Related provisions for CREDS 2.2.64

1 - 20 of 21 items.
Results filter

Search Term(s)

Filter by Modules

Filter by Documents

Filter by Keywords

Effective Period

Similar To

To access the FCA Handbook Archive choose a date between 1 January 2001 and 31 December 2004 (From field only).

SYSC 13.8.3GRP
SYSC 3.2.19 G provides high level guidance on business continuity. This section provides additional guidance on managing business continuity in the context of operational risk.
SYSC 13.8.4GRP
The high level requirement for appropriate systems and controls at SYSC 3.1.1 R applies at all times, including when a business continuity plan is invoked. However, the FCA1 recognises that, in an emergency, a firm may be unable to comply with a particular rule and the conditions for relief are outlined in GEN 1.3 (Emergency).
SYSC 13.8.5GRP
A firm should consider the likelihood and impact of a disruption to the continuity of its operations from unexpected events. This should include assessing the disruptions to which it is particularly susceptible (and the likely timescale of those disruptions) including through:(1) loss or failure of internal and external resources (such as people, systems and other assets);(2) the loss or corruption of its information; and(3) external events (such as vandalism, war and "acts
SYSC 13.8.6GRP
A firm should implement appropriate arrangements to maintain the continuity of its operations. A firm should act to reduce both the likelihood of a disruption (including by succession planning, systems resilience and dual processing); and the impact of a disruption (including by contingency arrangements and insurance).
SYSC 13.8.7GRP
A firm should document its strategy for maintaining continuity of its operations, and its plans for communicating and regularly testing the adequacy and effectiveness of this strategy. A firm should establish:(1) formal business continuity plans that outline arrangements to reduce the impact of a short, medium or long-term disruption, including:(a) resource requirements such as people, systems and other assets, and arrangements for obtaining these resources;(b) the recovery
SYSC 13.8.8GRP
The use of an alternative site for recovery of operations is common practice in business continuity management. A firm that uses an alternative site should assess the appropriateness of the site, particularly for location, speed of recovery and adequacy of resources. Where a site is shared, a firm should evaluate the risk of multiple calls on shared resources and adjust its plans accordingly.
SYSC 4.1.-2GRP

21For a common platform firm:

  1. (1)

    the MiFID Org Regulation applies, as summarised in SYSC 1 Annex 1 3.2G, SYSC 1 Annex 1 3.2-AR and SYSC 1 Annex 1 3.2-BR; and

  2. (2)

    the rules and guidance apply as set out in the table below:


