Related provisions for SYSC 3.2.1

REC 2.5.1UK01/08/2004

Schedule to the Recognition Requirements Regulations, paragraph 3

(1)	The [UK RIE] must ensure that the systems and controls used in the performance of its [relevant functions] are adequate, and appropriate for the scale and nature of its business.
(2)	Sub-paragraph (1) applies in particular to systems and controls concerning -
	(a)	the transmission of information;
	(b)	the assessment and management of risks to the performance of the [UK RIE's relevant functions];
	(c)	the effecting and monitoring of transactions on the [UK RIE];
	(d)	the operation of the arrangements mentioned in paragraph 4(2)(d); and
	(e)	(where relevant) the safeguarding and administration of assets belonging to users of the [UK RIE's] facilities.1

REC 2.5.3G21/06/2001

In assessing whether the systems and controls used by a UK recognised body in the performance of its relevant functions are adequate and appropriate for the scale and nature of its business, the FSA may have regard to the UK recognised body's:(1) arrangements for managing, controlling and carrying out its relevant functions, including: (a) the distribution of duties and responsibilities among its key individuals and the departments of the UK recognised body responsible for performing

REC 2.5.4G21/06/2001

The following paragraphs set out other matters to which the FSA may have regard in assessing the systems and controls used for the transmission of information, risk management, the effecting and monitoring of transactions, the operation of settlement arrangements (the matters covered in paragraphs 4(2)(d) and 19(2)(b) of the Schedule to the Recognition Requirements Regulations) and the safeguarding and administration of assets .

REC 2.5.6G21/06/2001

In assessing a UK recognised body's systems and controls for assessing and managing risk, the FSA may also have regard to the extent to which these systems and controls enable the UK recognised body to:(1) identify all the general, operational, legal and market risks wherever they arise in its activities;(2) measure and control the different types of risk;(3) allocate responsibility for risk management to persons with appropriate knowledge and expertise; and(4) provide sufficient,

REC 2.5.8G21/06/2001

In assessing a UK RIE's systems and controls for the effecting and monitoring of transactions, and the systems and controls used by a UK recognised body for the operation of settlement arrangements, the FSA may have regard to the totality of the arrangements and processes through which a transaction is effected, cleared and settled, including:(1) a UK RIE's arrangements under which orders are received and matched, and its arrangements for trade and transaction reporting, and (if

REC 2.5.9G21/06/2001

In assessing a UK recognised body's systems and controls for the safeguarding and administration of assets belonging to users of its facilities, the FSA may have regard to the totality of the arrangements and processes by which the UK recognised body: (1) records the assets held and the identity of the owners of (and other persons with relevant rights over) those assets; (2) records any instructions given in relation to those assets;(3) records the carrying out of those instructions;(4)

REC 2.5.12G21/06/2001

REC 2.5.13 G to REC 2.5.16 G set out the factors to which the FSA may have regard in assessing a UK recognised body's systems and controls for managing conflicts of interest.

REC 2.5.14G21/06/2001

The FSA may also have regard to the systems and controls intended to ensure that confidential information is only used for proper purposes. Where relevant, recognised bodies will have to comply with section 348 (Restrictions on disclosure of confidential information by the FSA etc.) and regulations made under section 349 (Exemptions from section 348) of the Act.

REC 2.5.17G21/06/2001

A UK recognised body's arrangements for internal and external audit will be an important part of its systems and controls. In assessing the adequacy of these arrangements, the FSA may have regard to: (1) the size, composition and terms of reference of any audit committee of the UK recognised body'sgoverning body;(2) the frequency and scope of external audit; (3) the provision and scope of internal audit; (4) the staffing and resources of the UK recognised body's internal audit

REC 2.5.18G21/06/2001

Information technology is likely to be a major component of the systems and controls used by any UK recognised body. In assessing the adequacy of the information technology used by a UK recognised body to perform or support its relevant functions, the FSA may have regard to:(1) the organisation, management and resources of the information technology department within the UK recognised body;(2) the arrangements for controlling and documenting the design, development, implementation

REC 2.5.19G21/06/2001

The FSA may also have regard to the arrangements for maintaining, recording and enforcing technical and operational standards and specifications for information technology systems, including:(1) the procedures for the evaluation and selection of information technology systems;(2) the arrangements for testing information technology systems before live operations;(3) the procedures for problem management and system change;(4) the arrangements to monitor and report system performance,

REC 2.5.20G21/06/2001

The FSA may have regard to the arrangements made to keep clear and complete audit trails of all uses of information technology systems and to reconcile (where appropriate) the audit trails with equivalent information held by system users and other interested parties.

