Related provisions for SYSC 3.2.13

1 - 20 of 87 items.

Search Term(s)

Filter by Modules

Filter by Documents

Filter by Keywords

Effective Period

Similar To

To access the FCA Handbook Archive choose a date between 1 January 2001 and 31 December 2004 (From field only).

SYSC 3.2.1GRP
This section covers some of the main issues which a firm is expected to consider in establishing and maintaining the systems and controls appropriate to its business, as required by SYSC 3.1.1 R.
SYSC 3.2.4GRP
(1) The guidance relevant to delegation within the firm is also relevant to external delegation ('outsourcing'). A firm cannot contract out its regulatory obligations. So, for example, under Principle 3 a firm should take reasonable care to supervise the discharge of outsourced functions by its contractor.(2) A firm should take steps to obtain sufficient information from its contractor to enable it to assess the impact of outsourcing on its systems and controls.
SYSC 3.2.6RRP
A firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime.
SYSC 3.2.6ARRP
5A firm must ensure that these systems and controls:(1) enable it to identify, assess, monitor and manage money laundering risk; and(2) are comprehensive and proportionate to the nature, scale and complexity of its activities.
SYSC 3.2.6CRRP
5A firm must carry out regular assessments of the adequacy of these systems and controls to ensure that it continues to comply with SYSC 3.2.6A R.
SYSC 3.2.6EGRP
5The FSA, when considering whether a breach of its rules on systems and controls against money laundering has occurred, will have regard to whether a firm has followed relevant provisions in the guidance for the UK financial sector issued by the Joint Money Laundering Steering Group.
SYSC 3.2.6FGRP
5In identifying its money laundering risk and in establishing the nature of these systems and controls, a firm should consider a range of factors, including:(1) its customer, product and activity profiles;(2) its distribution channels;(3) the complexity and volume of its transactions;(4) its processes and systems; and(5) its operating environment.
SYSC 3.2.6GGRP
5A firm should ensure that the systems and controls include:(1) appropriate training for its employees in relation to money laundering;(2) appropriate provision of information to its governing body and senior management, including a report at least annually by that firm'smoney laundering reporting officer (MLRO) on the operation and effectiveness of those systems and controls;(3) appropriate documentation of its risk management policies and risk profile in relation to money laundering,
SYSC 3.2.6HRRP
5A firm must allocate to a director or senior manager (who may also be the money laundering reporting officer) overall responsibility within the firm for the establishment and maintenance of effective anti-money laundering systems and controls.
SYSC 3.2.6IRRP
5A firm must:(1) appoint an individual as MLRO, with responsibility for oversight of its compliance with the FSA'srules on systems and controls against money laundering; and(2) ensure that its MLRO has a level of authority and independence within the firm and access to resources and information sufficient to enable him to carry out that responsibility.
SYSC 3.2.15GRP
Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to form an audit committee. An audit committee could typically examine management's process for ensuring the appropriateness and effectiveness of systems and controls, examine the arrangements made by management to ensure compliance with requirements and standards under the regulatory system, oversee the functioning of the internal audit function (if applicable - see SYSC 3.2.16 G9)
SYSC 3.2.16GRP
9(1) Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to delegate much of the task of monitoring the appropriateness and effectiveness of its systems and controls to an internal audit function. An internal audit function should have clear responsibilities and reporting lines to an audit committee or appropriate senior manager, be adequately resourced and staffed by competent individuals, be independent of the day-to-day activities
SYSC 3.2.21GRP
A firm should have appropriate systems and controls in place to fulfil the firm's regulatory and statutory obligations with respect to adequacy, access, periods of retention and security of records. The general principle is that records should be retained for as long as is relevant for the purposes for which they are made.
