senior staff committee: (a) the chairman or deputy chairman of the senior
SUP 10C.9.2GRP
Both the FCA and the PRA may specify a function as a designated senior management function in relation to a PRA-authorised person.
SUP 10C.9.3GRP
If a person's job for a firm involves performing: (1) an FCA-designated senior management function, the firm should apply to the FCA for approval;(2) a PRA-designated senior management function, the firm should apply to the PRA for approval;(3) both an FCA-designated senior management function and a PRA-designated senior management function, the firm should apply to both the FCA and the PRA for approval (the purpose of SUP 10C.9 is to cut down the need for this sort of dual a
SUP 10C.9.4GRP
The FCA is under a duty, under section 59A of the Act (Specifying functions as controlled functions: supplementary), to exercise the power to specify any senior management function as an FCA controlled function in a way that it considers will minimise the likelihood that approvals need to be given by both the FCA and the PRA for the performance by a person of senior management functions in relation to the same PRA-authorised person.
SUP 10C.9.6GRP
(1) SUP 10C.9.8R applies when a firm is seeking approval from the PRA for a candidate to perform a PRA controlled function and the intention is that the candidate will also perform what would otherwise be an FCA governing function once the PRA gives its approval. SUP 10C.9.8R works by disapplying that FCA governing function.(2) Where (1) applies, the activities within that FCA governing function are included in the PRA controlled function for which the person has approval. Chapter
SUP 10C.9.7GRP
(1) SUP 10C.9.9G gives some examples of how SUP 10C.9.8R works.(2) The examples do not cover the other overall responsibility function because that function does not apply if the person holds any other designated senior management function for the same firm. See the table in SUP 10C.7.3G for examples of how this works.
SUP 10C.9.8RRP
A person (referred to as ‘A’ in this rule) is not performing an FCA governing function (referred to as the ‘particular’ FCA governing function in this rule) in relation to a PRA-authorised person (referred to as ‘B’ in this rule), at a particular time, if:(1) A has been approved by the PRA to perform any PRA-designated senior management function in relation to B;(2) throughout the whole of the period between the time of the PRA approval in (1) and the time in question, A has been
SUP 10C.9.9GRP

Table: Examples of how the need for dual FCA and PRA approval in relation to PRA-authorised persons is reduced

1Example

Whether FCA approval required

Whether PRA approval required

Comments

(1) A is appointed as chief risk officer and an executive director.

No. He is not treated as performing the executive director function.

Yes

Chief risk officer is a PRA-designated senior management function. A’s functions as a director will be included in the PRA-designated senior management function. To avoid the need for FCA approval, A’s appointment as director should not take effect before PRA approval for the chief risk officer role.

(2) Same as example (1), except that A will take up the role as an executive director slightly later because the approval is needed from the firm's shareholders or governing body.

No

Yes

The answer for (1) applies. The arrangements in this section apply if the application to the PRA says that A will start to perform the potential FCA governing function around the time of the PRA approval as well as at that time.

(3) Same as example (1) but the application to the PRA does not mention that it is also intended that A is to be an executive director.

Yes, to perform the executive director function.

Yes

SUP 10C.9.8R does not apply if the application for PRA approval does not say that A will also be performing what would otherwise be an FCA governing function.

(4) A is to be appointed as chief executive and an executive director.

No. A is not treated as performing the executive director function.

Yes

Being a chief executive is a PRA-designated senior management function. A’s functions as a director will be included in the PRA controlled function.

(5) A is appointed as chief risk officer. Later, A is appointed as an executive director while carrying on as chief risk officer.

Yes, when A takes up the director role. The executive director function applies.

Yes, when A takes up the chief risk officer role.

SUP 10C.9.8R does not apply because, when the firm applied for approval for A to perform the PRA chief risk officer designated senior management function, there was no plan for A also to perform the executive director function.

(6) A is appointed as an executive director. Later, A takes on the chief risk officer function and remains as an executive director.

Yes, when A is appointed as director. The executive director function applies.

Yes, when A takes up the chief risk officer role.

When A is appointed as chief risk officer, A is still treated as carrying on the executive director function. A retains the status of an FCA-approved person.

(7) A is appointed as chief risk officer. A then stops performing that role and for a while does not perform any controlled function for that firm. Later, A is appointed as an executive director with the same firm.

Yes, when A is appointed as an executive director. The executive director function applies.

Yes, when A takes up the chief risk officer role.

SUP 10C.9.8R does not apply because there is no current PRA approval when A is being appointed as a director.

(8) A is appointed as an executive director and chief risk officer at the same time. Later, A gives up the role as chief risk officer but remains as an executive director.

No, on A’s first appointment (see example (1)). But when A gives up the role as chief risk officer, FCA approval is needed to perform the executive director function.

Form E should be used. The application should state that it is being made as a result of A ceasing to perform a PRA-designated senior management function.

Form A should be used if there have been changes in A’s fitness (SUP 10C.10.9D(4))

Yes, on A’s first appointment.

When A stops being a chief risk officer, A stops performing a PRA-designated senior management function. However, being an executive director requires FCA approval. A does not have that approval because A did not need it when A was first appointed.

The combined effect of SUP 10C.9.8R and the relevant PRA rules is that the firm has three months to secure approval by the FCA. During that interim period, A keeps the status of a PRA approved person performing the director element of the PRA chief risk designated senior management function - which is included in that function under relevant PRA rules. The relevant PRA rules say that, during this transitional period, A is still treated as performing the PRA chief risk designated senior management function and SUP 10C.9.8R says that, for as long as A is performing a PRA-designated senior management function, A does not perform the executive director function.