SYSC 3.2.4G01/12/2001

(1) The guidance relevant to delegation within the firm is also relevant to external delegation ('outsourcing'). A firm cannot contract out its regulatory obligations. So, for example, under Principle 3 a firm should take reasonable care to supervise the discharge of outsourced functions by its contractor.(2) A firm should take steps to obtain sufficient information from its contractor to enable it to assess the impact of outsourcing on its systems and controls.

SYSC 3.2.6R01/12/2001

A firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime.

SYSC 3.2.6AR01/03/2006

5A firm must ensure that these systems and controls:(1) enable it to identify, assess, monitor and manage money laundering risk; and(2) are comprehensive and proportionate to the nature, scale and complexity of its activities.

SYSC 3.2.6CR01/03/2006

5A firm must carry out regular assessments of the adequacy of these systems and controls to ensure that it continues to comply with SYSC 3.2.6A R.

SYSC 3.2.6EG01/03/2006

5The FSA, when considering whether a breach of its rules on systems and controls against money laundering has occurred, will have regard to whether a firm has followed relevant provisions in the guidance for the UK financial sector issued by the Joint Money Laundering Steering Group.

SYSC 3.2.6FG01/03/2006

5In identifying its money laundering risk and in establishing the nature of these systems and controls, a firm should consider a range of factors, including:(1) its customer, product and activity profiles;(2) its distribution channels;(3) the complexity and volume of its transactions;(4) its processes and systems; and(5) its operating environment.

SYSC 3.2.6GG01/03/2006

5A firm should ensure that the systems and controls include:(1) appropriate training for its employees in relation to money laundering;(2) appropriate provision of information to its governing body and senior management, including a report at least annually by that firm'smoney laundering reporting officer (MLRO) on the operation and effectiveness of those systems and controls;(3) appropriate documentation of its risk management policies and risk profile in relation to money laundering,

SYSC 3.2.6HR01/03/2006

5A firm must allocate to a director or senior manager (who may also be the money laundering reporting officer) overall responsibility within the firm for the establishment and maintenance of effective anti-money laundering systems and controls.

SYSC 3.2.6IR01/03/2006

5A firm must:(1) appoint an individual as MLRO, with responsibility for oversight of its compliance with the FSA'srules on systems and controls against money laundering; and(2) ensure that its MLRO has a level of authority and independence within the firm and access to resources and information sufficient to enable him to carry out that responsibility.

SYSC 3.2.13G01/12/2001

A firm's systems and controls should enable it to satisfy itself of the suitability of anyone who acts for it.

SYSC 3.2.15G01/12/2001

Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to form an audit committee. An audit committee could typically examine management's process for ensuring the appropriateness and effectiveness of systems and controls, examine the arrangements made by management to ensure compliance with requirements and standards under the regulatory system, oversee the functioning of the internal audit function (if applicable - see SYSC 3.2.16 G)

SYSC 3.2.16G01/12/2001

Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to delegate much of the task of monitoring the appropriateness and effectiveness of its systems and controls to an internal audit function. An internal audit function should have clear responsibilities and reporting lines to an audit committee or appropriate senior manager, be adequately resourced and staffed by competent individuals, be independent of the day-to-day activities of the

SYSC 3.2.21G01/12/2001

A firm should have appropriate systems and controls in place to fulfil the firm's regulatory and statutory obligations with respect to adequacy, access, periods of retention and security of records. The general principle is that records should be retained for as long as is relevant for the purposes for which they are made.