    Applicable rule or guidance

    General requirements

    SYSC 4.1.1R, SYSC 4.1.1CR, SYSC 4.1.2R, SYSC 4.1.2AAR

    Business continuity

    SYSC 4.1.6R, SYSC 4.1.7R, SYSC 4.1.8G

    Audit committee

    SYSC 4.1.11G, SYSC 4.1.13G, SYSC 4.1.14G

    Persons who effectively direct the business

    SYSC 4.2.1R, SYSC 4.2.2R, SYSC 4.2.3G, SYSC 4.2.4G, SYSC 4.2.5G, SYSC 4.2.6R

    Responsibility of senior personnel

    SYSC 4.3.3G

    Management body

    SYSC 4.3A.-1R to SYSC 4.3A.7R

    Nominations committee

    SYSC 4.3A.8R to SYSC 4.3A.11R





A common platform firm must take reasonable steps to ensure continuity and regularity in the performance of its regulated activities. To this end the common platform firm3 must employ appropriate and proportionate systems, resources and procedures.[Note: article 1621(4) of MiFID]
A CRR firm21 and a management company10 must establish, implement and maintain an adequate business continuity policy aimed at ensuring, in the case of an interruption to its systems and procedures, that any losses are limited, the preservation of essential data and functions, and the maintenance of its regulated activities, or, in the case of a management company, its collective portfolio management activities,10 or, where that is not possible, the timely recovery of such data
3Other firms should take account of the business continuity rules (SYSC 4.1.6 R and 4.1.7 R) as if they were guidance (and as if "should" appeared in those rules21 instead of "must") as explained in SYSC 1 Annex 1 3.3 R(1)21.5
The matters dealt with in a business continuity policy should include:(1) resource requirements such as people, systems and other assets, and arrangements for obtaining these resources;(2) the recovery priorities for the firm's operations; (3) communication arrangements for internal and external concerned parties (including the FCA21, clients and the press);(4) escalation and invocation plans that outline the processes for implementing the business continuity plans, together with
16Arrangements that are required to be put in place under SYSC 4.1.8AR26 may include any one or more of the following26:(1) entering into an arrangement with another firm that has the appropriate permissions26 to take over the management and administration of P2P agreements if the operator ceases to operate the electronic system in relation to lending and, where appropriate:26(a) obtaining prior and informed consent from lender clients to fund the continued cost of management
SYSC 13.9.4GRP
Before entering into, or significantly changing, an outsourcing arrangement, a firm should:(1) analyse how the arrangement will fit with its organisation and reporting structure; business strategy; overall risk profile; and ability to meet its regulatory obligations;(2) consider whether the agreements establishing the arrangement will allow it to monitor and control its operational risk exposure relating to the outsourcing;(3) conduct appropriate due diligence of the service
SYSC 13.9.5GRP
In negotiating its contract with a service provider, a firm should have regard to:(1) reporting or notification requirements it may wish to impose on the service provider;(2) whether sufficient access will be available to its internal auditors, external auditors or actuaries (see section 341 of the Act) and to the FCA2 (see SUP 2.3.5 R (Access to premises) and SUP 2.3.7 R (Suppliers under material outsourcing arrangements);(3) information ownership rights, confidentiality
SYSC 13.9.8GRP
A firm should ensure that it has appropriate contingency arrangements to allow business continuity in the event of a significant loss of services from the service provider. Particular issues to consider include a significant loss of resources at, or financial failure of, the service provider, and unexpected termination of the outsourcing arrangement.
The policy and procedures manual should cover all aspects of the credit union's operations, including matters such as:(1) cash handling and disbursements;(2) collection procedures;(3) lending, (see CREDS 7.1 to CREDS 7.2)5;(4) arrears management (see CREDS 7.2.9 G to CREDS 7.2.10 G);(5) provisioning5;(6) liquidity management5;(7) financial risk management5;(8) money laundering prevention (see SYSC 6.3);(9) internal audit (see CREDS 2.2.40 G to CREDS 2.2.50 G);(10) information
Guidance on business continuity is located in SYSC 4.1.6R to SYSC 4.1.8 G.[Note: As explained in SYSC 1 Annex 1.3.3G, SYSC 4.1.6R is to be read as guidance rather than as a rule, and as if "should" appeared in that provision instead of "must".]
A credit union should put in place contingency arrangements to ensure that it could continue to operate and meet its regulatory requirements in the event of an unforeseen interruption that may otherwise prevent the credit union from operating normally (for example, if there was a complete failure of IT systems or if the premises were destroyed by fire).
A firm must:(1) have in place effective business continuity arrangements to deal with any failure of its trading systems; and(2) ensure that its systems are fully tested and properly monitored to ensure that it meets the requirements of (1) and of MAR 7A.3.2R. [Note: article 17(1) of MiFID and MiFID RTS 6 specifying the organisational requirements of investment firms engaged in algorithmic trading]
A firm must provide the following, at the FCA’s request, within 14 days from receipt of the request: (1) a description of the nature of its algorithmic trading strategies; (2) details of the trading parameters or limits to which the firm’s system is subject; (3) evidence that MAR 7A.3.2R (systems and controls) and MAR 7A.3.3R (business continuity and system tests) are met; (4) details of the testing of the firm’s systems; (5) the records in MAR 7A.3.8R(2) (accurate and time-sequenced
SYSC 13.7.1GRP
A firm should establish and maintain appropriate systems and controls for managing operational risks that can arise from inadequacies or failures in its processes and systems (and, as appropriate, the systems and processes of third party suppliers, agents and others). In doing so a firm should have regard to:(1) the importance and complexity of processes and systems used in the end-to-end operating cycle for products and activities (for example, the level of integration of systems);(2)
SYSC 13.7.2GRP
Internal documentation may enhance understanding and aid continuity of operations, so a firm should ensure the adequacy of its internal documentation of processes and systems (including how documentation is developed, maintained and distributed) in managing operational risk.
SYSC 13.4.2GRP
Regarding operational risk, matters of which the FCA1 would expect notice under Principle 11 include:(1) any significant operational exposures that a firm has identified;(2) the firm's invocation of a business continuity plan; and(3) any other significant change to a firm's organisation, infrastructure or business operating environment.
MAR 9.4.1GRP
(1) 1The FCA expects to have an open, cooperative and constructive relationship with data reporting services providers to enable it to understand and evaluate data reporting services providers’ activities and their ability to meet the requirements in the DRS Regulations. As part of that relationship the FCA expects a data reporting services provider to provide it with information about any proposed restructuring, reorganisation or business expansion which could have a significant
REC 3.16.1GRP
The purpose of REC 3.16 is to ensure that the FCA1receives a copy of the UK recognised body's plans and arrangements for ensuring business continuity if there are major problems with its computer systems. The FCA1does not need to be notified of minor revisions to, or updating of, the documents containing a UK recognised body's business continuity plan (for example, changes to contact names or telephone numbers). [Note:MiFID RTS 7 requires that the operator of a trading venue assess
SYSC 4 Annex 1GRP

