Reset to Today

To access the FCA Handbook Archive choose a date between 1 January 2001 and 31 December 2004.

Content Options:

Content Options

View Options:

Alternative versions

  1. Point in time
    2005-04-06

PRU 1.1 to follow

to follow

PRU 1.2 1 Adequacy of financial resources

Application

PRU 1.2.1 R

This section applies to an insurer unless PRU 1.2.7 R applies.

PRU 1.2.2 R
  1. (1)

    In relation to liquidity risk only, this section applies to a firm in PRU 1.2.3 R unless PRU 1.2.7 R applies.

  2. (2)

    Liquidity risk includes the systems, processes and resources required by this section in respect of liquidity risk.

PRU 1.2.3 R

The firms referred to in PRU 1.2.2 R (1) are:

  1. (1)

    a building society;

  2. (2)

    a bank or an own account dealer (other than a venture capital firm) that is a UK firm;

  3. (3)

    an incoming EEA firm which:

    1. (a)

      is a full BCD credit institution; and

    2. (b)

      has a branch in the United Kingdom;

  4. (4)

    an overseas firm which is a bank or an own account dealer (other than a venture capital firm) but which is not:

    1. (a)

      an incoming EEA firm; or

    2. (b)

      a lead-regulated firm;

  5. (5)

    an overseas firm which:

    1. (a)

      is a bank;

    2. (b)

      is a lead-regulated firm;

    3. (c)

      is not an incoming EEA firm; and

    4. (d)

      has a branch in the United Kingdom.

PRU 1.2.4 R

For a firm described in PRU 1.2.3 R (3) or PRU 1.2.3 R (5), this section applies only with respect to the branch.

PRU 1.2.5 R

This section applies to an incoming EEA firm only to the extent that the relevant matter is not reserved by the relevant Single Market Directive to the firm's Home State regulator.

PRU 1.2.6 R

If a firm carries on:

  1. (1)

    long-term insurance business; and

  2. (2)

    general insurance business;

this section applies separately to each type of business.

PRU 1.2.7 R

This section does not apply to:

  1. (1)

    a non-directive friendly society; or

  2. (2)

    a Swiss general insurer; or

  3. (3)

    an EEA-deposit insurer; or

  4. (4)

    a UCITS qualifier; or

  5. (5)

    an ICVC; or

  6. (6)

    an incoming EEA firm (unless PRU 1.2.3 R applies); or

  7. (7)

    an incoming Treaty firm.

PRU 1.2.8 G

The guidance in PRU 1.2 is drafted with respect to a firm to which PRU 1.2 and the other provisions of PRU referred to in PRU 1.2 apply in full. The guidance in PRU 1.2 is also applicable to a firm that falls into PRU 1.2.2 R. However the guidance in PRU 1.2, as it applies to such a firm, should be read accordingly. In particular, the guidance in PRU 1.2 only applies to such a firm in respect of liquidity risk.

PRU 1.2.9 G

In the case of an incoming EEA firm that is a full BCD credit institution and of an overseas firm that is a lead-regulated firm, PRU 1.2 only applies to its United Kingdom branch. However, as a branch is not itself a legal entity separate from the rest of a firm, this restriction does not mean that the rest of the firm can necessarily be left out of account when considering compliance with PRU 1.2. For example, the availability of the branch's liquidity resources may be affected by general liquidity problems in the firm. Likewise, there may be liquidity resources elsewhere in the firm that are available to meet liquidity problems in the branch.

PRU 1.2.10 G

One factor that may affect the degree to which it is necessary to take into account the firm as a whole is the extent to which the firm manages the liquidity of the branch on an autonomous basis, or includes the branch within integrated liquidity management of the firm as a whole. In the latter case, for instance, the requirement in PRU 1.2.35 R to carry out scenario analyses may be satisfied by the firm meeting similar requirements set by the regulator in its home country in respect of the firm as whole, provided that the firm separately identifies the impacts on the United Kingdom branch of the scenarios analysed. However, in the case of a full BCD credit institution, the application of PRU 1.2 is further restricted by PRU 1.2.5 R.

PRU 1.2.11 G

The scope of application of PRU 1.2 is not restricted to firms that are subject to the relevant EC Directives. It applies, for example, to pure reinsurers.

PRU 1.2.12 G

The adequacy of a firm's financial resources needs to be assessed in relation to all the activities of the firm and the risks to which they give rise.

PRU 1.2.13 G

The requirements in PRU 1.2 apply to a firm on a solo basis.

Purpose

PRU 1.2.14 G

This section amplifies Principle 4, under which a firm must maintain adequate financial resources. It is concerned with the adequacy of the financial resources which a firm needs to hold in order to be able to meet its liabilities as they fall due. These resources include both capital and liquidity resources. PRU 2 sets out provisions relating to the adequacy of capital resources. PRU 5 contains provisions relating to liquidity.

PRU 1.2.15 G

This section therefore introduces rules requiring a firm to identify and assess risks to its being able to meet its liabilities as they fall due, how it intends to deal with those risks, and the amount and nature of financial resources the firm considers necessary. These assessments should be documented so that they can be easily reviewed by the FSA as part of the FSA's assessment of the adequacy of capital resources.

PRU 1.2.16 G

This section also introduces rules requiring a firm to carry out appropriate stress tests and scenario analyses for the risks it has previously identified and to establish the amount of financial resources needed in each of the circumstances and events considered in carrying out the stress tests and scenario analyses.

PRU 1.2.17 G

The adequacy of a firm's capital resources needs to be assessed both by the firm and the FSA. This is done, by the FSA, through comparing the firm's capital resource requirements with its capital resources and by review of a firm's processes and systems for assessing capital needs, the results of the firm's assessments, and other information available to the FSA on the risks faced by the firm.

Outline of other related provisions

PRU 1.2.18 G

PRU 2.1 sets out the minimum capital resources requirements for a firm. PRU 2.2 sets out how capital resources are defined and measured for the purpose of meeting the requirements of PRU 2.1.

PRU 1.2.19 G

PRU 2.3 sets out detailed guidance on how firms could assess the adequacy of their capital resources both to comply with the rules set out in this section and to enable the FSA to assess better whether the minimum capital resources requirements of PRU 2.1 are appropriate. The more thorough, objective, and prudent a firm's capital assessment is and can be demonstrated as being, the more reliance the FSA will be able to place on the results of that assessment. The FSA will consider the appropriateness of the firm's capital assessment to establish the level of capital resources the firm needs. This may result in the FSA's assessment of a firm's capital resources needs being lower or higher than would otherwise be the case.

PRU 1.2.20 G

PRU 5.1 sets out general systems and controls provisions for liquidity risk.

PRU 1.2.21 G

PRU 1.4 sets out rules and guidance on the establishment and maintenance of systems and controls.

Main Requirements

PRU 1.2.22 R

A firm must at all times maintain overall financial resources, including capital resources and liquidity resources, which are adequate, both as to amount and quality, to ensure that there is no significant risk that its liabilities cannot be met as they fall due.

PRU 1.2.23 G

The liabilities referred to in PRU 1.2.22 R include contingent and prospective liabilities that a firm has potentially incurred. It therefore excludes liabilities that might arise from transactions that a firm has not entered into and which it could avoid, for example, by ceasing to trade. It includes liabilities or costs that arise as a consequence of strategies other than continuing as a going concern. It also includes claims that could be made against a firm, which ought to be paid in accordance with fair treatment of customers, even if such claims could not be legally enforced.