REC 2.5.1UKRP
Schedule to the Recognition Requirements Regulations, paragraph 32(1)The [UK RIE] must ensure that the systems and controls used in the performance of its [relevant functions] are adequate, and appropriate for the scale and nature of its business.(2)Sub-paragraph (1) applies in particular to systems and controls concerning -(a)the transmission of information;(b)the assessment, mitigation and management of risks to the performance of the [UK RIE'srelevant functions];(c)the effecting
REC 2.5.3GRP
In assessing whether the systems and controls used by a UK recognised body in the performance of its relevant functions are adequate and appropriate for the scale and nature of its business, the FSA may have regard to the UK recognised body's:(1) arrangements for managing, controlling and carrying out its relevant functions, including: (a) the distribution of duties and responsibilities among its key individuals and the departments of the UK recognised body responsible for performing
REC 2.5.4GRP
The following paragraphs set out other matters to which the FSA may have regard in assessing the systems and controls used for the transmission of information, risk management, the effecting and monitoring of transactions, the operation of settlement arrangements (the matters covered in paragraphs 4(2)(d) and 19(2)(b) of the Schedule to the Recognition Requirements Regulations) and the safeguarding and administration of assets .
REC 2.5.6GRP
In assessing a UK recognised body's systems and controls for assessing and managing risk, the FSA may also have regard to the extent to which these systems and controls enable the UK recognised body to:(1) identify all the general, operational, legal and market risks wherever they arise in its activities;(2) measure and control the different types of risk;(3) allocate responsibility for risk management to persons with appropriate knowledge and expertise; and(4) provide sufficient,
REC 2.5.8GRP
In assessing a UK RIE's systems and controls for the effecting and monitoring of transactions, and the systems and controls used by a UK recognised body for the operation of settlement arrangements, the FSA may have regard to the totality of the arrangements and processes through which a transaction is effected, cleared and settled, including:(1) a UK RIE's arrangements under which orders are received and matched, and its arrangements for trade and transaction reporting, and (if
REC 2.5.9GRP
In assessing a UK recognised body's systems and controls for the safeguarding and administration of assets belonging to users of its facilities, the FSA may have regard to the totality of the arrangements and processes by which the UK recognised body: (1) records the assets held and the identity of the owners of (and other persons with relevant rights over) those assets; (2) records any instructions given in relation to those assets;(3) records the carrying out of those instructions;(4)
REC 2.5.12GRP
REC 2.5.13 G to REC 2.5.16 G set out the factors to which the FSA may have regard in assessing a UK recognised body's systems and controls for managing conflicts of interest.
REC 2.5.14GRP
The FSA may also have regard to the systems and controls intended to ensure that confidential information is only used for proper purposes. Where relevant, recognised bodies will have to comply with section 348 (Restrictions on disclosure of confidential information by the FSA etc.) and regulations made under section 349 (Exemptions from section 348) of the Act.
REC 2.5.17GRP
A UK recognised body's arrangements for internal and external audit will be an important part of its systems and controls. In assessing the adequacy of these arrangements, the FSA may have regard to: (1) the size, composition and terms of reference of any audit committee of the UK recognised body'sgoverning body;(2) the frequency and scope of external audit; (3) the provision and scope of internal audit; (4) the staffing and resources of the UK recognised body's internal audit
REC 2.5.18GRP
Information technology is likely to be a major component of the systems and controls used by any UK recognised body. In assessing the adequacy of the information technology used by a UK recognised body to perform or support its relevant functions, the FSA may have regard to:(1) the organisation, management and resources of the information technology department within the UK recognised body;(2) the arrangements for controlling and documenting the design, development, implementation
REC 2.5.19GRP
The FSA may also have regard to the arrangements for maintaining, recording and enforcing technical and operational standards and specifications for information technology systems, including:(1) the procedures for the evaluation and selection of information technology systems;(2) the arrangements for testing information technology systems before live operations;(3) the procedures for problem management and system change;(4) the arrangements to monitor and report system performance,
REC 2.5.20GRP
The FSA may have regard to the arrangements made to keep clear and complete audit trails of all uses of information technology systems and to reconcile (where appropriate) the audit trails with equivalent information held by system users and other interested parties.