APER 4.7.3E01/12/2001

Failing to take reasonable steps to implement (either personally or through a compliance department or other departments) adequate and appropriate systems of control to comply with the relevant requirements and standards of the regulatory system in respect of its regulated activities falls within APER 4.7.2 E. In the case of an approved person who is responsible, under SYSC 2.1.3 R (2), with overseeing the firm's obligation under SYSC 3.1.1 R, failing to take reasonable care to

APER 4.7.7E01/12/2001

Failing to take reasonable steps to ensure that procedures and systems of control are reviewed and, if appropriate, improved, following the identification of significant breaches (whether suspected or actual) of the relevant requirements and standards of the regulatory system relating to its regulated activities, falls within APER 4.7.2 E (see APER 4.7.13 G).

APER 4.7.8E01/12/2001

Behaviour of the type referred to in APER 4.7.7 E includes, but is not limited to:(1) unreasonably failing to implement recommendations for improvements in systems and procedures;(2) unreasonably failing to implement recommendations for improvements to systems and procedures in a timely manner.

APER 4.7.10E01/12/2001

In the case of an approved person performing a significant influence function responsible for compliance under SYSC 3.2.8 R, failing to take reasonable steps to ensure that appropriate compliance systems and procedures are in place falls within APER 4.7.2 E (see APER 4.7.14 G).

APER 4.7.12G01/12/2001

An approved person performing a significant influence function need not himself put in place the systems of control in his business (APER 4.7.4 E). Whether he does this depends on his role and responsibilities. He should, however, take reasonable steps to ensure that the business for which he is responsible has operating procedures and systems which include well-defined steps for complying with the detail of relevant requirements and standards of the regulatory system and for

APER 4.7.13G01/12/2001

Where the approved person performing a significant influence function becomes aware of actual or suspected problems that involve possible breaches of relevant requirements and standards of the regulatory system falling within his area of responsibility, then he should take reasonable steps to ensure that they are dealt with in a timely and appropriate manner (APER 4.7.7 E). This may involve an adequate investigation to find out what systems or procedures may have failed and why.

APER 4.7.14G01/12/2001

Where independent reviews of systems and procedures have been undertaken and result in recommendations for improvement, the approved person performing a significant influence function should ensure that, unless there are good reasons not to, any reasonable recommendations are implemented in a timely manner (APER 4.7.10 E). What is reasonable will depend on the nature of the inadequacy and the cost of the improvement. It will be reasonable for the approved person performing a significant

SYSC 13.7.1G31/12/2006

A firm should establish and maintain appropriate systems and controls for managing operational risks that can arise from inadequacies or failures in its processes and systems (and, as appropriate, the systems and processes of third party suppliers, agents and others). In doing so a firm should have regard to:(1) the importance and complexity of processes and systems used in the end-to-end operating cycle for products and activities (for example, the level of integration of systems);(2)

SYSC 13.7.2G31/12/2006

Internal documentation may enhance understanding and aid continuity of operations, so a firm should ensure the adequacy of its internal documentation of processes and systems (including how documentation is developed, maintained and distributed) in managing operational risk.

SYSC 13.7.4G31/12/2006

A firm should ensure the adequacy of its processes and systems to review external documentation prior to issue (including review by its compliance, legal and marketing departments or by appropriately qualified external advisers). In doing so, a firm should have regard to:(1) compliance with applicable regulatory and other requirements (such as COB 3 (Financial promotion));(2) the extent to which its documentation uses standard terms (that are widely recognised, and have been

SYSC 13.7.6G31/12/2006

A firm should establish and maintain appropriate systems and controls for the management of its IT system risks, having regard to:(1) its organisation and reporting structure for technology operations (including the adequacy of senior management oversight);(2) the extent to which technology requirements are addressed in its business strategy;(3) the appropriateness of its systems acquisition, development and maintenance activities (including the allocation of responsibilities

SYSC 13.7.7G31/12/2006

Failures in processing information (whether physical, electronic or known by employees but not recorded) or of the security of the systems that maintain it can lead to significant operational losses. A firm should establish and maintain appropriate systems and controls to manage its information security risks. In doing so, a firm should have regard to:(1) confidentiality: information should be accessible only to persons or systems with appropriate authority, which may require

SYSC 13.7.8G31/12/2006

A firm should ensure the adequacy of the systems and controls used to protect the processing and security of its information, and should have regard to established security standards such as ISO17799 (Information Security Management).