PRU 1.2.24 G

A firm should therefore make its assessment of adequate financial resources on realistic valuation bases for assets and liabilities taking into account the actual amounts and timing of cash flows under realistic adverse projections. This does not require a firm to hold financial resources sufficient to ensure that any particular margin of financial resources is maintained under such adverse projections.

PRU 1.2.25 G

Risks may be addressed through holding capital to absorb losses that unexpectedly materialise. The ability to pay liabilities as they fall due also requires liquidity. Therefore, in assessing the adequacy of a firm's financial resources, both capital and liquidity needs should be considered. PRU 5.1.86 E is an evidential provision relating to PRU 1.2.22 R concerning contingency funding plans. A firm should also consider the quality of its financial resources such as the loss-absorbency of different types of capital and the time required to liquidate different types of asset.

PRU 1.2.26 R

A firm must carry out regular assessments of the adequacy of its financial resources using processes and systems which comply with PRU 1.2.27 R.

PRU 1.2.27 R

The processes and systems required by PRU 1.2.26 R must be proportionate to the nature, scale and complexity of the firm's activities.

PRU 1.2.28 G

PRU 1.2.27 R amplifies the requirement in SYSC 3.2.6 R.

PRU 1.2.29 G

The processes and systems are required for a firm's internal assessment of the adequacy of its financial resources. The appropriateness of the internal process, and the degree of involvement of senior management in the process, will be taken into account by the FSA when reviewing a firm's assessment as part of the FSA's own assessment of the adequacy of a firm's financial resources. The processes and systems should ensure that the assessment of the adequacy of a firm's financial resources is reported to its senior management as often as is necessary. In addition, a firm would be expected to reassess the adequacy of its financial resources should the firm experience some material change to the nature or scale of its activities.

PRU 1.2.30 G

The assessments undertaken by firms in run-off may not need to be as comprehensive or frequent compared to a firm not in run off since this may better reflect the reduced nature and complexity of its business and reduced access to new capital. Whilst a firm in run-off will still need to carefully monitor the progress of the run off, a more comprehensive assessment may only be appropriate on commencement of the run off or when considering a reduction in capital through the payment of a dividend or other capital distribution or if the firm's circumstances change materially.

PRU 1.2.31 R

The processes and systems required by PRU 1.2.26 R must enable the firm to identify the major sources of risk to its ability to meet its liabilities as they fall due, including the major sources of risk in each of the following categories:

  1. (1)

    credit risk;

  2. (2)

    market risk;

  3. (3)

    liquidity risk;

  4. (4)

    operational risk; and

  5. (5)

    insurance risk.

PRU 1.2.32 G

In PRU 1.2.31 R:

  1. (1)

    operational risk refers to the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events; and

  2. (2)

    insurance risk refers to the inherent uncertainties as to the occurrence, amount and timing of insurance liabilities.

PRU 1.2.33 R

The processes and systems required by PRU 1.2.26 R must enable the firm to carry out an assessment of how it intends to deal with each of the major sources of risk identified in accordance with PRU 1.2.31 R.

PRU 1.2.34 G

Certain risks such as systems and controls weaknesses may not be adequately addressed by, for example, holding additional capital and a more appropriate response would be to rectify the weakness. In such circumstances, the amount of financial resources required to address these risks, which may not be adequately addressed by holding additional capital, will be zero. However, a firm must, in accordance with PRU 1.2.37 R, document the approaches taken to manage these risks.

PRU 1.2.35 R

For each of the major sources of risk identified in accordance with PRU 1.2.31 R, the firm must carry out stress tests and scenario analyses that are appropriate to the nature of those major sources of risk, as part of which the firm must:

  1. (1)

    take reasonable steps to identify an appropriate range of realistic adverse circumstances and events in which the risk identified crystallises; and

  2. (2)

    estimate the financial resources the firm would need in each of the circumstances and events considered in order to be able to meet its liabilities as they fall due.

PRU 1.2.36 G

Stress tests and scenario analyses should be carried out at least annually. A firm should, however, consider whether the nature of the major sources of risks identified by it in accordance with PRU 1.2.31 R and their possible impact on its financial resources suggest that such tests and analyses should be carried out more frequently. For instance, a sudden change in the economic outlook may prompt a firm to revise the parameters of some of its stress tests and scenario analyses. Similarly, if a firm has recently become exposed to a particular sectoral concentration, it may wish to add some stress tests and scenario analyses in order to reflect that concentration. PRU 5.1.61 E is an evidential provision relating to PRU 1.2.35 R concerning scenario analysis in relation to liquidity risk.

PRU 1.2.37 R

A firm must make a written record of its assessment of the adequacy of its financial resources, including:

  1. (1)

    the major sources of risk identified in accordance with PRU 1.2.31 R;

  2. (2)

    how it intends to deal with those risks; and

  3. (3)

    details of the stress tests and scenario analyses carried out and the resulting financial resources estimated to be required in accordance with PRU 1.2.35 R.

PRU 1.2.38 R

A firm must retain the records of its assessment of the adequacy of its financial resources for at least three years.

PRU 1.2.39 G

Where a firm follows the guidance set out in PRU 2.3.35 G to PRU 2.3.48 G and assesses the adequacy of the capital resources requirement (CRR) in its particular circumstances as a basis for deciding what financial resources are adequate, it should include this in the documentation produced in accordance with PRU 1.2.37 R.

Stress tests and scenario analyses

PRU 1.2.40 G

A large part of the process of managing a firm is based on an understanding of the expected outcomes of its business operations and outside events and the normal variation about these expected outcomes. To gain a comprehensive view of the risks being run by a firm, an analysis of extreme events is also needed. Such analysis may take the form of stress tests and scenario analyses. For example, a firm may normally expect interest rates to increase or decrease by 1 or 2 percentage points due to normal variations in economic conditions. However, in some extreme circumstances, interest rates may change by a much greater amount. The use of stress tests and scenario analyses can give a firm's management a better understanding of the firm's true exposure in extreme circumstances.

PRU 1.2.41 G

Stress testing typically refers to shifting the values of individual parameters that affect the financial position of a firm and determining the effect on the firm's business.

PRU 1.2.42 G

Scenario analysis typically refers to a wider range of parameters being varied at the same time. Scenario analyses often examine the impact of catastrophic events on the firm's financial position, for example, simultaneous movements in a number of risk categories affecting all of a firm's business operations such as business volumes, investment values and interest rate movements.

PRU 1.2.43 G

Scenarios generally could also be considered under three broad categories. For example, changes to the business plan, scenarios that involve changes in business cycles and those relating to extreme events. The scenarios can be derived in a variety of ways including stochastic models, analysis of historic experience or a repetition of an historical event. Scenarios can be developed with varying degrees of precision and depth.

PRU 1.2.44 G

Both stress tests and scenario analyses can be undertaken by firms to further a better understanding of the vulnerabilities that they face under extreme conditions. They are based on the analysis of the impact of unlikely, but not impossible, events. These events can be financial, operational, legal or relate to any other risk that might have an economic impact on the firm.

PRU 1.2.45 G

PRU 1.2.35 R requires a firm, as part of carrying out stress tests and scenario analyses, to take reasonable steps to identify an appropriate range of realistic circumstances and events in which a risk would crystallise. In particular:

  1. (1)

    a firm need only carry out stress tests and scenario analyses in so far as the circumstances or events are reasonably foreseeable, that is to say, their occurrence is not too remote a possibility; and

  2. (2)

    a firm should also take into account the relative costs and benefits of carrying out the stress tests and scenario analyses in respect of the circumstances and events identified.