[Editor’s note: The text of this provision has been moved to SYSC 25 Annex 1G]4


Schedule to the Recognition Requirements Regulations, paragraphs 3 – 3H4

Paragraph 3 – Systems and controls4


The [UK RIE] must ensure that the systems and controls, including procedures and arrangements,4 used in the performance of its functions and the functions of the trading venues it operates are adequate, effective4 and appropriate for the scale and nature of its business.

7[Note: SYSC 15A contains requirements relating to the operational resilience of UK RIEs]


Sub-paragraph (1) applies in particular to systems and controls concerning -


the transmission of information;


the assessment, mitigation and management of risks to the performance of the [UK RIE'srelevant functions];


the effecting and monitoring of transactions on the [UK RIE];


the technical operation of the [UK RIE], including contingency arrangements for disruption to its facilities;


the operation of the arrangements mentioned in paragraph 4(2)(d); and


(where relevant) the safeguarding and administration of assets belonging to users of the [UK RIE's] facilities.


the resilience of its trading systems;

4[Note:MiFID RTS 7 contains requirements on the resilience of trading systems operated by trading venues that enable algorithmic trading]


the ability to have sufficient capacity to deal with peak order and message volumes;

4[Note:MiFID RTS 7 contains requirements on the adequacy of capacity of trading systems operated by trading venues that enable algorithmic trading]


the ability to ensure orderly trading under conditions of severe market stress;


the effectiveness of business continuity arrangements to ensure the continuity of the [UK RIE’s] services if there is any failure of its trading systems including the testing of the [UK RIE’s] systems and controls;


the ability to reject orders that exceed predetermined volume or price thresholds or which are clearly erroneous;


the ability to ensure algorithmic trading systems cannot create or contribute to disorderly trading conditions on trading venues operated by the [UK RIE];


the ability to ensure disorderly trading conditions which arise from the use of algorithmic trading systems, including systems to limit the ratio of unexecuted orders to transactions that may be entered into the [UK RIE’s] trading system by a member or participant are capable of being managed;

[Note:MiFID RTS 9 contains requirements on the ratio of unexecuted orders to transactions to be taken into account by a trading venue that operates electronic continuous auction order book, quote-driven or hybrid trading systems]


the ability to ensure the flow of orders is able to be slowed down if there is a risk of system capacity being reached;


the ability to limit and enforce the minimum tick size which may be executed on its trading venues; and


the requirement for members and participants to carry out appropriate testing of algorithms.