SYSC 13.7.9G31/12/2006

Operating processes and systems at separate geographic locations may alter a firm's operational risk profile (including by allowing alternative sites for the continuity of operations). A firm should understand the effect of any differences in processes and systems at each of its locations, particularly if they are in different countries, having regard to:(1) the business operating environment of each country (for example, the likelihood and impact of political disruptions or

SYSC 3.1.1R01/12/2001

A firm must take reasonable care to establish and maintain such systems and controls as are appropriate to its business.

SYSC 3.1.2G01/12/2001

(1) The nature and extent of the systems and controls which a firm will need to maintain under SYSC 3.1.1 R will depend upon a variety of factors including:(a) the nature, scale and complexity of its business;(b) the diversity of its operations, including geographical diversity;(c) the volume and size of its transactions; and(d) the degree of risk associated with each area of its operation.(2) To enable it to comply with its obligation to maintain appropriate systems and controls,

SYSC 3.1.5G01/12/2001

SYSC 2.1.3 R (2) prescribes how a firm must allocate the function of overseeing the establishment and maintenance of systems and controls described in SYSC 3.1.1 R.

REC 3.16.1G21/06/2001

The purpose of REC 3.16 is to ensure that the FSA receives a copy of the UK recognised body's plans and arrangements for ensuring business continuity if there are major problems with its computer systems. The FSA does not need to be notified of minor revisions to, or updating of, the documents containing a UK recognised body's business continuity plan (for example, changes to contact names or telephone numbers).

REC 3.16.2R21/06/2001

Where a UK recognised body changes any of its plans for action in the event of a failure of any of its information technology systems resulting in disruption to the operation of its facilities, it must immediately give the FSA notice of that event, and a copy of the new plan.

REC 3.16.3R21/06/2001

Where any reserve information technology system of a UK recognised body fails in such a way that, if the main information technology system of that body were also to fail, it would be unable to operate any of its facilities during its normal hours of operation, that body must immediately give the FSA notice of that event, and inform the FSA:(1) what action that UK recognised body is taking to restore the operation of the reserve information technology system; and (2) when it is

LR 7.2.1R01/07/2005

The Listing Principles are as follows:

Principle 1	A listed company must take reasonable steps to enable its directors to understand their responsibilities and obligations as directors.
Principle 2	A listed company must take reasonable steps to establish and maintain adequate procedures, systems and controls to enable it to comply with its obligations.
Principle 3	A listed company must act with integrity towards holders and potential holders of its listed equity securities.
Principle 4	A listed company must communicate information to holders and potential holders of its listed equity securities in such a way as to avoid the creation or continuation of a false market in such listed equity securities.
Principle 5	A listed company must ensure that it treats all holders of the same class of its listed equity securities that are in the same position equally in respect of the rights attaching to such listed equity securities.
Principle 6	A listed company must deal with the FSA in an open and co-operative manner.

LR 7.2.2G01/07/2005

Principle 2 is intended to ensure that listed companies have adequate procedures, systems and controls to enable them to comply with their obligations under the listing rules and disclosure rules and transparency rules. In particular, the FSA considers that listed companies should place particular emphasis on ensuring that they have adequate procedures, systems and controls in relation to:(1) identifying whether any obligations arise under LR 10 (Significant transactions) and

LR 7.2.3G01/07/2005

Timely and accurate disclosure of information to the market is a key obligation of listed companies. For the purposes of Principle 2, a listed companywith a primary listing of equity securities should have adequate systems and controls to be able to:(1) ensure that it can properly identify information which requires disclosure under the listing rules or disclosure rules and transparency rules in a timely manner; and(2) ensure that any information identified under paragraph (1)

LR 8.6.5R01/07/2005

The FSA will approve a person as a sponsor only if it is satisfied that the person is:(1) an authorised person or a member of a designated professional body;(2) competent to perform the services set out in LR 8.2, LR 8.3 and LR 8.4; and(3) has adequatesystems and controls in place to ensure that it cancarry out its role as a sponsor.