(9) A is appointed as the chief finance officer and an executive director at the same time. Later, A switches to being chief risk officer while remaining as an executive director.

No

Yes

The arrangements in SUP 10C.9.8R continue to apply, even though A switches between PRA-designated senior management function after the PRA's first approval.

(10) A is appointed chief risk officer and an executive director. A goes on temporary sick leave. A takes up his old job when he comes back.

No, neither on A’s first appointment nor when A comes back from sick leave.

Yes

SUP 10C.9.8R still applies on A’s return because A does not stop performing either the PRA's chief risk function or what would otherwise have been the executive director function just because A goes on temporary sick leave.

(11) A is appointed to be chairman of the governing body and chairman of the nomination committee at the same time.

No. A does not need approval to perform the chair of the nomination committee function.

Yes, on first appointment.

Being chairman of the governing body is a PRA-designated senior management function. Therefore, the answer for example (1) applies.

2(12) ‘A’ is to be appointed to perform the Head of Overseas Branch PRA-designated senior management function (SMF19) for a third-country relevant authorised person. A is also an executive director of that firm’sUKbranch.

No. A is not treated as performing the executive3director function.

Yes

A’s functions as a director will be included in the PRA controlled function.

Note: The relevant PRA rules can be found in Chapter 2 of the part of the PRA rulebook called ‘Senior Management Functions’