PRU 1.2.46 G

The purpose of stress tests and scenario analyses is to test the adequacy of overall financial resources. Scenarios need only be identified, and their impact assessed, in so far as this facilitates that purpose. In particular, the nature, depth and detail of the analysis depend, in part, upon the firm's capital strength and the robustness of its risk prevention and risk mitigation measures.

PRU 1.2.47 G

Both stress testing and scenario analyses are prospective analysis techniques, which seek to anticipate possible losses that might occur if an identified risk crystallises. In applying them, a firm needs to decide how far forward to look. This should depend upon:

  1. (1)

    how quickly it would be able to identify events or changes in circumstances that might lead to a risk crystallising resulting in a loss; and

  2. (2)

    after it has identified the event or circumstance, how quickly and effectively it could act to prevent or mitigate any loss resulting from the risk crystallising and to reduce exposure to any further adverse event or change in circumstance.

PRU 1.2.48 G

The time horizon over which stress tests and scenario analysis would need to be carried out for the market risk arising from the holding of investments, for example, should depend upon:

  1. (1)

    the extent to which there is a regular, open and transparent market in those assets, which would allow fluctuations in the value of the investment to be more readily and quickly identified; and

  2. (2)

    the extent to which the market in those assets is liquid (and would remain liquid in the changed circumstances contemplated in the stress test or scenario analysis) which would allow the firm, if needed, to sell its holding so as to prevent or reduce exposure to future price fluctuations.

PRU 1.2.49 G

In identifying scenarios, and assessing their impact, a firm should take into account, where material, how changes in circumstances might impact upon:

  1. (1)

    the nature, scale and mix of its future activities; and

  2. (2)

    the behaviour of counterparties, and of the firm itself, including the exercise of choices (for example, options embedded in financial instruments or contracts of insurance).

PRU 1.2.50 G

In determining whether it would have adequate financial resources in the event of each identified realistic adverse scenario, a firm should:

  1. (1)

    only include financial resources that could reasonably be relied upon as being available in the circumstances of the identified scenario; and

  2. (2)

    take account of any legal or other restriction on the purposes for which financial resources may be used.

PRU 1.2.51 G

A firm should consider conducting stress tests and scenario analyses which enable it to assess its exposure not only in its current position in the economic and business cycles, but also the possible changes in the cycles which might be expected over, say, the next three to five years.

PRU 1.2.52 G

A firm may consider scenarios in which expected future profits will provide capital reserves against future risks. However, it would only be appropriate to take into account profits that can be foreseen with some certainty as arising before the risk against which they are being held could possibly arise. In estimating future reserves, a firm should deduct future dividend payment estimates from projections of future profits.

PRU 1.2.53 G

A firm may substitute for traditional stress tests and scenario analyses more sophisticated modelling techniques and this approach is acceptable providing major risks are identified and the modelling has the effect of calculating the effect on a firm's financial position where the risks crystallise or are assumed to crystallise with a particular probability.

PRU 1.2.54 G

Additional guidance on stress tests and scenario analyses for the assessment of capital resources is available in PRU 2.3.

PRU 1.2.55 G

Additional guidance in relation to stress tests and scenario analysis for liquidity risk is available in PRU 5.1.58 G to PRU 5.1.62 G.

PRU 1.3 1 Valuation

Application

PRU 1.3.1 R

PRU 1.3 applies to an insurer, unless it is:

  1. (1)

    a non-directive friendly society; or

  2. (2)

    an incoming EEA firm; or

  3. (3)

    an incoming Treaty firm.

PRU 1.3.2 G

The scope of application of PRU 1.3 is not restricted to firms that are subject to relevant EC directives. It applies, for example, to pure reinsurers.

PRU 1.3.3 R
  1. (1)

    PRU 1.3 applies to a firm in relation to the whole of its business.

  2. (2)

    Where a firm carries on both long-term insurance business and general insurance business, PRU 1.3 applies separately to each type of business.

Purpose

PRU 1.3.4 G

PRU 1.3 sets out, for the purposes of PRU, rules and guidance as to how a firm should recognise and value assets, liabilities, equity and income statement items. Except where a rule in PRU makes different provision, PRU 1.3 applies whenever a rule in PRU refers to the value or amount of an asset, liability, equity or income statement item.

General requirements: accounting principles to be applied

PRU 1.3.5 R

Except where a rule in PRU provides for a different method of recognition or valuation, whenever a rule in PRU refers to an asset, liability, equity or income statement item, a firm must, for the purpose of that rule, recognise the asset, liability, equity or income statement item and measure its value in accordance with:

  1. (1)

    the insurance accounts rules, or the Friendly Societies (Accounts and Related Provisions) Regulations 1994;

  2. (2)

    Financial Reporting Standards and Statements of Standard Accounting Practice issued or adopted by the Accounting Standards Board; and

  3. (3)

    Statements of Recommended Practice, issued by industry or sectoral bodies recognised for this purpose by the Accounting Standards Board;

as applicable to the firm (or as would be applicable if the firm were a company with its head office in the United Kingdom).

PRU 1.3.6 G

PRU 1.3.5 R provides that unless a rule in PRU provides for a different method of recognition or valuation, the applicable provisions of the Companies Act 1985, the Companies Act (Northern Ireland) Order 1986 or the Friendly Societies (Accounts and Related Provisions) Regulations 1994, as supplemented by Financial Reporting Standards, Statements of Standard Accounting Practice, and Statements of Recommended Accounting Practice, should be used to determine the recognition and valuation of assets, liabilities, equity and income statement items for the purposes of PRU, including:

  1. (1)

    whether, and when, to recognise or de-recognise an asset or liability;

  2. (2)

    the amount at which to value an asset, liability, equity or income statement item;

  3. (3)

    which description to place on an asset, liability, equity or income statement item.

PRU 1.3.7 G

In particular, unless an exception applies, PRU 1.3.5 R should be applied for the purposes of PRU to determine how to account for:

  1. (1)

    netting of amounts due to or from the firm;

  2. (2)

    the securitisation of assets and liabilities (see also PRU 1.3.8 G);

  3. (3)

    leased tangible assets;

  4. (4)

    assets transferred or received under a sale and repurchase or stock lending transaction; and

  5. (5)

    assets transferred or received by way of initial or variation margin under a derivative or similar transaction.

PRU 1.3.8 G

Where assets or liabilities are securitised, PRU 1.3.5 R only permits de-recognition where Financial Reporting Standard 5 permits either de-recognition or the linked presentation. However, the FSA will consider granting a waiver to permit de-recognition in other circumstances provided that the firm can demonstrate that securitisation has effectively transferred risk.

PRU 1.3.9 G

Specific provisions for the methods and assumptions to be used by a firm in calculating its mathematical reserves are made in PRU 7.3.

PRU 1.3.10 G

PRU 1.3.5 R implements the requirements of Articles 23.3(viii) and 24.2(iv) of the Consolidated Life Directive. These articles require assets of a firm that are managed on its behalf by a subsidiary undertaking to be taken into account for the purposes of determining the firm's admissible assets and its assets in excess of concentration limits. The application of PRU 1.3.5 R will result in such assets remaining on the balance sheet of the firm.

