Status: Please note you should read all Brexit changes to the FCA Handbook and BTS alongside the main FCA transitional directions. Where these directions apply the 'standstill', firms have the choice between complying with the pre-IP completion day rules, or the post-IP completion day rules. To see a full list of Handbook modules affected, please see Annex B to the main FCA transitional directions.

Article 2 Control framework

The control framework that a supervised contributor is required to have in place pursuant to Article 16(1) of Regulation (EU) 2016/1011 shall include the establishment and maintenance of at least the following controls:

  1. (a)

    an effective oversight mechanism for overseeing the process for contributing input data that includes a risk management system, the identification of senior personnel who are responsible for the data contribution process and the involvement of any compliance and internal audit functions within the contributor's organisation;

  2. (b)

    a policy on whistle-blowing, including appropriate safeguards for whistle-blowers;

  3. (c)

    a procedure for detecting and managing breaches of Regulation (EU) 2016/1011 and breaches of the applicable code of conduct developed under Article 15 of that Regulation, including a procedure for investigating any detected breach and recording the actions taken as a consequence;

  4. (d)

    periodic reviews of the process for contributing data, to be conducted at least annually and whenever there is a change in the applicable code of conduct.