SYSC 12.1.6GRP
The purpose of this chapter is to set out how the systems and control requirements imposed by SYSC (Senior Management Arrangements, Systems and Controls) apply where a firm is part of a group. If a firm is a member of a group, it should be able to assess the potential impact of risks arising from other parts of its group as well as from its own activities.
SYSC 12.1.7GRP
This section implements Articles 73(3) (Supervision on a consolidated basis of credit institutions) and 138 (Intra-group transactions with mixed activity holding companies) of the Banking Consolidation Directive, Article 9 of the Financial Groups Directive (Internal control mechanisms and risk management processes) and Article 8 of the Insurance Groups Directive (Intra-group transactions).
SYSC 12.1.8RRP
A firm must:(1) have adequate, sound and appropriate risk management processes and internal control mechanisms for the purpose of assessing and managing its own exposure to group risk, including sound administrative and accounting procedures; and(2) ensure that its group has adequate, sound and appropriate risk management processes and internal control mechanisms at the level of the group, including sound administrative and accounting procedures.
SYSC 12.1.9GRP
For the purposes of SYSC 12.1.8 R, the question of whether the risk management processes and internal control mechanisms are adequate, sound and appropriate should be judged in the light of the nature, scale and complexity of the group's business and of the risks that the group bears. Riskmanagement processes must include the stress testing and scenario analysis required by GENPRU 1.2.42 R and GENPRU 1.2.49R (1)(b).4
SYSC 12.1.10RRP
The internal control mechanisms referred to in SYSC 12.1.8 R must include:(1) mechanisms that are adequate for the purpose of producing any data and information which would be relevant for the purpose of monitoring compliance with any prudential requirements (including any reporting requirements and any requirements relating to capital adequacy, solvency, systems and controls and large exposures):(a) to which the firm is subject with respect to its membership of a group; or(b)
SYSC 12.1.12RRP
Where this section applies with respect to a financial conglomerate, the internal control mechanisms referred to in SYSC 12.1.8R (2) must include:(1) mechanisms that are adequate to identify and measure all material risks incurred by members of the financial conglomerate and appropriately relate capital in the financial conglomerate to risks; and(2) sound reporting and accounting procedures for the purpose of identifying, measuring, monitoring and controlling intra-group transactions
SYSC 12.1.13RRP
If this rule applies under SYSC 12.1.14 R to a firm, the firm must:(1) comply with SYSC 12.1.8R (2) in relation to any UK consolidation group or non-EEAsub-group of which it is a member, as well as in relation to its group; and(2) ensure that the risk management processes and internal control mechanisms at the level of any UK consolidation group or non-EEAsub-group of which it is a member comply with the obligations set out in the following provisions on a consolidated (or sub-consolidated)
SYSC 12.1.15RRP
In the case of a firm that:(1) is aBIPRU firm; and8(2) has a mixed-activity holding company as a parent undertaking;the risk management processes and internal control mechanisms referred to in SYSC 12.1.8 R must include sound reporting and accounting procedures and other mechanisms that are adequate to identify, measure, monitor and control transactions between the firm'sparent undertakingmixed-activity holding company and any of the mixed-activity holding company'ssubsidiary
SYSC 12.1.18GRP
Assessment of the adequacy of a group's systems and controls required by this section will form part of the FSA's risk management process.
SYSC 12.1.19GRP
The nature and extent of the systems and controls necessary under SYSC 12.1.8R (1) to address group risk will vary according to the materiality of those risks to the firm and the position of the firm within the group.