SUP 10C.9.10GRP
(1) The potential FCA governing functions should be recorded in A’s statement of responsibilities and in the firm'smanagement responsibilities map.(2) A potential FCA governing function means a function that would have been an FCA governing function but which is not an FCA governing function because of SUP 10C.9.8R.
SUP 10C.9.11GRP
The PRA cannot give its approval for the performance of a PRA-designated senior management function without the consent of the FCA. The firm does not need to apply to the FCA for that consent.
SUP 10C.3.2GRP
There are two types of FCA controlled function under the Act:(1) an FCA-designated senior management function; and(2) an FCA controlled function that is not a designated senior management function.
SUP 10C.3.3GRP
All the controlled functions that the FCA has specified in this chapter are designated senior management functions. The FCA has not, in this chapter, used its power to specify controlled functions that are not designated senior management functions.
SUP 10C.3.4GRP
The FCA has (in SUP 10A) specified controlled functions for relevant authorised persons that are not designated senior management functions. (See SUP 10C.1.7R to SUP 10C.1.8G (Appointed representatives)).
SUP 10C.3.5GRP
(1) Except as described in SUP 10C.3.4G, in this chapter, FCA controlled function and FCA-designated senior management function cover the same functions.(2) Therefore, a function is only covered by SUP 10C.4.3R (Table of FCA-designated senior management 2functions for relevant authorised persons) if that function meets both the following sets of requirements:(a) the requirements of SUP 10C.3.6R (Definition of FCA controlled function: arrangements); and(b) the requirements of SUP
SUP 10C.3.10RRP
Each FCA-designated senior management function is one which comes within the definition of a senior management function.
SUP 10C.3.11GRP
Section 59ZA(2) of the Act says that a function is a ‘senior management function’, in relation to the carrying on of a regulated activity by a firm, if: (1) the function will require the person performing it to be responsible for managing one or more aspects of the firm's affairs, so far as relating to the activity; and(2) those aspects involve, or might involve, a risk of serious consequences:(a) for the firm; or(b) for business or other interests in the United Kingdom.
SUP 10C.3.13RRP
If:(1) a firm appoints an individual to perform a function which, but for this rule, would be an FCA-designated senior management function;(2) the appointment is to provide cover for an SMF manager whose absence is:(a) temporary; or(b) reasonably unforeseen; and(3) the appointment is for less than 12 weeks in a consecutive 12-month period;the description of the relevant FCA-designated senior management function does not relate to those activities of that individual.
SUP 10C.3.14GRP
SUP 10C.3.13R enables cover to be given for (as an example) holidays and emergencies and avoids the need for the precautionary approval of, for example, a deputy. However, as soon as it becomes apparent that a person will be performing an FCA-designated senior management function for more than 12 weeks, the firm should apply for approval.
SUP 10C.12.9GRP
An example of when the FCA may approve an individual on a time-limited basis is where, following a sudden or unexpected departure:(1) a firm needs to fill an FCA-designated senior management function vacancy immediately; but(2) it is likely to take longer than 12 weeks to recruit a permanent replacement; and(3) there is an individual at the firm not currently approved to perform the relevant FCA-designated senior management function whom the firm and the FCA think capable of fulfilling
SUP 10C.12.31GRP
One example of a role-limited approval relates to the fact that the size, nature, scope and complexity of a firm's activities can change over time. An individual may be fit and proper to perform a senior management function at a certain firm at a point in time but the FCA may wish to re-assess that individual if the firm's situation changes.
SUP 10C.12.36GRP
An example under SUP 10C.12.35G is as follows.(1) In this example:(a) an individual is to perform an FCA-designated senior management function in an unlisted firm which currently operates only in the UK; and(b) the firm is planning a listing and a string of acquisitions which are projected to treble the size of its balance sheet and give it a global footprint over the next three years, but the candidate has never worked for an institution as large or as complex.(2) In this situation:(a)
SUP 10C.12.39GRP
(1) Another example of a limited-role approval is where:(a) a candidate is not competent to carry out all the functions that are capable of falling within the FCA-designated senior management function for which approval is sought; but(b) the candidate will be fit to carry out most of them; and(c) the firm has adequate arrangements to deal with the other aspects.(2) In such circumstances, the condition would be that the candidate does not get involved in the aspects of the role
SUP 10C.12.42GRP
Although it is not general FCA policy to use the power to give qualified approval as a probationary measure, there may be circumstances where a firm wants to appoint a candidate to perform an FCA-designated senior management function who, although fit and proper, may, in the role, be responsible for the firm's approach to dealing with particularly unusual or severe challenges in the near future. In this situation, it might be appropriate to approve the candidate subject to a time
SUP 10C.12.44GRP
The provisions in: (1) section 59 of the Act that say a firm should take reasonable care to ensure that no person performs a controlled function without approval (see SUP 10C.10.3G); and(2) section 63A of the Act, under which a person performing a controlled function without approval may be subject to a penalty (see SUP 10C.10.4G);apply not only to the performance of an FCA-designated senior management function by someone who has not been approved to perform that function but
SUP 10C.12.45GRP
Sections 59 and 63A of the Act show that failure to observe a condition does not in itself invalidate an approval. Instead, both the firm and the SMF manager may be subject to a penalty for breach of the Act. Such a failure may also:(1) involve a breach of FCArules by the firm and a breach by the SMF manager of COCON; and(2) call into question the fitness of the SMF manager.
SUP 10C.12.46GRP
For example, if an SMF manager is subject to a role-limited condition under which the SMF manager is not allowed to carry out certain specified aspects of the FCA-designated senior management function but the SMF manager goes ahead and carries out those aspects, the SMF manager's approval does not automatically come to an end. Instead, both the firm and the SMF manager may be subject to a financial penalty.
SUP 10C.14.1GRP
(1) An FCA-approved SMF manager's job may change from time to time as a result, for instance, of a change in personal job responsibilities or a firm'sregulated activities. (2) Where the changes will involve the SMF manager performing one or more FCA-designated senior management functions different from those for which approval has already been granted, an application must be made to the FCA for approval for the SMF manager to perform those FCA-designated senior management functions.(3)
SUP 10C.14.2GRP
(1) A firm should generally use Form E where an approved person is both ceasing to perform one or more controlled functions and needs to be approved in relation to one or more FCA-designated senior management functions within the same firm or group. (2) In certain cases, a firm should use Form A. (3) The details can be found in SUP 10C.10.8D to SUP 10C.10.9D.
SUP 10C.14.3GRP
If it is proposed that an FCA-approved SMF manager:(1) will no longer be performing an FCA-designated senior management function under an arrangement entered into by one firm or one of its contractors; but(2) will be performing the same or a different FCA-designated senior management function under an arrangement entered into by a new firm or one of its contractors (whether or not the new firm is in the same group as the old firm);the new firm will be required to make a fresh
SUP 10C.14.5RRP
(1) A firm must notify the FCA no later than seven business days after an FCA-approved SMF manager ceases to perform an FCA-designated senior management function.(2) It must make that notification by submitting to the FCA a completed Form C (SUP 10A Annex 6R).(3) If: (a) the firm is also making an application for approval for that approved person to perform a controlled function within the same firm or group; and(b) ceasing to perform the FCA-designated senior management function
SUP 10C.14.11GRP
(1) When a person ceases the arrangement under which they perform an FCA-designated senior management function, they will automatically cease to be an FCA-approved SMF manager in relation to that FCA-designated senior management function. (2) A person can only be an FCA-approved SMF manager in relation to a specific FCA-designated senior management function. Therefore, a person is not an FCA-approved SMF manager during any period between ceasing to perform one FCA-designated senior
SUP 10C.14.13RRP
If an FCA-approved SMF manager's title, name or national insurance number changes, the firm for which the person performs an FCA-designated senior management function must notify the FCA on Form D (SUP 10A Annex 7R), of that change within seven business days of the firm becoming aware of the matter.
SUP 10C.14.15RRP
(1) If any of the details relating to:(a) the arrangements in relation to any of a firm'sFCA-approved SMF managers; or(b) any FCA-designated senior management functions of one of its FCA-approved SMF managers;are to change, the firm must notify the FCA on Form D (SUP 10A Annex 7R).(2) The notification under (1) must be made as soon as reasonably practicable after the firm becomes aware of the proposed change.(3) This rule does not apply to anything required to be notified under
SUP 10C.10.1GRP
This section explains how a firm should apply for approval for a person to perform an FCA-designated senior management function.
SUP 10C.10.3GRP
(1) Section 59 of the Act (Approval for particular arrangements) says that a firm must take reasonable care to ensure that no one performs an FCA controlled function (including an FCA-designated senior management function) unless that person is acting in accordance with an approval given by the FCA.(2) That means that where a candidate will be performing one or more FCA-designated senior management functions, a firm must take reasonable care to ensure that the candidate does not
SUP 10C.10.4GRP
(1) If a person performs an FCA controlled function (including an FCA-designated senior management function) without approval, it is not only the firm that is accountable. Under section 63A of the Act (Power to impose penalties), if the FCA is satisfied that:(a) a person (‘P’) has at any time performed an FCA controlled function without approval; and(b) at that time P knew, or could reasonably be expected to have known, that P was performing an FCA controlled function without
SUP 10C.10.6GRP
(1) The firm that is employing the FCA candidate to perform the FCA-designated senior management function will usually make the submission itself. (SUP 10C.10.7G describes some common situations.) (2) Where a firm has outsourced the performance of an FCA-designated senior management function, the details of the outsourcing determines whom the FCA anticipates will submit the FCA-approved persons application forms.(3) The firm which is outsourcing is referred to as ‘A’ and the
SUP 10C.10.9DRP
(1) A firm must use Form E (SUP 10C Annex 3D) where an approved person is both ceasing to perform one or more controlled functions and needs to be approved in relation to one or more FCA-designated senior management function within the same firm or group. (2) A firm must not use Form E if the approved person has never before been approved to perform for any firm:(a) an FCA controlled function that is a significant influence function;(b) an FCA-designated senior management function;
SUP 10C.10.16RRP
A firm must (as part of its assessment of whether a candidate is a fit and proper person to perform an FCA-designated senior management function and to verify the information contained in the application to carry out the FCA-designated senior management function) obtain the fullest information that it is lawfully able to obtain about the candidate under Part V of the Police Act 1997 (Certificates of Criminal records, etc) and related subordinated legislation of the UK or any part
SUP 10C.10.22GRP
A firm should consider whether it should take additional steps to verify any information contained in an application to carry out an FCA-designated senior management function or that it takes into account in its assessment of whether a candidate is a fit and proper person.
SUP 10C.10.31GRP
The FCA may grant an application only if it is satisfied that the FCA candidate is a fit and proper person to perform the FCA-designated senior management function stated in the application form. Responsibility lies with the firm making the application to satisfy the FCA that the FCA candidate is fit and proper to perform the FCA-designated senior management function applied for.
SYSC 4.8.6RRP
(1) A firm must allocate each of the FCA-prescribed senior management responsibilities in rows (1) to (7) in the table in SYSC 4.8.9R to one or more SMF managers of the branch.(2) If the FCA-prescribed senior management responsibility in row (8) of the table in SYSC 4.8.9R (functions in relation to CASS) applies to a firm, the firm must allocate that FCA-prescribed senior management responsibility to one or more SMF managers of the branch.(3) A firm may not allocate an FCA-prescribed
SYSC 4.8.8GRP
The FCA-prescribed senior management responsibilities relate to the activities of the third-country relevant authorised person’sbranch in the United Kingdom.
SYSC 4.8.9RRP