LR 8.6.12G01/07/2005

A sponsor will generally be regarded as having adequate systems and controls if there are:(1) clear and effective reporting lines;(2) effective systems and controls for the adequate supervision of employees performing any of the services set out in LR 8.2, LR 8.3 and LR 8.4;(3) effective systems and controls to ensure its compliance with all applicable listing rules when performing any of the services set out in LR 8.2, LR 8.3 or LR 8.4;(4) effective systems and controls for

SYSC 13.2.1G31/12/2006

SYSC 13 provides guidance on how to interpret SYSC 3.1.1 R and SYSC 3.2.6 R, which deal with the establishment and maintenance of systems and controls, in relation to the management of operational risk. Operational risk has been described by the Basel Committee on Banking Supervision as "the risk of loss, resulting from inadequate or failed internal processes, people and systems, or from external events". This chapter covers systems and controls for managing risks concerning any

SYSC 2.1.3R01/12/2001

A firm must appropriately allocate to one or more individuals, in accordance with SYSC 2.1.4 R, the functions of:(1) dealing with the apportionment of responsibilities under SYSC 2.1.1 R; and(2) overseeing the establishment and maintenance of systems and controls under SYSC 3.1.1 R.

SYSC 2.1.6G01/02/2004

Frequently asked questions about allocation of functions in SYSC 2.1.3 R

This table belongs to SYSC 2.1.5 G

	Question	Answer
1	Does an individual to whom a function is allocated under SYSC 2.1.3 R need to be an approved person?	An individual to whom a function is allocated under SYSC 2.1.3 R will be performing the apportionment and oversight function (CF 8, see SUP 10.7.1 R) and an application must be made to the FSA for approval of the individual before the function is performed under section 59 of the Act (Approval for particular arrangements). There are exceptions from this in SUP 10.1 (Approved persons - Application). In particular, an incoming EEA firm is referred to the EEA investment business oversight function (CF 9, see SUP 10.7.6 R).
2	If the allocation is to more than one individual, can they perform the functions, or aspects of the functions, separately?	If the functions are allocated to joint chief executives under SYSC 2.1.4 R, column 2, they are expected to act jointly. If the functions are allocated to an individual under SYSC 2.1.4 R, column 2, in addition to individuals under SYSC 2.1.4 R, column 3, the former may normally be expected to perform a leading role in relation to the functions that reflects his position. Otherwise, yes.
3	What is meant by "appropriately allocate" in this context?	The allocation of functions should be compatible with delivering compliance with Principle 3, SYSC 2.1.1 R and SYSC 3.1.1 R. The FSA considers that allocation to one or two individuals is likely to be appropriate for most firms.
4	If a committee of management governs a firm or group, can the functions be allocated to every member of that committee?	Yes, as long as the allocation remains appropriate (see Question 3).If the firm also has an individual as chief executive, then the functions must be allocated to that individual as well under SYSC 2.1.4 R, column 2 (see Question 7).
5	Does the definition of chief executive include the possessor of equivalent responsibilities with another title, such as a managing director or managing partner?	Yes.
6	Is it possible for a firm to have more than one individual as its chief executive?	Although unusual, some firm may wish the responsibility of a chief executive to be held jointly by more than one individual. In that case, each of them will be a chief executive and the functions must be allocated to all of them under SYSC 2.1.4 R, column 2 (see also Questions 2 and 7).
7	If a firm has an individual as chief executive, must the functions be allocated to that individual?	Normally, yes, under SYSC 2.1.4 R, column 2. But if the firm is a body corporate and a member of a group, the functions may, instead of to the firm's chief executive, be allocated to a director or senior manager from the group responsible for the overall management of the group or of a relevant group division, so long as this is appropriate (see Question 3). Such individuals willnevertheless require approval by the FSA (see Question 1). If the firm chooses to allocate the functions to a director or senior manager responsible for the overall management of a relevant group division, the FSA would expect that individual to be of a seniority equivalent to or greater than a chief executive of the firm for the allocation to be appropriate. See also Question 14.
8	If a firm has a chief executive, can the functions be allocated to other individuals in addition to the chief executive?	Yes. SYSC 2.1.4 R, column 3, permits a firm to allocate the functions, additionally, to the firm's (or where applicable the group's) directors and senior managers as long as this is appropriate (see Question 3).