SYSC 12.1.20GRP
In some cases the management of the systems and controls used to address the risks described in SYSC 12.1.8R (1) may be organised on a group-wide basis. If the firm is not carrying out those functions itself, it should delegate them to the group members that are carrying them out. However, this does not relieve the firm of responsibility for complying with its obligations under SYSC 12.1.8R (1). A firm cannot absolve itself of such a responsibility by claiming that any breach
SYSC 12.1.21GRP
SYSC 12.1.8R (1) deals with the systems and controls that a firm should have in respect of the exposure it has to the rest of the group. On the other hand, the purpose of SYSC 12.1.8R (2) and the rules in this section that amplify it is to require groups to have adequate systems and controls. However a group is not a single legal entity on which obligations can be imposed. Therefore the obligations have to be placed on individual firms. The purpose of imposing the obligations
SYSC 12.1.22GRP
If both a firm and its parent undertaking are subject to SYSC 12.1.8R (2), the FSA would not expect systems and controls to be duplicated. In this case, the firm should assess whether and to what extent it can rely on its parent's group risk systems and controls.
APER 4.7.3ERP
Failing to take reasonable steps to implement (either personally or through a compliance department or other departments) adequate and appropriate systems of control to comply with the relevant requirements and standards of the regulatory system in respect of its regulated activities falls within APER 4.7.2 E. In the case of an approved person who is responsible, under SYSC 2.1.3 R (2) or SYSC 4.4.5 R (2)2, with overseeing the firm's obligation under SYSC 3.1.1 R or SYSC 4.1.1
APER 4.7.7ERP
Failing to take reasonable steps to ensure that procedures and systems of control are reviewed and, if appropriate, improved, following the identification of significant breaches (whether suspected or actual) of the relevant requirements and standards of the regulatory system relating to its regulated activities, falls within APER 4.7.2 E (see APER 4.7.13 G).
APER 4.7.8ERP
Behaviour of the type referred to in APER 4.7.7 E includes, but is not limited to:(1) unreasonably failing to implement recommendations for improvements in systems and procedures;(2) unreasonably failing to implement recommendations for improvements to systems and procedures in a timely manner.
APER 4.7.10ERP
In the case of an approved person performing a significant influence function responsible for compliance under SYSC 3.2.8 R, SYSC 6.1.4 R or SYSC 6.1.4A R2, failing to take reasonable steps to ensure that appropriate compliance systems and procedures are in place falls within APER 4.7.2 E (see APER 4.7.14 G).
APER 4.7.11AERP
3Where the approved person is a proprietary trader under SUP 10.9.10 R (1A), failing to maintain and comply with appropriate systems and controls in relation to that activity falls within APER 4.7.2 E.
APER 4.7.12GRP
An approved person performing a significant influence function need not himself put in place the systems of control in his business (APER 4.7.4 E). Whether he does this depends on his role and responsibilities. He should, however, take reasonable steps to ensure that the business for which he is responsible has operating procedures and systems which include well-defined steps for complying with the detail of relevant requirements and standards of the regulatory system and for
APER 4.7.13GRP
Where the approved person performing a significant influence function becomes aware of actual or suspected problems that involve possible breaches of relevant requirements and standards of the regulatory system falling within his area of responsibility, then he should take reasonable steps to ensure that they are dealt with in a timely and appropriate manner (APER 4.7.7 E). This may involve an adequate investigation to find out what systems or procedures may have failed and why.
APER 4.7.14GRP
Where independent reviews of systems and procedures have been undertaken and result in recommendations for improvement, the approved person performing a significant influence function should ensure that, unless there are good reasons not to, any reasonable recommendations are implemented in a timely manner (APER 4.7.10 E). What is reasonable will depend on the nature of the inadequacy and the cost of the improvement. It will be reasonable for the approved person performing a significant
SYSC 6.3.1RRP
A firm must ensure the policies and procedures established under SYSC 6.1.1 R include systems and controls that:1(1) enable it to identify, assess, monitor and manage money laundering risk; and(2) are comprehensive and proportionate to the nature, scale and complexity of its activities.