4[Note:MiFID RTS 7 contains requirements on the appropriate testing of algorithms to ensure that trading systems, when they enable algorithmic trading, cannot create or contribute to disorderly trading conditions]


For the purposes of sub-paragraph 2(c), the [UK RIE] must -


establish and maintain effective arrangements and procedures including the necessary resource for the regular monitoring of the compliance by members or participants with its rules; and


monitor orders sent including cancellations and the transactions undertaken by its members or participants under its systems in order to identify infringements of those rules, disorderly trading conditions or conduct that may indicate behavior that is prohibited under the market abuse regulation or system disruptions in relation to a financial instrument.


For the purpose of sub-paragraph (2)(o) the [UK RIE] must provide environments to facilitate such testing.


The [UK RIE] must be adequately equipped to manage the risks to which it is exposed, to implement appropriate arrangements and systems to identify all significant risks to its operation, and to put in place effective measures to mitigate those risks.

4Paragraph 3A – Market making arrangements


The [UK RIE] must -


have written agreements with all investment firms pursuing a market making strategy on trading venues operated by it (“market making agreements”);


have schemes, appropriate to the nature and scale of a trading venue, to ensure that a sufficient number of investment firms enter into such agreements which require them to post firm quotes at competitive prices with the result of providing liquidity to the market on a regular and predictable basis;


monitor and enforce compliance with the market making agreements;


inform the FCA of the content of its market making agreements; and


provide the FCA with any information it requests which is necessary for the FCA to satisfy itself that the market making agreements comply with paragraphs (c) and (d) of this sub-paragraph and sub-paragraph 2.


A market making agreement must specify-


the obligations of the investment firm in relation to the provision of liquidity;


where applicable, any obligations arising from the participation in a scheme mentioned in sub-paragraph (1)(b);


any incentives in terms of rebates or otherwise offered by the [UK RIE] to the investment firm in order for it to provide liquidity to the market on a regular and predictable basis; and


where applicable, any other rights accruing to the investment firm as a result of participation in the scheme referred to in sub-paragraph (1)(b).


For the purposes of this paragraph, an investment firm pursues a market making strategy if -


the firm is a member or participant of one or more trading venues;


the firm’s strategy, when dealing on own account, involves posting firm, simultaneous two-way quotes of comparable size at competitive prices relating to one or more financial instruments on a single trading venue, across different trading venues; and


the result is providing liquidity on a regular and frequent basis to the overall market.

4Paragraph 3B – Halting trading


The [UK RIE] must be able to -


temporarily halt or constrain trading on any trading venue operated by it if there is a significant price movement in a financial instrument on such a trading venue or a related trading venue during a short period; and


in exceptional cases be able to cancel, vary, or correct any transaction.


For the purposes of sub-paragraph (1), the [UK RIE] must ensure that the parameters for halting trading are appropriately calibrated in a way which takes into account -


the liquidity of different asset classes and subclasses;


the nature of the trading venue market model; and


the types of users,

4to ensure the parameters are sufficient to avoid significant disruptions to the orderliness of trading.


The [UK RIE] must report the parameters mentioned in sub-paragraph (2) and any material changes to those parameters to the FCA in a format to be specified by the FCA.


If a trading venue operated by the [UK RIE] is material in terms of liquidity of the trading of a financial instrument and it halts trading in the United Kingdom6 in that instrument it must have systems and procedures in place to ensure that it notifies the FCA.

4[Note:MiFID RTS 12 contains requirements for when a regulated market is material in terms of liquidity in a financial instrument for purposes of trading halt notifications]

4Paragraph 3C – Direct electronic access

4Where the [UK RIE] permits direct electronic access to a trading venue it operates, it must -



ensure that a member of, or participant in that trading venue is only permitted to provide direct electronic access to the venue if the member or participant -


an investment firm which has permission under Part 4A of the Act to carry on a regulated activity which is any of the investment services or activities;6


a qualifying credit institution that has Part 4A permission to carry on the regulated activity of accepting deposits;6


is a person who falls within regulation 30(1A) of the Financial Services and Markets Act 2000 (Markets in Financial Instruments) Regulations 2017 and has permission under Part 4A of the Act to carry on a regulated activity which is any of the investment services or activities;6