Investments, derivatives and quasi-derivatives

PRU 1.3.11 R

Subject to PRU 1.3.31 R, for the purposes of PRU, a firm must apply PRU 1.3.12 R to PRU 1.3.30 R in order to determine how to account for:

  1. (1)

    investments that are, or amounts owed arising from the disposal of:

    1. (a)

      debt securities, bonds and other money- and capital-market instruments; or

    2. (b)

      loans; or

    3. (c)

      shares and other variable yield participations; or

    4. (d)

      units in UCITS schemes, non-UCITS retail schemes, recognised schemes and any other collective investment scheme that invests only in admissible assets (including any derivatives or quasi-derivatives held by the scheme); and

  2. (2)

    derivatives and quasi-derivatives.

Marking to market

PRU 1.3.12 R

Wherever possible, a firm must use mark to market in order to measure the value of the investments referred to in PRU 1.3.11 R. Marking to market is valuation at readily available close out prices from independent sources.

PRU 1.3.13 G

For the purposes of PRU 1.3.12 R, examples of readily available close out prices include exchange prices, screen prices, or quotes from several independent reputable brokers.

PRU 1.3.14 R

When marking to market, a firm must use the more prudent side of bid/offer price unless the firm is a significant market maker in a particular position type and it can close out at the mid-market price.

Marking to model

PRU 1.3.15 R

Where marking to market is not possible, a firm must use mark to model in order to measure the value of the investments referred to in PRU 1.3.11 R. Marking to model is any valuation which has to be benchmarked, extrapolated or otherwise calculated from a market input.

PRU 1.3.16 R

When the model used is developed by the firm, that model must be:

  1. (1)

    based on appropriate assumptions which have been assessed and challenged by suitably qualified parties independent of the development process; and

  2. (2)

    independently tested, including validation of the mathematics, assumptions, and software implementation.

PRU 1.3.17 R

A firm must ensure that its senior management are aware of the positions which are subject to mark to model and understand the materiality of the uncertainty this creates in the reporting of the performance of the business of the firm and the risks to which it is subject.

PRU 1.3.18 R

A firm must source market inputs in line with market prices so far as possible and assess the appropriateness of the market inputs for the position being valued and the parameters of the model on each valuation date.

PRU 1.3.19 R

A firm must use generally accepted valuation methodologies for particular products where these are available.

PRU 1.3.20 R

A firm must establish formal change control procedures, hold a secure copy of the model, and periodically use that model to check valuations.

PRU 1.3.21 R

A firm must ensure that its risk management functions are aware of the weakness of the models used and how best to reflect those in the valuation output.

PRU 1.3.22 R

A firm must periodically review the model to determine the accuracy of its performance.

PRU 1.3.23 G

Examples of periodical review are assessing the continued appropriateness of the assumptions and comparison of actual close out values to model inputs.

Independent price verification

PRU 1.3.24 R

In addition to marking to market or marking to model, a firm must perform independent price verification. This is the process by which market prices or model inputs are regularly verified for accuracy and independence.

PRU 1.3.25 G

For independent price verification, where independent pricing sources are not available or pricing sources are more subjective, for example, only one available broker quote, prudent measures such as valuation adjustments may be appropriate.

Valuation adjustments or reserves

PRU 1.3.26 R

A firm must establish and maintain procedures for considering valuation adjustments or reserves. These procedures must be compliant with the requirements set out in PRU 1.3.29 R.

PRU 1.3.27 R

A firm using third-party valuations, or marking to model, must consider whether valuation adjustments are necessary.

PRU 1.3.28 R

A firm must consider the need for establishing reserves for less liquid positions and, on an ongoing basis, review their continued appropriateness in accordance with the requirements set out in PRU 1.3.29 R.

PRU 1.3.29 R

The requirements referred to in PRU 1.3.26 R and PRU 1.3.28 R are:

  1. (1)

    a firm must consider the following adjustments or reserves: unearned credit spreads, close-out costs, operational risks, early termination, investing and funding costs, future administrative costs and, where appropriate, model risk; and

  2. (2)

    a firm must consider several factors when determining whether a valuation reserve is necessary for less liquid items. These factors include the amount of time it would take to hedge out the position/risks within the position; the average and volatility of bid/offer spreads; the availability of market quotes (number and identity of market makers); and the average and volatility of trading volumes.

PRU 1.3.30 R

If the result of establishing adjustments or reserves under PRU 1.3.26 R to PRU 1.3.29 R is a valuation which differs from the fair value determined in accordance with Financial Reporting Standards issued or adopted by the Accounting Standards Board, a firm must reconcile the two valuations.

Shares in, and debts due from, related undertakings

PRU 1.3.31 R

PRU 1.3.11 R does not apply to shares in, and debts due from, a related undertaking that is:

  1. (1)

    a regulated related undertaking; or

  2. (2)

    an ancillary services undertaking; or

  3. (3)

    any other subsidiary undertaking, the shares of which a firm elects to value in accordance with PRU 1.3.35 R.

PRU 1.3.32 G

The effect of PRU 1.3.31 R is that shares in, and debts due from, related undertakings of the types referred to are not valued on a mark to market basis. As a result, debts due from these undertakings, and shares in related undertakings which are ancillary services undertakings, are valued at their accounting book value in accordance with PRU 1.3.5 R. Shares in related undertakings referred to in PRU 1.3.31 R (1) or (3) are valued in accordance with PRU 1.3.33 R to PRU 1.3.38 R.

PRU 1.3.33 R

Except where the contrary is expressly stated in PRU, whenever a rule in PRU refers to shares held in, and debts due from, an undertaking referred to in PRU 1.3.31 R (1) or PRU 1.3.31R (3), a firm must value the shares held in accordance with PRU 1.3.35 R.

PRU 1.3.34 R

In relation to shares in, and debts due from, an undertaking referred to in PRU 1.3.31 R (1), PRU 1.3.33 R does not apply for the purposes of PRU 2.2.78 R and PRU 8.3.

PRU 1.3.35 R

For the purposes of PRU 1.3.33 R, the value of the shares held in an undertaking referred to in PRU 1.3.31 R (1) or PRU 1.3.31R (3) is the sum of:

  1. (1)

    the regulatory surplus value of that undertaking; less

  2. (2)

    for the purposes of PRU 2.2.90 R, the book value of the total investments in the tier one capital resources and tier two capital resources of that undertaking by the firm and its related undertakings; or

  3. (3)

    for other purposes in PRU, the sum of:

    1. (a)

      the book value of the investments by the firm and its related undertakings in the tier two capital resources of the undertaking; and

    2. (b)

      if the undertaking is an insurance undertaking, its ineligible surplus capital and any restricted assets of the undertaking which have been excluded under PRU 8.3.41 R (1).

PRU 1.3.36 R

For the purposes of PRU 1.3.35 R (1), the regulatory surplus value of an undertaking referred to in PRU 1.3.31 R (1) or PRU 1.3.31R (3) is, subject to PRU 1.3.37 R, the sum of:

  1. (1)

    the tier one capital resources of the undertaking; plus

  2. (2)

    the tier two capital resources of the undertaking; less

  3. (3)

    the individual capital resources requirement of the undertaking.

PRU 1.3.37 R
  1. (1)

    Subject to PRU 1.3.38 R, for the purposes of PRU 1.3.36 R, only the relevant proportion of the:

    1. (a)

      tier one capital resources of the undertaking;

    2. (b)

      tier two capital resources of the undertaking;

    3. (c)

      individual capital resources requirement of the undertaking;

    is to be taken into account.