SYSC 6.3.3RRP
A firm must carry out a1 regular assessment of the adequacy of these systems and controls to ensure that they continue 1to comply with SYSC 6.3.1 R.11
SYSC 6.3.5GRP
The FSA, when considering whether a breach of its rules on systems and controls against money laundering has occurred, will have regard to whether a firm has followed relevant provisions in the guidance for the United Kingdom financial sector issued by the Joint Money Laundering Steering Group.1
SYSC 6.3.6GRP
In identifying its money laundering risk and in establishing the nature of these systems and controls, a firm should consider a range of factors, including:1(1) its customer, product and activity profiles;(2) its distribution channels;(3) the complexity and volume of its transactions;(4) its processes and systems; and(5) its operating environment.
SYSC 6.3.7GRP
A firm should ensure that the systems and controls include:1(1) appropriate training for its employees in relation to money laundering;(2) appropriate provision of information to its governing body and senior management, including a report at least annually by that firm'smoney laundering reporting officer (MLRO) on the operation and effectiveness of those systems and controls;(3) appropriate documentation of its risk management policies and risk profile in relation to money laundering,
SYSC 6.3.8RRP
A firm must allocate to a director or senior manager (who may also be the money laundering reporting officer) overall responsibility within the firm for the establishment and maintenance of effective anti-money laundering systems and controls.1
SYSC 6.3.9RRP
A firm (with the exception of a sole trader who has no employees)21 must:12(1) appoint an individual as MLRO, with responsibility for oversight of its compliance with the FSA'srules on systems and controls against money laundering; and(2) ensure that its MLRO has a level of authority and independence within the firm and access to resources and information sufficient to enable him to carry out that responsibility.
SYSC 13.7.1GRP
A firm should establish and maintain appropriate systems and controls for managing operational risks that can arise from inadequacies or failures in its processes and systems (and, as appropriate, the systems and processes of third party suppliers, agents and others). In doing so a firm should have regard to:(1) the importance and complexity of processes and systems used in the end-to-end operating cycle for products and activities (for example, the level of integration of systems);(2)
SYSC 13.7.2GRP
Internal documentation may enhance understanding and aid continuity of operations, so a firm should ensure the adequacy of its internal documentation of processes and systems (including how documentation is developed, maintained and distributed) in managing operational risk.
SYSC 13.7.4GRP
A firm should ensure the adequacy of its processes and systems to review external documentation prior to issue (including review by its compliance, legal and marketing departments or by appropriately qualified external advisers). In doing so, a firm should have regard to:(1) compliance with applicable regulatory and other requirements;1(2) the extent to which its documentation uses standard terms (that are widely recognised, and have been tested in the courts) or non-standard
SYSC 13.7.6GRP
A firm should establish and maintain appropriate systems and controls for the management of its IT system risks, having regard to:(1) its organisation and reporting structure for technology operations (including the adequacy of senior management oversight);(2) the extent to which technology requirements are addressed in its business strategy;(3) the appropriateness of its systems acquisition, development and maintenance activities (including the allocation of responsibilities
SYSC 13.7.7GRP
Failures in processing information (whether physical, electronic or known by employees but not recorded) or of the security of the systems that maintain it can lead to significant operational losses. A firm should establish and maintain appropriate systems and controls to manage its information security risks. In doing so, a firm should have regard to:(1) confidentiality: information should be accessible only to persons or systems with appropriate authority, which may require
SYSC 13.7.8GRP
A firm should ensure the adequacy of the systems and controls used to protect the processing and security of its information, and should have regard to established security standards such as ISO17799 (Information Security Management).
SYSC 13.7.9GRP
Operating processes and systems at separate geographic locations may alter a firm's operational risk profile (including by allowing alternative sites for the continuity of operations). A firm should understand the effect of any differences in processes and systems at each of its locations, particularly if they are in different countries, having regard to:(1) the business operating environment of each country (for example, the likelihood and impact of political disruptions or
SYSC 5.1.2GRP
A firm's systems and controls should enable it to satisfy itself of the suitability of anyone who acts for it. This includes assessing an individual's honesty and competence. This assessment should normally be made at the point of recruitment. An individual's honesty need not normally be revisited unless something happens to make a fresh look appropriate.