Table: FCA-prescribed senior management responsibilities for third-country relevant authorised persons.

FCA-prescribed senior management responsibility in relation to the branch

Explanation

Equivalent PRA-prescribed UK branch senior management responsibility

(1) Responsibility for the firm’s performance of its obligations under the senior management regime

The senior management regime means the requirements of the regulatory system applying to relevant authorised persons insofar as they relate to SMF managers performing designated senior management functions, including SUP 10C (FCA senior management regime for approved persons in relevant authorised persons).

This responsibility includes:

(1) compliance with conditions and time limits on approval;

(2) compliance with the requirements about the statements of responsibilities (but not the allocation of responsibilities recorded in them);3

(3) compliance by the firm with its obligations under section 60A of the Act (Vetting of candidates by relevant authorised persons); and3

3(4) compliance by the firm with the requirements in SYSC 22 (Regulatory references) so far as they relate to the senior management regime, including the giving of references to another firm about an SMF manager or former SMF manager.

PRA-prescribed UK branch senior management responsibility 6.2(1)

(2) Responsibility for the firm’s performance of its obligations under the employee certification regime

The employee certification regime means the requirements of sections 63E and 63F of the Act (Certification of employees) and all other requirements of the regulatory system about the matters dealt with in those sections, including:3

3(1) SYSC 5.2 (Certification Regime);

3(2) the requirements in SYSC 22 (Regulatory references) so far as they relate to the employee certification regime, including the giving of references to another firm about a certification employee or former certification employee; and

3(3) the corresponding PRA requirements.

PRA-prescribed UK branch senior management responsibility 6.2(2)

(3) Responsibility for compliance with the requirements of the regulatory system about the management responsibilities map

This responsibility does not include allocating responsibilities recorded in it.

PRA-prescribed UK branch senior management responsibility 6.2(3)

(4) Responsibility for management of the firm’s risk management processes in the UK

PRA-prescribed UK branch senior management responsibility 6.2(4)

(5) Responsibility for the firm’s compliance with the UKregulatory system applicable to the firm

PRA-prescribed UK branch senior management responsibility 6.2(5)

(6) Responsibility for the escalation of correspondence from the PRA, FCA and other regulators4 in respect of the firm to the governing body and/or the management body of the firm or, where appropriate, of the parent undertaking or holding company of the firm’sgroup

This includes taking steps to ensure that the senior management of the firm and, where applicable, the group, are made aware of any views expressed by the regulatory bodies and any steps taken by them in relation to the branch, firm or group.

PRA-prescribed UK branch senior management responsibility 6.2(6)

(7) Local responsibility for the firm’s policies and procedures for countering the risk that the firm might be used to further financial crime

(A) This includes the function in SYSC 6.3.8R (a firm must allocate overall responsibility to a director or senior manager within the firm for the establishment and maintenance of effective anti-money laundering systems and controls), if that rule applies to the firm.

(B) The firm may allocate this FCA-prescribed senior management responsibility to the MLRO but does not have to.