is a third country firm providing the direct electronic access in the course of exercising rights under Article 46.1 (general provisions) 6of the markets in financial instruments regulation;


is a third country firm and the provision of the direct electronic access by that firm is subject to the exclusion in Article 72 of the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001; or


is a third country firm which does not come within paragraph (iv) or (v) and is otherwise permitted to provide the direct electronic access under the Act;


ensure that appropriate criteria are set and applied for the suitability of persons to whom direct electronic access services may be provided;


ensure that a member of, or participant in, the trading venue retains responsibility for adherence to the requirements of any provisions of the law of the United Kingdom relied on by the United Kingdom before IP completion day to implement6 the markets in financial instruments directive in respect of orders and trades executed using the direct electronic access service, as those provisions have effect on IP completion day, in the case of rules made by the FCA under the Act, and as amended from time to time, in all other cases6;


set appropriate standards regarding risk controls and thresholds on trading through direct electronic access;


be able to distinguish and if necessary stop orders or trading on that trading venue by a person using direct electronic access separately from -


other orders; or


trading by the member or participant providing the direct electronic access; and


have arrangements in place to suspend or terminate the provision to a client of direct electronic access to that trading venue by a member of, or participant in, the trading venue in the case of non-compliance with this paragraph.

4[Note:MiFID RTS 7 contains requirements on direct electronic access permitted through a trading venue’s systems]

4Paragraph 3D – Co-location services


The [UK RIE’s] rules on colocation services must be transparent, fair and nondiscriminatory.

4[Note:MiFID RTS 10 contains requirements to ensure co-location services are transparent, fair and non-discriminatory]

4Paragraph 3E – Fee structures


The [UK RIE’s] fee structure, for all fees it charges including execution fees and ancillary fees and rebates it grants, must -


be transparent, fair and non-discriminatory;

4[Note:MiFID RTS 10 contains requirements to ensure fee structures are transparent, fair and non-discriminatory]


not create incentives to place, modify or cancel orders, or execute transactions, in a way which contributes to disorderly trading conditions or market abuse; and

4[Note:MiFID RTS 10 contains requirements concerning prohibited fee structures]


impose market making obligations in individual shares or suitable baskets of shares for any rebates that are granted.


Nothing in sub-paragraph (1) prevents the [UK RIE] from -


adjusting its fees for cancelled orders according to the length of time for which the order was maintained;


calibrating its fees to each financial instrument to which they apply;


imposing a higher fee -


for placing an order which is cancelled than an order which is executed;


on participants placing a high ratio of cancelled orders to executed orders; or


on a person operating a high-frequency algorithmic trading technique,

4in order to reflect the additional burden on system capacity.

4Paragraph 3F – Algorithmic trading


The [UK RIE] must require members of and participants in trading venues operated by it to flag orders generated by algorithmic trading in order for it to be able to identify the -


the different algorithms used for the creation of orders; and


the persons initiating those orders.

4Paragraph 3G – Tick size regimes


Subject to paragraph 1A, the8 [UK RIE] must adopt tick size regimes in respect of trading venues operated by it in -


shares, depositary receipts, exchange-traded funds, certificates and other similar financial instruments traded on each trading venue; and

4[Note:MiFID RTS 11 contains requirements on the tick size regime for shares, depositary receipts, exchange traded funds and certificates5]


any financial instrument for which technical standards are adopted by FCA under paragraphs 24 and 25 of Part 2 of Schedule 3 to6 the markets in financial instruments regulation8 which is traded on that trading venue.

[Note:MiFID RTS 11]


The application of tick sizes shall not prevent the [UK RIE] from matching orders that are large in scale (as determined in accordance with Article 4 of the markets in financial instruments regulation) at the mid-point within the current bid and offer prices.

[Note:MiFID RTS 11]

4 (2)

The tick size regime must -


be calibrated to reflect the liquidity profile of the financial instrument in different markets and the average bid-ask spread taking into account desirability of enabling reasonably stable prices without unduly constraining further narrowing of spreads; and


adapt the tick size for each financial instrument appropriately.