SYSC 5.1.8GRP
The effective segregation of duties is an important element in the internal controls of a firm in the prudential context. In particular, it helps to ensure that no one individual is completely free to commit a firm's assets or incur liabilities on its behalf. Segregation can also help to ensure that a firm'sgoverning body receives objective and accurate information on financial performance, the risks faced by the firm and the adequacy of its systems.
SYSC 5.1.9GRP
A firm should normally ensure that no single individual has unrestricted authority to do all of the following:3(1) initiate a transaction;(2) bind the firm;(3) make payments; and(4) account for it.
SYSC 5.1.10GRP
Where a firm is unable to ensure the complete segregation of duties (for example, because it has a limited number of staff), it should ensure that there are adequate compensating controls in place (for example, frequent review of an area by relevant senior managers).3
SYSC 5.1.13RRP
The systems, internal control mechanisms and arrangements established by a firm in accordance with this chapter must take into account the nature, scale and complexity of its business and the nature and range of financial services and activities 3undertaken in the course of that business.[Note:article 5(1) final paragraph of the MiFID implementing Directiveand articles 4(1) final paragraph and 5(4) of the UCITS implementing Directive]66
SYSC 5.1.14RRP
A common platform firm and a management company6 must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with this chapter, and take appropriate measures to address any deficiencies.[Note:article 5(5) of the MiFID implementing Directive and articles 4(5) of the UCITS implementing Directive]6
REC 3.16.1GRP
The purpose of REC 3.16 is to ensure that the FSA receives a copy of the UK recognised body's plans and arrangements for ensuring business continuity if there are major problems with its computer systems. The FSA does not need to be notified of minor revisions to, or updating of, the documents containing a UK recognised body's business continuity plan (for example, changes to contact names or telephone numbers).
REC 3.16.2RRP
Where a UK recognised body changes any of its plans for action in the event of a failure of any of its information technology systems resulting in disruption to the operation of its facilities, it must immediately give the FSA notice of that event, and a copy of the new plan.
REC 3.16.3RRP
Where any reserve information technology system of a UK recognised body fails in such a way that, if the main information technology system of that body were also to fail, it would be unable to operate any of its facilities during its normal hours of operation, that body must immediately give the FSA notice of that event, and inform the FSA:(1) what action that UK recognised body is taking to restore the operation of the reserve information technology system; and (2) when it is
LR 8.6.5RRP
The FSA will approve a person as a sponsor only if it is satisfied that the person :4(1) is 4an authorised person or a member of a designated professional body;(2) is 4competent to performsponsor services4; and(3) has appropriate 4systems and controls in place to ensure that it cancarry out its role as a sponsor in accordance with this chapter4.4
LR 8.6.12GRP
A sponsor will generally be regarded as having appropriate 4systems and controls if there are:4(1) clear and effective reporting lines in place (including clear and effective management responsibilities)4;(2) effective systems and controls for the appropriate4 supervision of employees providing sponsor services4;44(3) effective systems and controls to ensure its compliance with all applicable listing rules when performing sponsor services4;(4) [deleted]44(5) effective arrangements
LR 8.6.13AGRP
4A sponsor will generally be regarded as having appropriate systems and controls if it has in place effective policies and procedures:(1) to ensure that decisions taken on managing conflicts of interest are taken by appropriately senior staff and on a timely basis;(2) to monitor whether arrangements put in place to manage conflicts are effective;(3) to ensure that individuals within the sponsor are appropriately trained to enable them to identify, escalate and manage conflicts
SYSC 7.1.2RRP
A common platform firm must establish, implement and maintain adequate risk management policies and procedures, including effective procedures for risk assessment, which identify the risks relating to the firm's activities, processes and systems, and where appropriate, set the level of risk tolerated by the firm.[Note: article 7(1)(a) of the MiFID implementing Directive, article 13(5) second paragraph of MiFID]
SYSC 7.1.3RRP
A common platform firm must adopt effective arrangements, processes and mechanisms to manage the risk relating to the firm's activities, processes and systems, in light of that level of risk tolerance.[Note: article 7(1)(b) of the MiFID implementing Directive]
SYSC 7.1.10RRP