  2. (2)

    In (1), the relevant proportion is the proportion of the total number of shares issued by the undertaking held, directly or indirectly, by the firm.

PRU 1.3.38 R

If the individual capital resources requirement of an undertaking in PRU 1.3.31 R (1) that is a subsidiary undertaking exceeds the sum of its tier one capital resources and tier two capital resources, the full amount of the items referred to in PRU 1.3.37 R (1) are to be taken into account for the purposes of PRU 1.3.36 R.

PRU 1.3.39 R

For the purposes of PRU 1.3.35 R to PRU 1.3.38 R:

  1. (1)

    in relation to an undertaking referred to in PRU 1.3.31 R (1):

    1. (a)

      individual capital resources requirement has the meaning given by PRU 8.3.34 R;

    2. (b)

      the following expressions are to be construed in accordance with PRU 8.3.37 R:

      1. (i)

        tier one capital resources; and

      2. (ii)

        tier two capital resources;

    3. (c)

      ineligible surplus capital has the meaning given by PRU 8.3.67 R;

  2. (2)

    in relation to an undertaking referred to in PRU 1.3.31 R (3), the following expressions are to be construed as if that undertaking were an insurance holding company:

    1. (a)

      individual capital resources requirement;

    2. (b)

      tier one capital resources; and

    3. (c)

      tier two capital resources.

PRU 1.3.40 G

PRU 1.3.35 R to PRU 1.3.39 R set out several different valuation bases for a firm's shares in related undertakings. The regulatory surplus value (defined in PRU 1.3.36 R) measures the related undertaking's own capital surplus or deficit. This is used: (i) in PRU 1.3.35 R as a basis for calculating the impact on the firm's position of its investments in related undertakings; and (ii) in PRU 8.3 as a starting point for the calculation of ineligible surplus capital.

PRU 1.3.41 G

PRU 1.3.35 R determines how, for the purposes of the solo capital adequacy calculation of a firm, that firm's capital resources should be adjusted to take into account its investments in related undertakings.

PRU 1.3.42 G

The rules that specify how, for the purposes of the adjusted solo capital calculation, a firm must incorporate its related undertakings into its capital resources and capital resources requirement are set out in PRU 8.3.

Community co-insurance operations: general insurance business

PRU 1.3.43 R

Where a relevant insurer determines the amount of a liability in order to make provision for outstanding claims under a Community co-insurance operation, then, if the leading insurer has informed the relevant insurer of the amount of the provision made by the leading insurer for such claims, the amount determined by the relevant insurer:

  1. (1)

    must be at least as great as the amount of the provision made by the leading insurer; or

  2. (2)

    in a case where it is not the practice in the United Kingdom to make such provision separately, must be sufficient, when all liabilities are taken into account, to include provision at least as great as that made by the leading insurer for such claims;

due regard being had in either case to the proportion of the risk covered by the relevant insurer and by the leading insurer respectively.

PRU 1.4 1 Prudential risk management and associated systems and controls

Application

PRU 1.4.1 R

PRU 1.4 applies to an insurer unless it is:

  1. (1)

    a non-directive friendly society; or

  2. (2)

    an incoming EEA firm; or

  3. (3)

    an incoming Treaty firm.

PRU 1.4.2 R

PRU 1.4 applies to:

  1. (1)

    an EEA-deposit insurer; and

  2. (2)

    a Swiss general insurer;

only in respect of the activities of the firm carried on from a branch in the United Kingdom.

Purpose

PRU 1.4.3 G

PRU 1.4 sets out some rules and guidance on the establishment and maintenance of systems and controls for the management of a firm's prudential risks. A firm's prudential risks are those that can reduce the adequacy of its financial resources, and as a result may adversely affect confidence in the financial system or prejudice consumers. Some key prudential risks are credit, market, liquidity, operational, insurance and group risk.

PRU 1.4.4 G

The purpose of PRU 1.4 is to serve the FSA's regulatory objectives of consumer protection and market confidence. In particular, this section aims to reduce the risk that a firm may pose a threat to these regulatory objectives, either because it is not prudently managed, or because it has inadequate systems to permit appropriate senior management oversight and control of its business.

PRU 1.4.5 G

Both adequate financial resources and adequate systems and controls are necessary for the effective management of prudential risks. A firm may hold financial resources to help alleviate the financial consequences of minor weaknesses in its systems and controls (to reflect possible impairments in the accuracy or timing of its identification, measurement, monitoring and control of certain risks, for example). However, financial resources cannot adequately compensate for significant weaknesses in a firm's systems and controls that could fundamentally undermine its ability to control its affairs effectively.

How to interpret PRU 1.4

PRU 1.4.6 G

PRU 1.4 is designed to amplify Principle 3 (Management and control) which requires that a firm take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems. PRU 1.4 is also designed to be complementary to SYSC 2, SYSC 3 and SYSC 3A in that it contains some additional rules and guidance on senior management arrangements and associated systems and controls for firms that could have a significant impact on the FSA's objectives in a prudential context.

PRU 1.4.7 G

In addition to supporting PRIN and SYSC, PRU 1.4 lays the foundations for the more specific rules and guidance on the management of credit, market, liquidity, operational, insurance and group risks that are in PRU 3.1, PRU 4.1, PRU 5.1, PRU 6.1, PRU 7.1 and PRU 8.1 respectively. Many of the elements raised here in general terms are expanded upon in these sections.

PRU 1.4.8 G

Appropriate systems and controls for the management of prudential risk will vary from firm to firm. Therefore most of the material in PRU 1.4 is guidance. In interpreting this guidance, a firm should have regard to its own particular circumstances. Following from SYSC 3.1.2 G, this should include considering the nature, scale and complexity of its business, which may be influenced by factors such as:

  1. (1)

    the diversity of its operations, including geographical diversity;

  2. (2)

    the volume and size of its transactions; and

  3. (3)

    the degree of risk associated with each area of its operation.

PRU 1.4.9 G

The guidance contained within this section is not designed to be exhaustive. When establishing and maintaining its systems and controls a firm should have regard not only to other parts of the Handbook, but also to material that is issued by other industry or regulatory bodies.

The role of systems and controls in a prudential context

PRU 1.4.10 G

In a prudential context, a firm's systems and controls should provide its senior management with an adequate means of managing the firm. As such, they should be designed and maintained to ensure that senior management is able to make and implement integrated business planning and risk management decisions on the basis of accurate information about the risks that the firm faces and the financial resources that it has.

The prudential responsibilities of senior management and the apportionment of those responsibilities

PRU 1.4.11 G

Ultimate responsibility for the management of prudential risks rests with a firm's governing body and relevant senior managers, and in particular with those individuals that undertake the firm's governing functions and the apportionment and oversight function. In particular, these responsibilities should include:

  1. (1)

    overseeing the establishment of an appropriate business plan and risk management strategy;

  2. (2)

    overseeing the development of appropriate systems for the management of prudential risks;

  3. (3)

    establishing adequate internal controls; and

  4. (4)

    ensuring that the firm maintains adequate financial resources.

The delegation of responsibilities within the firm

PRU 1.4.12 G

Although authority for the management of a firm's prudential risks is likely to be delegated, to some degree, to individuals at all levels of the organisation, overall responsibility for this activity should not be delegated from its governing body and relevant senior managers.

PRU 1.4.13 G

Where delegation does occur, a firm should ensure that appropriate systems and controls are in place to allow its governing body and relevant senior managers to participate in and control its prudential risk management activities. The governing body and relevant senior managers should approve and periodically review these systems and controls to ensure that delegated duties are being performed correctly.