(C) If the firm does not allocate this FCA-prescribed senior management responsibility to the MLRO, this FCA-prescribed senior management responsibility includes responsibility for supervision of the MLRO.

(D) Local responsibility is defined in SYSC 4.8.10R (Local responsibility for a branch’s activities, business areas and management functions).

None

(8) Local responsibility for the firm’s compliance with CASS

(A) This responsibility only applies to a firm to which CASS applies.

(B) A firm may include in this FCA-prescribed senior management responsibility whichever of the following functions apply to the firm:

(1) CASS 1A.3.1R (certain CASS compliance functions for a CASS small firm);

(2) CASS 1A.3.1AR (certain CASS compliance functions for a CASS medium firm or a CASS large firm);

(3) CASS 11.3.1R (certain CASS compliance functions for certain CASS small debt management firms); or

(4) CASS 11.3.4R (certain CASS compliance functions for a CASS large debt management firm); but it does not have to.

(C) If the firm does not include the functions in (B) in this FCA-prescribed senior management responsibility, this FCA-prescribed senior management responsibility includes responsibility for supervision of the person performing the functions in (B) that apply to the firm.

(D) Local responsibility is defined in SYSC 4.8.10R (Local responsibility for a branch’s activities, business areas and management functions).

None

SYSC 4.8.10RRP
(1) A firm must ensure that, at all times, one or more of its SMF managers has overall responsibility (subject to the branch’sgoverning body) for each of the activities, business areas and management functions of the branch that are under the management of the branch’sgoverning body.(2) A firm must ensure that, at all times, one or more of its SMF managers has responsibility for each of the activities, business areas and management functions of the branch not covered by (1).(3)
SYSC 4.8.21GRP
The FCA expects a firm to allocate all the functions in SYSC 4.8.6R (FCA-prescribed senior management responsibilities) and SYSC 4.8.10R (Local responsibility for each of the activities, business areas and management functions of the branch) to an individual and not to a legal person.
SYSC 4.8.24GRP
SYSC 4.8.23G also applies to someone who has responsibility for an FCA-prescribed senior management responsibility.
SYSC 4.8.32GRP
(1) A third-country relevant authorised person should allocate responsibility to its SMF managers for every area of the activities of its branch.(2) This is required by a mixture of: (a) SYSC 4.8.6R (FCA-prescribed senior management responsibility);(b) SYSC 4.8.10R (Local responsibility for a firm’s activities, business areas and management functions);(c) the requirements for FCA-designated senior management functions; and(d) the corresponding PRA requirements.
SUP 10A.17.2GRP
If the firm or its advisers have further questions, they should contact the FCA's Contact Centre (see SUP 10A.12.6 G).
BIPRU 7.10.14GRP
A visit will usually involve the appropriate regulator wishing to meet senior management and staff from the front office, financial control, risk management, operations, systems development, information technology and internal audit areas.
BIPRU 7.10.54GRP
For example, BIPRU 7.10.53R might involve creating and documenting a prudent incremental PRR charge for the risk not captured in the VaR model and holding sufficient capital resources against this risk. In that case the firm should hold capital resources at least equal to its capital resources requirement as increased by adding this incremental charge to the model PRR. Alternatively the firm may make valuation adjustments through its profit and loss reserves to cover this material
BIPRU 7.10.60RRP
The VaR model must be fully integrated into the daily risk management process of the firm, and serve as the basis for reporting risk exposures to senior management of the firm.
BIPRU 7.10.61GRP
A firm'sVaR model output should be an integral part of the process of planning, monitoring and controlling a firm'smarket risk profile. The VaR model should be used in conjunction with internal trading and exposure limits. The links between these limits and the VaR model should be consistent over time and understood by senior management. The firm should regard risk control as an essential aspect of the business to which significant resources need to be devoted.
BIPRU 7.10.62RRP
A firm must have a risk control unit which is independent from business trading units and which reports directly to senior management. It:(1) must be responsible for designing and implementing the firm's risk management system;(2) must produce and analyse daily reports on the output of the VaR model and on the appropriate measures to be taken in terms of the trading limits; and(3) conduct the initial and on-going validation of the VaR model.
BIPRU 7.10.63RRP
A firm'sgoverning body and senior management must be actively involved in the risk control process, and the daily reports produced by the risk control unit must be reviewed by a level of management with sufficient authority to enforce both reductions of positions taken by individual traders as well as in the firm's overall risk exposure.
BIPRU 7.10.72RRP
(1) A firm must frequently conduct a rigorous programme of stress testing. The results of these tests must be reviewed by senior management and reflected in the policies and limits the firm sets.(2) The programme must particularly address:(a) concentration risk;(b) illiquidity of markets in stressed market conditions;(c) one way markets;(d) event and jump to default risks;(e) non linearity of products;(f) deep out of the money positions;(g) positions subject to the gapping of
BIPRU 7.10.89RRP
A firm must have procedures to assess and respond to the results produced from stress testing. In particular, stress testing results must be:(1) used to evaluate its capacity to absorb such losses or identify steps to be taken to reduce risk; and(2) communicated routinely to senior management and periodically to the governing body.
BIPRU 7.10.129RRP
A firm must, no later than the number of business days after the end of each quarter specified in the VaR model permission for this purpose, submit, in respect of that quarter, a report to the appropriate regulator about the operation of the VaR model, the systems and controls relating to it and any changes to the VaR model and those systems and controls. Each report must outline as a minimum the following information in respect of that quarter:(1) methodological changes and developments
COCON 3.1.5GRP
In determining whether or not the conduct of a senior conduct rules staff member complies with rules SC1 to SC4 in COCON, factors the FCA would expect to take into account include:(1) whether they exercised reasonable care when considering the information available to them;(2) whether they reached a reasonable conclusion upon which to act;(3) the nature, scale and complexity of the firm's business;(4) their role and responsibility as determined by reference to the relevant statement
COCON 3.1.6GRP
In assessing whether a senior conduct rules staff member may have breached a rule in COCON, the nature, scale and complexity of the business and the role and responsibility of the individual undertaking the activity in question within the firm will be relevant in assessing whether that person's conduct was reasonable. For example, the smaller and less complex the business, the less detailed and extensive the systems of control need to be.
COCON 3.1.7GRP
UK domestic firms listed on the London Stock Exchange are subject to the UK Corporate Governance Code, whose internal control provisions are explained in the publication entitled ‘Internal Control: Revised Guidance for Directors on the Combined Code (October 2005)’ issued by the Financial Reporting Council. Therefore, firms in this category will be subject to that code, as well as to the rules in COCON. In forming an opinion as to whether a senior conduct rules staff member has
SUP 10C.16.6GRP
Failing to disclose relevant information to the FCA may be a criminal offence under section 398 of the Act.
SYSC 4.6.9RRP
  1. (1)