A BIPRUfirm must operate through effective systems the ongoing administration and monitoring of its various credit risk-bearing portfolios and exposures, including for identifying and managing problem credits and for making adequate value adjustments and provisions.[Note: annex V paragraph 4 of the Banking Consolidation Directive]
SYSC 7.1.15RRP
A BIPRU firm must implement systems to evaluate and manage the risk arising from potential changes in interest rates as they affect a BIPRUfirm's non-trading activities.[Note: annex V paragraph 11 of the Banking Consolidation Directive]
LR 7.2.1RRP
The Listing Principles are as follows:Principle 1A listed company must take reasonable steps to enable its directors to understand their responsibilities and obligations as directors.Principle 2A listed company must take reasonable steps to establish and maintain adequate procedures, systems and controls to enable it to comply with its obligations.Principle 3A listed company must act with integrity towards holders and potential holders of its listedequity shares.22Principle 4A
LR 7.2.2GRP
Principle 2 is intended to ensure that listed companies have adequate procedures, systems and controls to enable them to comply with their obligations under the listing rules and disclosure rules and transparency rules. In particular, the FSA considers that listed companies should place particular emphasis on ensuring that they have adequate procedures, systems and controls in relation to:(1) identifying whether any obligations arise under LR 10 (Significant transactions) and
LR 7.2.3GRP
Timely and accurate disclosure of information to the market is a key obligation of listed companies. For the purposes of Principle 2, a listed companywith a premium listing1 should have adequate systems and controls to be able to:1(1) ensure that it can properly identify information which requires disclosure under the listing rules or disclosure rules and transparency rules in a timely manner; and(2) ensure that any information identified under (1) is properly considered by the
SYSC 13.2.1GRP
SYSC 13 provides guidance on how to interpret SYSC 3.1.1 R and SYSC 3.2.6 R, which deal with the establishment and maintenance of systems and controls, in relation to the management of operational risk. Operational risk has been described by the Basel Committee on Banking Supervision as "the risk of loss, resulting from inadequate or failed internal processes, people and systems, or from external events". This chapter covers systems and controls for managing risks concerning any
REC 5.2.3AGRP
1The information required pursuant to sub-sections 287(c), (d) and (e) of the Act is:(1) a programme of operations which includes the types of business the applicant proposes to undertake and the applicant's proposed organisational structure;(2) particulars of the persons who effectively direct the business and operations of the exchange; and(3) particulars of the ownership of the exchange, and in particular the identity and scale of interests of the persons who are in a position
REC 5.2.6GRP
Under section 289 of the Act (Applications: supplementary) or (for an RAP applicant) regulation 2 of the RAP regulations,3 the FSA may require the applicant to provide additional information, and may require the applicant to verify any information in any manner. In view of their likely importance for any application, the FSA will normally wish to arrange for its own inspection of an applicant's information technology systems.
REC 5.2.14GRP
Information and supporting documentation (see REC 5.2.4 G).(1)Details of the applicant's constitution, structure and ownership, including its memorandum and articles of association (or similar or analogous documents ) and any agreements between the applicant, its owners or other persons relating to its constitution or governance (if not contained in the information listed in REC 5.2.3A G)1. An applicant for RAP status must provide details of the relationship between the governance
SYSC 4.1.1RRP
3(1) A firm must have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.8(2) 8A BIPRU firm and a third country
SYSC 4.1.10RRP
A common platform firm and a management company10 must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with SYSC 4.1.4 R to SYSC 4.1.9 R and take appropriate measures to address any deficiencies.[Note: article 5(5) of the MiFID implementing Directive and article 4(5) of the UCITS implementing Directive]10
SYSC 4.1.11GRP
Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to form an audit committee. An audit committee could typically examine management's process for ensuring the appropriateness and effectiveness of systems and controls, examine the arrangements made by management to ensure compliance with requirements and standards under the regulatory system, oversee the functioning of the internal audit function (if applicable) and provide an interface
SYSC 2.1.3RRP
A firm must appropriately allocate to one or more individuals, in accordance with SYSC 2.1.4 R, the functions of:(1) dealing with the apportionment of responsibilities under SYSC 2.1.1 R; and(2) overseeing the establishment and maintenance of systems and controls under SYSC 3.1.1 R.