Firms subject to risk management on a group basis

PRU 1.4.14 G

Some firms organise the management of their prudential risks on a stand-alone basis. In some cases, however, the management of a firm's prudential risks may be entirely or largely subsumed within a whole group or sub-group basis.

  1. (1)

    The latter arrangement may still comply with the FSA's prudential policy on systems and controls if the firm's governing body formally delegates the functions that are to be carried out in this way to the persons or bodies that are to carry them out. Before doing so, however, the firm's governing body should have explicitly considered the arrangement and decided that it is appropriate and that it enables the firm to meet the FSA's prudential policy on systems and controls. The firm should notify the FSA if the management of its prudential risks is to be carried out in this way.

  2. (2)

    Where the management of a firm's prudential risks is largely, but not entirely, subsumed within a whole group or sub-group basis, the firm should ensure that any prudential issues that are specific to the firm are:

    1. (a)

      identified and adequately covered by those to whom it has delegated certain prudential risk management tasks; or

    2. (b)

      dealt with by the firm itself.

PRU 1.4.15 G

Any delegation of the management of prudential risks to another part of a firm's group does not relieve it of responsibility for complying with the FSA's prudential policy on systems and controls. A firm cannot absolve itself of such a responsibility by claiming that any breach of the FSA's prudential policy on systems and controls is effected by the actions of a third party firm to whom the firm has delegated tasks. The risk management arrangements are still those of the firm, even though personnel elsewhere in the firm's group are carrying out these functions on its behalf. Thus any references in PRU to what a firm, its personnel and its management should and should not do still apply, and do not need any adjustment to cover the situation in which risk management functions are carried out on a group-wide basis.

PRU 1.4.16 G

Where it is stated in PRU that a particular task in relation to a firm's systems and controls should be carried out by a firm's governing body this task should not be delegated to another part of its group. Furthermore, even where the management of a firm's prudential risks is delegated as described in PRU 1.4.14 G, responsibility for its effectiveness and for ensuring that it remains appropriate remains with the firm's governing body. The firm's governing body should therefore keep any delegation under review to ensure that delegated duties are being performed correctly.

Business planning and risk management

PRU 1.4.17 G

Business planning and risk management are closely related activities. In particular, the forward-looking assessment of a firm's financial resources needs, and of how business plans may affect the risks that it faces, are important elements of prudential risk management. A firm's business planning should also involve the creation of specific risk policies which will normally outline a firm's strategy and objectives for, as appropriate, the management of its market, credit, liquidity, operational, insurance and group risks and the processes that it intends to adopt to achieve these objectives. PRU 1.4.18 R to PRU 1.4.25 G set out some rules and guidance relating to business planning and risk management in a prudential context (see also SYSC 3.2.17 G, which states that a firm should plan its business appropriately).

PRU 1.4.18 R

A firm must take reasonable steps to ensure the establishment and maintenance of a business plan and appropriate systems for the management of prudential risk.

PRU 1.4.19 R

When establishing and maintaining its business plan and prudential risk management systems, a firm must document:

  1. (1)

    an explanation of its overall business strategy, including its business objectives;

  2. (2)

    a description of, as applicable, its policies towards market, credit (including provisioning), liquidity, operational, insurance and group risk (that is, its risk policies), including its appetite or tolerance for these risks and how it identifies, measures or assesses, monitors and controls these risks;

  3. (3)

    the systems and controls that it intends to use in order to ensure that its business plan and risk policies are implemented correctly;

  4. (4)

    a description of how the firm accounts for assets and liabilities, including the circumstances under which items are netted, included or excluded from the firm's balance sheet and the methods and assumptions for valuation;

  5. (5)

    appropriate financial projections and the results of its stress testing and scenario analysis (see PRU 1.2 Adequacy of financial resources); and

  6. (6)

    details of, and the justification for, the methods and assumptions used in financial projections and stress testing and scenario analysis.

PRU 1.4.20 G

The prudential risk management systems referred to in PRU 1.4.18 R and PRU 1.4.19 R are the means by which a firm is able to:

  1. (1)

    identify the prudential risks that are inherent in its business plan, operating environment and objectives, and determine its appetite or tolerance for these risks;

  2. (2)

    measure or assess its prudential risks;

  3. (3)

    monitor its prudential risks; and

  4. (4)

    control or mitigate its prudential risks.

PRU 5.1.78 E is an evidential provision relating to PRU 1.4.18 R concerning risk management systems in respect of liquidity risk arising from substantial exposures in foreign currencies.

PRU 1.4.21 G

A firm should consider the relationship between its business plan, risk policies and the financial resources that it has available (or can readily access), recognising that decisions made in respect of one element may have consequences for the other two.

PRU 1.4.22 G

A firm's business plan and risk management systems should be:

  1. (1)

    effectively communicated so that all employees and contractors understand and adhere to the procedures related to their own responsibilities;

  2. (2)

    regularly updated and revised, in particular when there is significant new information or when actual practice or performance differs materially from the documented strategy, policy or systems.

PRU 1.4.23 G

The level of detail in a firm's business plan and its approach to the design of its risk management systems should be appropriate to the scale and complexity of its operations, and the nature and degree of risk that it faces.

PRU 1.4.24 G

A firm's business plan and systems documentation should be accessible to the firm's management in line with their respective responsibilities and, upon request, to the FSA.

PRU 1.4.25 G

PRU 1.4.19 R (5) requires a firm to document its financial projections and the results of its stress testing and scenario analysis. Such financial projections, stress tests and scenario analysis should be used by a firm's governing body and relevant senior managers when deciding upon how much risk the firm is willing to accept in pursuit of its business objectives and how risk limits should be set. Further rules and guidance on stress testing and scenario analysis are outlined in PRU 1.2 (Adequacy of financial resources) and PRU 5.1 (Liquidity risk systems and controls).

Internal controls: introduction

PRU 1.4.26 G

Internal controls should provide a firm with reasonable assurance that it will not be hindered in achieving its objectives, or in the orderly and legitimate conduct of its business, by events that may reasonably be foreseen. More specifically in a prudential context, internal controls should be concerned with ensuring that a firm's business plan and risk management systems are operating as expected and are being implemented as intended. The following rule (PRU 1.4.27 R) reflects the importance of internal controls in a prudential context.

PRU 1.4.27 R

A firm must take reasonable steps to establish and maintain adequate internal controls.

PRU 1.4.28 G

The precise role and organisation of internal controls can vary from firm to firm. However, a firm's internal controls should normally be concerned with assisting its governing body and relevant senior managers to participate in ensuring that it meets the following objectives:

  1. (1)

    safeguarding both the assets of the firm and its customers, as well as identifying and managing liabilities;

  2. (2)

    maintaining the efficiency and effectiveness of its operations;

  3. (3)

    ensuring the reliability and completeness of all accounting, financial and management information; and

  4. (4)

    ensuring compliance with its internal policies and procedures as well as all applicable laws and regulations.