9	What if a firm does not have a chief executive?	Normally, the functions must be allocated to one or more individuals selected from the firm's (or where applicable the group's) directors and senior managers under SYSC 2.1.4 R, column 3. But if the firm: (1) is a body corporate and a member of a group; and (2) the group has a director or senior manager responsible for the overall management of the group or of a relevant group division; then the functions must be allocated to that individual (together, optionally, with individuals from column 3 if appropriate) under SYSC 2.1.4 R, column 2.2
10	What do you mean by "group division within which some or all of the firm's regulated activities fall"?	A "division" in this context should be interpreted by reference to geographical operations, product lines or any other method by which the group's business is divided. If the firm's regulated activities fall within more than one division and the firm does not wish to allocate the functions to its chief executive, the allocation must, under SYSC 2.1.4 R, be to: (1) a director or senior manager responsible for the overall management of the group; or (2) a director or senior manager responsible for the overall management of one of those divisions; together, optionally, with individuals from column 3 if appropriate. (See also Questions 7 and 9.)
11	How does the requirement to allocate the functions in SYSC 2.1.3R apply to an overseas firm which is not an incoming EEA firm, incoming Treaty firm or UCITS qualifier?	The firm must appropriately allocate those functions to one or more individuals, in accordance with SYSC 2.1.4 R, but: (1) The responsibilities that must be apportioned and the systems and controls that must be overseen are those relating to activities carried on from a UK establishment with certain exceptions (see SYSC 1.1.7 R). Note that SYSC 1.1.10 R does not extend the territorial scope of SYSC 2 for an overseas firm. (2) The chief executive of an overseas firm is the person responsible for the conduct of the firm's business within the United Kingdom (see the definition of "chief executive"). This might, for example, be the manager of the firm's UK establishment, or it might be the chief executive of the firm as a whole, if he has that responsibility. The apportionment and oversight function applies to such a firm, unless it falls within a particular exception from the approved persons regime (see Question 1).
12	How does the requirement to allocate the functions in SYSC 2.1.3R apply to an incoming EEA firm or incoming Treaty firm?	SYSC 1.1.1 R (2) and SYSC 1.1.7 R restrict the application of SYSC 2.1.3 R for such a firm. Accordingly: (1) Such a firm is not required to allocate the function of dealing with apportionment in SYSC 2.1.3 R (1). (2) Such a firm is required to allocate the function of oversight in SYSC 2.1.3 R (2). However, the systems and controls that must be overseen are those relating to matters which the FSA, as Host State regulator, is entitled to regulate (there is guidance on this in SYSC App 1). Those are primarily, but not exclusively, the systems and controls relating to the conduct of the firm's activities carried on from its UK branch. (3) Such a firm need not allocate the function of oversight to its chief executive; it must allocate it to one or more directors and senior managers of the firm or the firm's group under SYSC 2.1.4 R, row (2). (4) An incoming EEA firm which has provision only for cross border services is not required to allocate either function if it does not carry on regulated activities in the United Kingdom; for example if they fall within the overseas persons exclusions in article 72 of the Regulated Activities Order. See also Questions 1 and 15.1
13	What about a firm that is a partnership or a limited liability partnership?	The FSA envisages that most if not all partners or members will be either directors or senior managers, but this will depend on the constitution of the partnership (particularly in the case of a limited partnership) or limited liability partnership. A partnership or limited liability partnership may also have a chief executive (see Question 5). A limited liability partnership is a body corporate and, if a member of a group, will fall within SYSC 2.1.4 R, row (1) or (2).
14	What if generally accepted principles of good corporate governance recommend that the chief executive should not be involved in an aspect of corporate governance?	The Note to SYSC 2.1.4 R provides that the chief executive or other executive director or senior manager need not be involved in such circumstances. For example, the Combined Code developed by the Committee on Corporate Governancerecommends that the board of a listed company should establish an audit committee of non-executive directors to be responsible for oversight of the audit. That aspect of the oversight function may therefore be allocated to the members of such a committee without involving the chief executive. Such individuals may require approval by the FSA in relation to that function (see Question 1).
15	What about incoming electronic commerce activities?	ECO 1.1.6 R has the effect that SYSC does not apply to an incoming ECA provider acting as such.1