SYSC 2.1.6GRP
Frequently asked questions about allocation of functions in SYSC 2.1.3 RThis table belongs to SYSC 2.1.5 GQuestionAnswer1Does an individual to whom a function is allocated under SYSC 2.1.3 R need to be an approved person?An individual to whom a function is allocated under SYSC 2.1.3 R will be performing the apportionment and oversight function (CF 8, see SUP 10.7.1 R) and an application must be made to the FSA for approval of the individual before the function is performed under
SYSC 3.1.1RRP
A firm must take reasonable care to establish and maintain such systems and controls as are appropriate to its business.
SYSC 3.1.2GRP
(1) The nature and extent of the systems and controls which a firm will need to maintain under SYSC 3.1.1 R will depend upon a variety of factors including:(a) the nature, scale and complexity of its business;(b) the diversity of its operations, including geographical diversity;(c) the volume and size of its transactions; and(d) the degree of risk associated with each area of its operation.(2) To enable it to comply with its obligation to maintain appropriate systems and controls,
SYSC 3.1.5GRP
SYSC 2.1.3 R (2) prescribes how a firm must allocate the function of overseeing the establishment and maintenance of systems and controls described in SYSC 3.1.1 R.
DEPP 6.2.1GRP
The FSA will consider the full circumstances of each case when determining whether or not to take action for a financial penalty or public censure. Set out below is a list of factors that may be relevant for this purpose. The list is not exhaustive: not all of these factors may be applicable in a particular case, and there may be other factors, not listed, that are relevant.(1) The nature, seriousness and impact of the suspected breach, including:(a) whether the breach was deliberate
DEPP 6.2.5GRP
In some cases it may not be appropriate to take disciplinary measures against a firm for the actions of an approved person (an example might be where the firm can show that it took all reasonable steps to prevent the breach). In other cases, it may be appropriate for the FSA to take action against both the firm and the approved person. For example, a firm may have breached the rule requiring it to take reasonable care to establish and maintain such systems and controls as are
SYSC 14.1.27RRP
A firm must take reasonable steps to establish and maintain adequate internal controls.
SYSC 14.1.28GRP
The precise role and organisation of internal controls can vary from firm to firm. However, a firm'sinternal controls should normally be concerned with assisting its governing body and relevant senior managers to participate in ensuring that it meets the following objectives:(1) safeguarding both the assets of the firm and its customers, as well as identifying and managing liabilities;(2) maintaining the efficiency and effectiveness of its operations;(3) ensuring the reliability
REC 4.4.1GRP
Recognised bodies may receive complaints from time to time from their members and other people, both about the conduct of members and about the recognised body itself. A UK recognised body will need to have satisfactory arrangements to investigate these complaints in order to satisfy the relevant recognition requirements (see REC 2.15 and REC 2.16) or RAP recognition requirements (see REC 2A.3.2 G).1
REC 4.4.3GRP
Where the FSA receives a complaint about a recognised body, it will, in the first instance, seek to establish whether the complainant has approached the recognised body. Where this is not the case, the FSA will ask the complainant to complain to the recognised body. Where the complainant is dissatisfied with the handling of the complaint, but has not exhausted the recognised body's own internal complaints procedures (in the case of a complaint against a UK recognised body, including