The tick size regime must comply with Commission Delegated Regulation (EU) 2017/588 of 14 July 2016 supplementing Directive 2014/65/EU of the European Parliament and of the Council with regard to regulatory technical standards on the tick size regime for shares, depositary receipts and exchange-traded funds6.

4[Note:MiFID RTS 11]

4Paragraph 3H – Syncronisation of business clocks


The [UK RIE] must synchronise the business clocks it uses to record the date and time of any reportable event in accordance with Commission Delegated Regulation (EU) 2017/574 of 7 June 2016 supplementing Directive 2014/65/EU of the European Parliament and of the Council with regard to regulatory technical standards for the level of accuracy of business clocks6.

4[Note:MiFID RTS 25]

REC 2.5.19GRP
Where MiFID RTS 7 does not apply to a UK RIE, the FCA may in addition have regard to the performance, capacity and reliability of its systems.4 The FCA3 may also have regard to the arrangements for maintaining, recording and enforcing technical and operational standards and specifications for information technology systems, including:3(1) the procedures for the evaluation and selection of information technology systems;(2) the arrangements for testing information technology systems
A contravention of a rule in SYSC 11 to 2SYSC 14, SYSC 18 to10SYSC 21,7SYSC 22.8.1R, SYSC 22.9.1R or SYSC 23 to 9SYSC 28A12 does not give rise to a right of action by a private person under section 138D of the Act (and each of those rules is specified under section 138D(3) of the Act as a provision giving rise to no such right of action). 344378
SYSC 13.6.2GRP
A firm should establish and maintain appropriate systems and controls for the management of operational risks that can arise from employees. In doing so, a firm should have regard to:(1) its operational risk culture, and any variations in this or its human resource management practices, across its operations (including, for example, the extent to which the compliance culture is extended to in-house IT staff);(2) whether the way employees are remunerated exposes the firm to the
For the purposes of this chapter an operational function is regarded as critical or important if a defect or failure in its performance would materially impair the continuing compliance of a firm (other than a common platform firm)7 with the conditions and obligations of its authorisation or its other obligations under the regulatory system, or its financial performance, or the soundness or the continuity of its relevant services and activities.7
COLL 5.7.11GRP
An authorised fund manager carrying out due diligence for the purpose of the rules in this section should make enquiries or otherwise obtain information needed to enable him properly to consider:(1) whether the experience, expertise, qualifications and professional standing of the second scheme's investment manager is adequate for the type and complexity of the second scheme;(2) the adequacy of the regulatory, legal and accounting regimes applicable to the second scheme and its
MAR 5.3A.1R applies in particular to systems and controls concerning:(1) the resilience of the firm’s trading systems;(2) its capacity to deal with peak order and message volumes;(3) the ability to ensure orderly trading under conditions of severe market stress;(4) the effectiveness of business continuity arrangements to ensure the continuity of the MTF’s services if there is any failure of its trading systems, including the testing of the MTF’s systems and controls;(5) the ability
The conditions referred to in ICOBS 8.4.4R (2)(d) and ICOBS 8.4.7R (1)(a)(ii) are that the tracing office is one which:(1) maintains a database which:(a) accurately and reliably stores information submitted to it by firms for the purposes of complying with these rules;(b) has systems which can adequately keep it up to date in the light of new information provided by firms;(c) has an effective search function which allows a person inputting data included on the database relating
SYSC 3.2.19GRP
A firm, other than a Solvency II firm,15 should have in place appropriate arrangements, having regard to the nature, scale and complexity of its business, to ensure that it can continue to function and meet its regulatory obligations in the event of unforeseen interruption. These arrangements should be regularly updated and tested to ensure their effectiveness. Solvency II firms are subject to the business continuity requirements in PRA Rulebook: Solvency II firms: Conditions
(1) The FCA3 will consider reducing the amount of a penalty if a firm will suffer serious financial hardship as a result of having to pay the entire penalty. In deciding whether it is appropriate to reduce the penalty, the FCA3 will take into consideration the firm’s financial circumstances, including whether the penalty would render the firm insolvent or threaten the firm’s solvency. The FCA3 will also take into account its statutory objectives3, for example in situations where