    A management responsibilities map for a branch maintained by a third-country relevant authorised person must include the matters listed in SYSC 4.5.7R, subject to the modifications in (2).

  2. (2)

    Unless the context requires otherwise, the following terms in SYSC 4.5.7R are modified as follows:

    Reference in SYSC 4.5.7R

    Modification

    firm

    treated as a reference to the branch

    governing body, management body, senior management and senior personnel

    (a) treated as a reference to the branch’sgoverning body, management body, senior management or senior personnel;

    (b) the Glossary definitions of these terms are adjusted so as to refer to the branch rather than the firm as a whole

    group

    treated as including the rest of the firm

    PRA-prescribed senior management responsibilities

    treated as a reference to PRA-prescribed UK branch senior management responsibilities

    functions allocated under SYSC 4.7.8R (Allocation of overall responsibility for a firm’s activities, business areas and management functions)

    treated as a reference to functions allocated under SYSC 4.8.10R (Local responsibility for a branch’s activities, business areas and management functions)

SYSC 4.6.13GRP
The management responsibilities map for a branch maintained by a third-country relevant authorised person should include functions that are:(1) included in a PRA controlled function under SUP 10C.9 (Minimising overlap with the PRA approved persons regime); or(2) excluded from the other local responsibility function under SUP 10C.8.1R (Exclusion for approved person with approval to perform other designated senior management functions).
SYSC 4.6.14GRP
  1. (1)

    The guidance below applies to management responsibilities maps for branches maintained by third-country relevant authorised persons, subject to the modifications in (2):

    1. (a)

      SYSC 4.5.11G to SYSC 4.5.12G (Guidance about management responsibilities maps);

    2. (b)

      SYSC 4.5.15G (Single document);

    3. (c)

      SYSC 4.5.16G to SYSC 4.5.17G (Purpose of SYSC 4 Annex 1G (The main business activities and functions of a relevant authorised person));

    4. (d)

      SYSC 4.5.18G to SYSC 4.5.20G (Contents of SYSC 4 Annex 1G (The main business activities and functions of a relevant authorised person));

    5. (e)

      SYSC 4 Annex 1G (The main business activities and functions of a relevant authorised person); and

    6. (f)

      SYSC 4.5.21G to SYSC 4.5.22G (Records).

  2. (2)

    Unless the context otherwise requires, the following terms and cross-references in the guidance in (1) are modified as follows:

    Reference in guidance in (1)

    Modification

    firm

    treated as a reference to the branch

    governing body, senior management and senior personnel

    (a) treated as a reference to the branch’sgoverning body, senior management or senior personnel;

    (b) the Glossary definitions of these terms are adjusted so as to refer to the branch rather than the firm as a whole

    other overall responsibility function

    treated as a reference to the other local responsibility function

    SYSC 4.5.5R

    treated as a reference to SYSC 4.6.7R

    SYSC 4.5.7R

    subject to modification under SYSC 4.6.9R(2)

    SYSC 4.7.8R

    treated as a reference to SYSC 4.8.10R

    the reference to SYSC 4.5.13G in SYSC 4.5.15G(5)