SYSC 4.1.1R01/05/2002

1This chapter is relevant to every firm to the extent that the Public Interest Disclosure Act 1998 ("PIDA") applies to it.

REC 5.2.6G21/06/2001

Under section 289 of the Act (Applications: supplementary), the FSA may require the applicant to provide additional information, and may require the applicant to verify any information in any manner. In view of their likely importance for any application, the FSA will normally wish to arrange for its own inspection of an applicant's information technology systems.

REC 5.2.14G21/06/2001

Information and supporting documentation (see REC 5.2.4 G).

(1)	Details of the applicant's constitution, structure and ownership, including its memorandum and articles of association (or similar or analogous documents ) and any agreements between the applicant, its owners or other persons relating to its constitution or governance.
(2)	Details of all business to be conducted by the applicant, whether or not a regulated activity.
(3)	Details of the facilities which the applicant plans to operate, including details of the trading platform, settlement arrangements, clearing services and custody services which it plans to supply.
(4)	Copies of the last three annual reports and accounts and, for the current financial year, quarterly management accounts.
(5)	Details of its business plan for the first three years of operation as a UK recognised body.
(6)	A full organisation chart and a list of the posts to be held by key individuals (with details of the duties and responsibilities) and the names of the persons proposed for these appointments when these names are available.
(7)	Details of its auditors, bankers, solicitors and any persons providing corporate finance advice or similar services (such as reporting accountants) to the applicant.
(8)	Details of any relevant functions to be outsourced or delegated, with copies of relevant agreements.
(9)	Details of information technology systems and of arrangements for their supply, management, maintenance and upgrading, and security.
(10)	Details of all plans to minimise disruption to operation of its facilities in the event of the failure of its information technology systems.
(11)	Details of internal systems for financial control, arrangements for risk management and insurance arrangements to cover operational and other risks.
(12)	Details of its arrangements for managing any counterparty risks, including details of margining systems, guarantee funds and insurance arrangements.
(13)	Details of internal arrangements to safeguard confidential or privileged information and for handling conflicts of interest.
(14)	Details of arrangements for complying with the notification rules and other requirements to supply information to the FSA.
(15)	Details of the arrangements to be made for monitoring and enforcing compliance with its rules and with its clearing, settlement and default arrangements.
(16)	A summary of the legal due diligence carried out in relation to ascertaining the enforceability of its rules (including default rules)and arrangements for margin against any of its members based outside the United Kingdom, and the results and conclusions reached.
(17)	Details of the procedures to be followed for declaring a member in default, and for taking action after that event to close out positions, protect the interests of other members and enforce its default rules.
(18)	Details of membership selection criteria, rules and procedures.
(19)	Details of arrangements for recording transactions effected by, or cleared through, its facilities.
(20)	Details of arrangements for detecting financial crime and market abuse , including arrangements for complying with money laundering law.
(21)	Details of criteria, rules and arrangements for selecting specified investments to be admitted to trading on (or cleared by) an RIE, or to be cleared by an RCH and, where relevant, details of how information regarding specified investments will be disseminated to users of its facilities.
(22)	Details of arrangements for cooperating with the FSA and other appropriate authorities, including draft memoranda of understanding or letters.
(23)	Details of the procedures and arrangements for making and amending rules, including arrangements for consulting on rule changes.
(24)	Details of disciplinary and appeal procedures, and of the arrangements for investigating complaints.