PRU 1.4.29 G

When determining the adequacy of its internal controls, a firm should consider both the potential risks that might hinder the achievement of the objectives listed in PRU 1.4.28 G, and the extent to which it needs to control these risks. More specifically, this should normally include consideration of:

  1. (1)

    the appropriateness of its reporting and communication lines (see SYSC 3.2.2 G);

  2. (2)

    how the delegation or contracting of functions or activities to employees, appointed representatives or other third parties (for example outsourcing) is to be monitored and controlled (see SYSC 3.2.3 G to SYSC 3.2.4 G, PRU 1.4.12 G to PRU 1.4.16 G and PRU 1.4.33 G; additional guidance on the management of outsourcing arrangements is also provided in SYSC 3A.9);

  3. (3)

    the risk that a firm's employees or contractors might accidentally or deliberately breach a firm's policies and procedures (see SYSC 3A.6.3 G);

  4. (4)

    the need for adequate segregation of duties (see SYSC 3.2.5 G and PRU 1.4.30 G to PRU 1.4.33 G);

  5. (5)

    the establishment and control of risk management committees (see PRU 1.4.34 G to PRU 1.4.37 G);

  6. (6)

    the need for risk assessment and the establishment of a risk assessment function (see SYSC 3.2.10 G and PRU 1.4.38 G to PRU 1.4.41 G); and

  7. (7)

    the need for internal audit and the establishment of an internal audit function and audit committee (see SYSC 3.2.15 G to SYSC 3.2.16 G and PRU 1.4.42 G to PRU 1.4.45 G).

Internal controls: segregation of duties

PRU 1.4.30 G

The effective segregation of duties is an important internal control in the prudential context. In particular, it helps to ensure that no one individual is completely free to commit a firm's assets or incur liabilities on its behalf. Segregation can also help to ensure that a firm's governing body receives objective and accurate information on financial performance, the risks faced by the firm and the adequacy of its systems. In this regard, a firm should ensure that there is adequate segregation of duties between employees involved in:

  1. (1)

    taking on or controlling risk (which could include risk mitigation);

  2. (2)

    risk assessment (which includes the identification and analysis of risk); and

  3. (3)

    internal audit.

PRU 1.4.31 G

In addition, a firm should normally ensure that no single individual has unrestricted authority to do all of the following:

  1. (1)

    initiate a transaction;

  2. (2)

    bind the firm;

  3. (3)

    make payments; and

  4. (4)

    account for it.

PRU 1.4.32 G

Where a firm is unable to ensure the complete segregation of duties (for example, because it has a limited number of staff), it should ensure that there are adequate compensating controls in place (for example, frequent review of an area by relevant senior managers).

PRU 1.4.33 G

Where a firm outsources a controlled function, such as internal audit, it should take reasonable steps to ensure that every individual involved in the performance of this service is independent from the individuals who perform its external audit. This should not prevent services from being undertaken by a firm's external auditors provided that:

  1. (1)

    the work is carried out under the supervision and management of the firm's own internal staff; and

  2. (2)

    potential conflicts of interest between the provision of external audit services and the provision of controlled functions are properly managed.

Internal controls: risk management committees

PRU 1.4.34 G

In many firms, especially if there are multiple business lines, it is common for the governing body to delegate some tasks related to risk control and management to committees such as asset and liability committees (ALCO), credit risk committees and market risk committees.

PRU 1.4.35 G

Where a firm decides to create one or more risk management committee(s), adequate internal controls should be put in place to ensure that these committees are effective and that their actions are consistent with the objectives outlined in PRU 1.4.28 G. This should normally include consideration of the following:

  1. (1)

    setting clear terms of reference, including membership, reporting lines and responsibilities of each committee;

  2. (2)

    setting limits on their authority;

  3. (3)

    agreeing routine reporting and non-routine escalation procedures;

  4. (4)

    agreeing the minimum frequency of committee meetings; and

  5. (5)

    reviewing the performance of these risk management committees.

PRU 1.4.36 G

The decision to delegate risk management tasks, along with the terms of reference of the committees and their performance, should be reviewed periodically by the firm's governing body and revised as appropriate.

PRU 1.4.37 G

The effective use of risk management committees can help to enhance a firm's internal controls. In establishing and maintaining its risk management committees, a firm should consider:

  1. (1)

    their membership, which should normally include relevant senior managers (such as the head of group risk, head of legal, and the heads of market, credit, liquidity and operational risk, etc.), business line managers, risk management personnel and other appropriately skilled people, for example, actuaries, lawyers, accountants, IT specialists, etc.;

  2. (2)

    using these committees to:

    1. (i)

      inform the decisions made by a firm's governing body regarding its appetite or tolerance for risk taking;

    2. (ii)

      highlight risk management issues that may require attention by the governing body;

    3. (iii)

      consider risk at the firm-wide level and, within delegated limits, to determine the allocation of risk limits and financial resources across business lines;

    4. (iv)

      consider how exposures may be unwound, hedged, or otherwise mitigated, as appropriate.

Internal controls: risk assessment

PRU 1.4.38 G

Risk assessment is the process through which a firm identifies and analyses (using both qualitative and quantitative methodologies) the risks that it faces. A firm's risk assessment activities should normally include consideration of:

  1. (1)

    its total exposure to risk at the firm-wide level (that is, its exposure across business lines and risk categories);

  2. (2)

    capital allocation and the need to calculate risk weighted returns for different business lines;

  3. (3)

    the potential correlations that can exist between the risks in different business lines; this should also include looking for risks to which a firm's business plan is particularly sensitive, such as interest rate risk, or multiple dealings with the same counterparty;

  4. (4)

    the use of stress tests and scenario analysis;

  5. (5)

    whether there are risks inherent in the firm's business that are not being addressed adequately;

  6. (6)

    the risk adjusted return that the firm is achieving; and

  7. (7)

    the adequacy and timeliness of management information on market, credit, insurance, liquidity, operational and group risks from the business lines, including risk limit utilisation.

PRU 1.4.39 G

In accordance with SYSC 3.2.10 G a firm should consider whether it needs to set up a separate risk assessment function (or functions) that is responsible for assessing the risks that the firm faces and advising its governing body and senior managers on them.

PRU 1.4.40 G

Where a firm does decide that it needs a separate risk assessment function, the employees or contractors that carry out this function should not normally be involved in risk taking activities such as business line management (see PRU 1.4.30 G to PRU 1.4.33 G on the segregation of duties).

PRU 1.4.41 G

A summary of the results of the analysis undertaken by a firm's risk assessment function (including, where necessary, an explanation of any assumptions that were adopted) should normally be reported to relevant senior managers as well as to the firm's governing body.

Internal audit

PRU 1.4.42 G

A firm should ensure that it has appropriate mechanisms in place to assess and monitor the appropriateness and effectiveness of its systems and controls. This should normally include consideration of:

  1. (1)

    adherence to and effectiveness of, as appropriate, its market, credit, liquidity, operational, insurance, and group risk policies;

  2. (2)

    whether departures and variances from its documented systems and controls and risk policies have been adequately documented and appropriately reported, including whether appropriate pre-clearance authorisation has been sought for material departures and variances;

  3. (3)

    adherence to and effectiveness of its accounting policies, and whether accounting records are complete and accurate;

  4. (4)

    adherence to and effectiveness of its management reporting arrangements, including the timeliness of reporting, and whether information is comprehensive and accurate; and

  5. (5)

    adherence to FSA rules and regulatory prudential standards.

PRU 1.4.43 G

In accordance with SYSC 3.2.15 G and SYSC 3.2.16 G, a firm should consider whether it needs to set up a dedicated internal audit function.

PRU 1.4.44 G

Where a firm decides to set up an internal audit function, this function should provide independent assurance to its governing body, audit committee or an appropriate senior manager of the integrity and effectiveness of its systems and controls.