    treated as a reference to SYSC 4.6.29G

SYSC 4.6.18RRP
A management responsibilities map for a branch maintained by an EEA relevant authorised person must include: (1) (a) the names of all the branch’s:(i) approved persons;(ii) members of its governing body and (if different) management body who are not approved persons; (iii) senior management; and(iv) senior personnel; and(b) details of the responsibilities which they hold;(2) all responsibilities described in any current statement of responsibilities; (3) matters reserved to the
SYSC 4.6.28GRP
(1) This provision gives guidance on specific aspects of SYSC 4.6.16R and SYSC 4.6.18R.(2) A firm need only include summary details of the persons in SYSC 4.6.18R(1).(3) A branch’sSMF managers and members of its governing body or equivalent may overlap with its senior management and senior personnel. If so, the firm does not have to give the same details twice.(4) A firm should include details of individuals in addition to those in SYSC 4.6.18R(1) if they are needed to make the
SUP 15.11.12GRP
Where a firm is required to notify the FCA pursuant to2section 64C of the Act and that notification relates to an SMF manager, SUP 10C sets out how and when the notification must be made, and the relevant notification rules in SUP 10C apply.
SUP 15.11.13RRP
(1) A firm must make any notifications required pursuant to section 64C of the Act relating to a certification employee or other conduct rules staff in accordance with SUP 15.11.13R to SUP 15.11.15R.3(2) That notification must be made annually.3(3) Each notification must:3(a) cover the 12 month period ending on the last day of August; and3(b) be submitted to the FCA:3(i) within two months of the end of the reporting period; or3(ii) (if the end of the reporting period in (b)(i)
SUP 15.11.14RRP
(1) A firm other than a credit union must make each notification pursuant to SUP 15.11.13R (notifications about section 64C of the Act relating to a certification employee or other conduct rules staff) by submitting it online through the FCA’s website using the electronic system made available by the FCA for this purpose.3(2) A firm must use the version of Form H made available on the electronic system referred to in (1), which is based on the version found in SUP 15 Annex 7R.3(3)
SUP 15.11.15RRP
A credit union3 must make each notification pursuant to2SUP 15.11.13R (notifications about3section 64C of the Act relating to a certification employee or other conduct rules staff)3 in accordance with the rules and guidance in SUP 15.7, using Form H as set out in SUP 15 Annex 7R3.
COCON 1.1.2RRP
  1. (1)

    COCON applies to:

    1. (a)

      an SMF manager;

    2. (b)

      an employee (“P”) of a relevant authorised person who:

      1. (i)

        performs the function of an SMF manager;

      2. (ii)

        is not an approved person to perform the function in question; and

      3. (iii)

        is required to be an approved person at the time P performs that function; and

    3. (c)

      an employee of a relevant authorised person who would be an SMF manager but for SUP 10C.3.13R (The 12-week rule);

    4. (d)

      a certification employee employed by a relevant authorised person, even if the certification employee has not been notified that COCON applies to them or notified of the rules that apply to them;

      121
    5. (e)

      an employee of a relevant authorised person who would be a certification employee but for SYSC 5.2.27R(1) (Scope: emergency appointments) or SYSC 5.2.28AR (Scope: temporary UK role)6;

      112
    6. (f)

      any other employee of a relevant authorised person, except: 12

      2
      1. (i)

        a non-executive director other than a senior conduct rules staff member; and12

      2. (ii)

        an employee whose role is listed under COCON 1.1.2R(2); and2

        1
    7. (g)

      an FCA-approved person or PRA-approved person approved to perform a controlled function in a Solvency II firm (including a large non-directive insurer) or a small non-directive insurer4.2

  2. (2)

    For Swiss general insurers, references in this sourcebook to parts of the PRA Rulebook for ‘Solvency II firms’ are to be read as references to the corresponding parts of the PRA Rulebook applying to large non directive insurers.7COCON does not apply to an employee of a relevant authorised person who only performs functions falling within the scope of the following roles:1

    1. (a)

      receptionists;1

    2. (b)

      switchboard operators;1

    3. (c)

      post room staff;1

    4. (d)

      reprographics/print room staff;1

    5. (e)

      property/facilities management;1

    6. (f)

      events management;1

    7. (g)

      security guards;1

    8. (h)

      invoice processing;1

    9. (i)

      audio visual technicians;1

    10. (j)

      vending machine staff;1

    11. (k)

      medical staff;1

    12. (l)

      archive records management;1

    13. (m)

      drivers;1

    14. (n)

      corporate social responsibility staff;1

    15. (o)

      data controllers or processors under the Data Protection Act 1998;1

    16. (p)

      cleaners;1

    17. (q)

      catering staff;1

    18. (r)

      personal assistant or secretary;1

    19. (s)

      information technology support (ie, helpdesk); and1

    20. (t)

      human resources administrators /processors.1

  3. (3)

    COCON does not apply to approved persons approved to perform a controlled function in SUP 10A.1.15R to SUP 10A.1.16BR (appointed representatives).2