SYSC 14.1.27R31/12/2006

A firm must take reasonable steps to establish and maintain adequate internal controls.

SYSC 14.1.28G31/12/2006

The precise role and organisation of internal controls can vary from firm to firm. However, a firm'sinternal controls should normally be concerned with assisting its governing body and relevant senior managers to participate in ensuring that it meets the following objectives:(1) safeguarding both the assets of the firm and its customers, as well as identifying and managing liabilities;(2) maintaining the efficiency and effectiveness of its operations;(3) ensuring the reliability

REC 2.2.6G21/06/2001

In determining whether the UK recognised body meets the recognition requirement in Regulation 6(3), the FSA may have regard to whether that body has ensured that the person who performs that function on its behalf:(1) has sufficient resources to be able to perform the function (after allowing for any other activities);(2) has adequate systems and controls to manage that function and to report on its performance to the UK recognised body;(3) is managed by persons of sufficient

REC 2.2.7G21/06/2001

In determining whether a UK recognised body continues to satisfy the recognition requirements where it has made arrangements for any function to be performed on its behalf by any person , the FSA may have regard, in addition to any of the matters described in the appropriate section of this chapter, to the arrangements made to exercise control over the performance of the function, including:(1) the contracts (and other relevant documents) between the UK recognised body and the

SYSC 13.8.2G31/12/2006

A firm should establish and maintain appropriate systems and controls for the management of the risks involved in expected changes, such as by ensuring:(1) the adequacy of its organisation and reporting structure for managing the change (including the adequacy of senior management oversight);(2) the adequacy of the management processes and systems for managing the change (including planning, approval, implementation and review processes); and(3) the adequacy of its strategy

SYSC 13.8.4G31/12/2006

The high level requirement for appropriate systems and controls at SYSC 3.1.1 R applies at all times, including when a business continuity plan is invoked. However, the FSA recognises that, in an emergency, a firm may be unable to comply with a particular rule and the conditions for relief are outlined in GEN 1.3 (Emergency).

SYSC 13.9.4G31/12/2006

Before entering into, or significantly changing, an outsourcing arrangement, a firm should:(1) analyse how the arrangement will fit with its organisation and reporting structure; business strategy; overall risk profile; and ability to meet its regulatory obligations;(2) consider whether the agreements establishing the arrangement will allow it to monitor and control its operational risk exposure relating to the outsourcing;(3) conduct appropriate due diligence of the service

SYSC 13.9.7G31/12/2006

In some circumstances, a firm may find it beneficial to use externally validated reports commissioned by the service provider, to seek comfort as to the adequacy and effectiveness of its systems and controls. The use of such reports does not absolve the firm of responsibility to maintain other oversight. In addition, the firm should not normally have to forfeit its right to access, for itself or its agents, to the service provider's premises.

COND 2.4.2G31/12/2004

(1) Threshold condition 4 (Adequate resources), requires the FSA to ensure that a firm has adequate resources in relation to the specific regulated activity or regulated activities which it seeks to carry on, or carries on.(2) In this context, the FSA will interpret the term 'adequate' as meaning sufficient in terms of quantity, quality and availability, and 'resources' as including all financial resources, non-financial resources and means of managing its resources; for example,

COND 2.4.4G31/12/2006

(1) When assessing whether a firm will satisfy and continue to satisfy threshold condition 4, the FSA will have regard to all relevant matters, whether arising in the United Kingdom or elsewhere.(2) Relevant matters may include but are not limited to:(a) whether there are any indications that the firm may have difficulties if the application is granted (see COND 2.4.6 G), at the time of the grant or in the future, in complying with any of the FSA'sprudential rules (see the relevant

Related provisions for SYSC 3.2.1

Search Term(s)

Filter by Topics

Filter by Modules

Filter by Documents

Filter by Keywords

Effective Period

Similar To

Schedule to the Recognition Requirements Regulations, paragraph 3

Frequently asked questions about allocation of functions in SYSC 2.1.3 R

Information and supporting documentation (see REC 5.2.4 G).