PRU 1.4.45 G

In forming its judgements, the person performing the internal audit function should test the practical operation of a firm's systems and controls as well as its accounting and risk policies. This should include examining the adequacy of supporting records.

Management information

PRU 1.4.46 G

Many individuals, at various levels of a firm, need management information relating to their activities. However, PRU 1.4.47 G to PRU 1.4.50 G concentrates on the management information that should be available to those at the highest level of a firm, that is, the firm's governing body and relevant senior managers. In so doing PRU 1.4.47 G to PRU 1.4.50 G amplifies SYSC 3.2.11 G to SYSC 3.2.12 G (which outlines the FSA's high level policy on senior management information) by providing some additional guidance on the management information that should be available in a prudential context.

PRU 1.4.47 G

The role of management information should be to help a firm's governing body and senior managers to understand risk at a firm-wide level. In so doing, it should help them to:

  1. (1)

    determine whether a firm is prudently managed with adequate financial resources;

  2. (2)

    make the decisions that fall within their ambit (for example, the high level business plans, strategy and risk tolerances of the firm); and

  3. (3)

    oversee the execution of tasks for which they are responsible.

PRU 1.4.48 G

A firm should consider what information needs to be made available to its governing body and senior managers. Some possible examples include:

  1. (1)

    firm-wide information such as the overall profitability and value of a firm and its total exposure to risk;

  2. (2)

    reports from committees to which the governing body has delegated risk management tasks, if applicable;

  3. (3)

    reports from a firm's internal audit and risk assessment functions, if applicable, including exception reports, where risk limits and policies have been breached or systems circumvented;

  4. (4)

    financial projections under expected and abnormal (that is, stressed) conditions;

  5. (5)

    reconciliation of actual profit and loss to previous financial projections and an analysis of any significant variances;

  6. (6)

    matters which require a decision from the governing body or senior managers, for example a significant variation to a business plan, amendments to risk limits, the creation of a new business line, etc;

  7. (7)

    compliance with FSA rules and regulatory prudential standards;

  8. (8)

    risk weighted returns; and

  9. (9)

    liquidity and funding requirements.

PRU 1.4.49 G

The management information that is provided to a firm's governing body and senior managers should have the following characteristics:

  1. (1)

    it should be timely, its frequency being determined by factors such as:

    1. (a)

      the volatility of the business in which the firm is engaged (that is, the speed at which its risks can change);

    2. (b)

      any time constraints on when action needs to be taken; and

    3. (c)

      the level of risk that the firm is exposed to, compared to its available financial resources and tolerance for risk;

  2. (2)

    it should be reliable, having regard to the fact that it may be necessary to sacrifice a degree of accuracy for timeliness; and

  3. (3)

    it should be presented in a manner that highlights any relevant issues on which those undertaking governing functions should focus particular attention.

PRU 1.4.50 G

The production of management and other information may require the collation of data from a variety of separate manual and automated systems. In such cases, responsibility for the integrity of the information may be spread amongst a number of operational areas. A firm should ensure that it has appropriate processes to validate the integrity of its information.

Record keeping

PRU 1.4.51 G

SYSC 3.2.20 R requires a firm to take reasonable care to make and retain adequate records. The following policy on record keeping supplements SYSC 3.2.20 R by providing some additional rules and guidance on record keeping in a prudential context. The purpose of this policy is to:

  1. (1)

    facilitate the prudential supervision of a firm by ensuring that adequate information is available regarding its past/current financial situation and business activities (which includes the design and implementation of systems and controls); and

  2. (2)

    help the FSA to satisfy itself that a firm is operating in a prudent manner and is not prejudicing the interests of its customers or market confidence.

PRU 1.4.52 G

In addition to the record keeping requirements in PRU, a firm should remember that it may be obliged, under other applicable laws or regulations, to keep similar or additional records.

PRU 1.4.53 R
  1. (1)

    A firm must make and regularly update accounting and other records that are sufficient to enable the firm to demonstrate to the FSA:

    1. (a)

      that the firm is financially sound and has appropriate systems and controls;

    2. (b)

      the firm's financial position and exposure to risk (to a reasonable degree of accuracy); and

    3. (c)

      the firm's compliance with the rules in PRU.

  2. (2)

    The records in (1) must be retained for a minimum of three years, or longer as appropriate.

PRU 1.4.54 G

A firm should be able to make available the records described in PRU 1.4.53 R within a reasonable timeframe when requested to do so by the FSA.

PRU 1.4.55 G

The FSA recognises that not all records are specific to a particular point in time. As such, while it may be appropriate to update some records on a daily or continuous basis, for example expenditure and details of certain transactions, it may not be appropriate to update other records as regularly as this, for example those relating to its business plan and risk policies. A firm should decide how regularly it should update particular records.

PRU 1.4.56 G

A firm should decide which records it needs to hold, noting that compliance with PRU 1.4.53 R does not require it to hold records on every single aspect of its activities. Some specific guidance on the types of records that a firm should hold is set out in each of the risk specific sections on systems and controls (see PRU 3.1, PRU 4.1, PRU 5.1, PRU 6.1, PRU 7.1 and PRU 8.1).

PRU 1.4.57 G

In deciding which records to hold, a firm should also take into account that failure to keep adequate records could make it harder for it to satisfy the FSA that it is compliant with the rules in PRU, and to defend any enforcement action taken against it.

PRU 1.4.58 G

A firm should keep the records required in PRU in an appropriate format and language (in terms of format this could include holding them on paper or in electronic or some other form). However, whatever format or language a firm chooses, SYSC 3.2.20 R requires that records be capable of being reproduced on paper and in English (except where they relate to business carried on from an establishment situated in a country where English is not an official language).

PRU 1.4.59 G

In accordance with SYSC 3.2.20 R, a firm should retain the records that it needs to comply with PRU 1.4.53 R for as long as they are relevant for the purposes for which they were made.

PRU 1.4.60 R

A firm must keep the records required in PRU 1.4.53 R in the United Kingdom, except where:

  1. (1)

    they relate to business carried on from an establishment in a country or territory that is outside the United Kingdom; and

  2. (2)

    they are kept in that country or territory.

PRU 1.4.61 R

When a firm keeps the records required in PRU 1.4.53 R outside the United Kingdom, it must periodically send an adequate summary of those records to the United Kingdom.

PRU 1.4.62 G

Where a firm outsources the storage of some or all of its records to a third party service provider, it should ensure that these records are readily accessible and can be reproduced within a reasonable time period. The firm should also ensure that these records are stored in compliance with the rules and guidance on record keeping in PRU. Additional guidance on the management of outsourcing agreements is provided in SYSC 3A.

PRU 1.4.63 G

A firm may rely on records that have been produced by a third party (for example, another group company or an external agent, such as an outsource service provider). However where the firm does so it should ensure that these records are readily accessible and can be reproduced within a reasonable time period. The firm should also ensure that these records comply with the rules and guidance on record keeping in PRU.

PRU 1.4.64 G

In accordance with SYSC 3.2.21 G, a firm should have adequate systems and controls for maintaining the security of its records so that they are reasonably safeguarded against loss, unauthorised access, alteration or destruction.

PRU 1.5 to follow

to follow

PRU 1.6 to follow

to follow

PRU 1.7 to follow

to follow

PRU 1.8 1 Actions for damages

PRU 1.8.1 R

A contravention of the rules in PRU does not give rise to a right of action by a private person under section 150 of the Act (and each of those rules is specified under section 150(2) of the Act as a provision giving rise to no such right of action).