COCON 1.1.4RRP
Rules SC1 to SC4 in COCON 2.2 apply to all senior conduct rules staff members.
COCON 1.1.9RRP
(1) COCON applies to the conduct of 6conduct rules staff set out in (2) 6wherever it is performed.(2) 6This rule applies to:(a) a senior conduct rules staff member; and(b) a certification employee performing FCA-specified significant-harm function (7) (material risk takers) in the table in SYSC 5.2.30R for a UK relevant authorised person.
BIPRU 13.6.41RRP
(1) The firm must have a control unit that is responsible for the design and implementation of its CCR management system, including the initial and on-going validation of the model.(2) This unit must control input data integrity and produce and analyse reports on the output of the firm's risk measurement model, including an evaluation of the relationship between measures of risk exposure and credit and trading limits.(3) This unit must be:(a) independent from units responsible
BIPRU 13.6.44RRP
A firm'sgoverning body and senior management must be actively involved in the CCR control process and must regard this as an essential aspect of the business to which significant resources need to be devoted. Senior management must be aware of the limitations and assumptions of the model used and the impact these can have on the reliability of the output. Senior management must also consider the uncertainties of the market environment and operational issues and be aware of how
BIPRU 13.6.45RRP
A firm must ensure that the daily reports prepared on its exposures to CCR are reviewed by a level of management with sufficient seniority and authority to enforce both reductions of positions taken by individual credit managers or traders and reductions in the firm's overall CCRexposure.[Note: BCD Annex III Part 6 point 21]
BIPRU 13.6.46RRP
(1) A firm's CCR management system must be used in conjunction with internal credit and trading limits.(2) A firm must ensure that its credit and trading limits are related to its risk measurement model in a manner that is:(a) consistent over time; and(b) well understood by credit managers, traders and senior management.[Note: BCD Annex III Part 6 point 22]
BIPRU 13.6.48RRP
(1) A firm must have a routine and rigorous program of stress testing in place as a supplement to the CCR analysis based on the day-to-day output of the firm's risk measurement model.(2) The results of this stress testing must be reviewed periodically by senior management and must be reflected in the CCR policies and limits set by management and the governing body.(3) Where stress tests reveal particular vulnerability to a given set of circumstances, prompt steps must be taken
BIPRU 2.2.25GRP
(1) This paragraph applies to a small3firm whose activities are simple and primarily not credit-related.3(2) In carrying out its ICAAP it could:(a) identify and consider that firm's largest losses over the last 3 to 5 years and whether those losses are likely to recur;(b) prepare a short list of the most significant risks to which that firm is exposed;(c) consider how that firm would act, and the amount of capital that would be absorbed, in the event that each of the risks identified
BIPRU 2.2.26GRP
In relation to a firm whose activities are moderately complex, in carrying out its ICAAP, BIPRU 2.2.25 G (3) to (4) apply. In addition, it could:(1) having consulted the management in each major business line, prepare a comprehensive list of the major risks to which the business is exposed;(2) estimate, with the aid of historical data, where available, the range and distribution of possible losses which might arise from each of those risks and consider using shock stress tests
BIPRU 2.2.27GRP
(1) This paragraph applies to a proportional ICAAP in the case of a firm whose activities are complex.(2) A proportional approach to that firm'sICAAP should cover the matters identified in BIPRU 2.2.26 G, but is likely also to involve the use of models, most of which will be integrated into its day-to-day management and operation.(3) Models of the sort referred to in (2) may be linked so as to generate an overall estimate of the amount of capital that a firm considers appropriate
BIPRU 2.2.44GRP
If a firm's current available capital resources are less than the capital resources requirement indicated by the stress test that need not be a breach of BIPRU 2.2.41 R. The firm may wish to set out any countervailing effects and off-setting actions that can be demonstrated to the satisfaction of the appropriate regulator as being likely to reduce the difference referred to in the first sentence. The appropriate regulator is only likely to consider a demonstration of such actions
BIPRU 2.2.46GRP
A firm may decide to hold additional capital to mitigate any weaknesses in its overall control environment. These weaknesses might be indicated by the following:(1) a failure by a firm to complete an assessment of its systems and controls to establish whether they comply with SYSC; or(2) a failure by a firm's senior management to approve its financial results; or(3) a failure by a firm to consider an analysis of relevant internal and external information on its business and control
BIPRU 2.2.71GRP
A firm may approach its assessment of adequate capital by developing a model, including an ECM (see BIPRU 2.2.27 G), for some or all of its business risks. The assumptions required to aggregate risks modelled and the confidence levels adopted should be considered by a firm's senior management. A firm should also consider whether any relevant risks, including systems and control risks, are not captured by the model.
IFPRU 2.3.34GRP
(1) This paragraph applies to a firm that is not a significant IFPRU firm (see IFPRU 1.2.3 R) whose activities are simple and primarily not credit-related.(2) In carrying out its ICAAP it could: (a) identify and consider that firm's largest losses over the last three to five years and whether those losses are likely to recur;(b) prepare a short list of the most significant risks to which that firm is exposed;(c) consider how that firm would act, and the amount of capital that
IFPRU 2.3.36GRP
(1) This paragraph applies to a proportional ICAAP in the case of a firm that is a significant IFPRU firm (see IFPRU 1.2.3 R) whose activities are complex.(2) A proportional approach to that firm'sICAAP should cover the matters identified in IFPRU 2.3.34 G and IFPRU 2.3.35 G, but is likely also to involve the use of models, most of which will be integrated into its day-to-day management and operation.(3) Models of the kind referred to in (2) may be linked to generate an overall
IFPRU 2.3.53GRP
If a firm's current available own funds are less than the own funds requirements indicated by the stress test, that does not necessarily mean there is a breach of IFPRU 2.3.50 R. The firm may wish to set out any countervailing effects and off-setting actions that can be demonstrated to the satisfaction of the FCA as being likely to reduce that difference. The FCA is only likely to consider a demonstration of such actions as credible if those actions are set out in a capital management
IFPRU 2.3.55GRP
A firm may decide to hold additional capital to mitigate any weaknesses in its overall control environment. These weaknesses might be indicated by the following: (1) a failure by a firm to complete an assessment of its systems and controls to establish whether they comply with SYSC; or (2) a failure by a firm'ssenior management to approve its financial results; or(3) a failure by a firm to consider an analysis of relevant internal and external information on its business and control
IFPRU 2.3.68GRP
A firm may approach its assessment of adequate capital by developing a model, including an ECM (see IFPRU 2.3.36 G), for some or all of its business risks. The assumptions required to aggregate risks modelled and the confidence levels adopted should be considered by a firm'ssenior management. A firm should also consider whether any relevant risks, including systems and control risks, are not captured by the model.