Content Options:

Content Options

View Options:

SUP 1.1 Application and purpose

Application

SUP 1.1.1 G

This chapter applies to every firm, except that its relevance for an ICVC is limited as the FSA does not intend to carry out an assessment of an ICVC that is specific to that ICVC.

Purpose

SUP 1.1.2 G

The Act requires the FSA to "maintain arrangements designed to enable it to determine whether persons on whom requirements are imposed by or under this Act are complying with them" (paragraph 6(1) of Schedule 1 to the Act).

SUP 1.1.3 G

The design of these arrangements is shaped by the regulatory objectives. These are set out in section 2 of the Act (The Authority's general duties) and are:

  1. (1)

    maintaining confidence in the financial system;2

    2
  2. (2)

    promoting public understanding of the financial system;2

    233
  3. (3)

    securing the appropriate degree of protection for consumers; and

  4. (4)

    reducing the extent to which it is possible for a business carried on by a regulated person, or in contravention of the general prohibition, to be used for a purpose connected with financial crime.

SUP 1.1.4 G

In designing its approach to supervision, the FSA has regard to the principles of good regulation set out in section 2(3) of the Act. In particular, the FSA's regulatory approach aims to focus and reinforce the responsibility of the management of each firm (section 2(3)(b) of the Act) to ensure that it takes reasonable care to organise and control the affairs of the firm responsibly and effectively and develops and maintains adequate risk management systems. It is the responsibility of management to ensure that the firm acts in compliance with its regulatory requirements. The FSA will have regard to the principle that a burden or restriction which is imposed on a firm should be proportionate to the benefits, considered in general terms, which are expected to result from the imposition of that burden or restriction (section 2(3)(c) of the Act).

SUP 1.2 Introduction

SUP 1.2.1 G
  1. (1)

    The Authorisation manual (AUTH), the Supervision manual (SUP) and Decision, Procedure and Penalties manual (DEPP)2 form the regulatory processes part of the Handbook.

    22
  2. (2)

    AUTH sets out the relationships between the FSA and applicants for Part IV permission and persons wishing to exercise EEA rights, Treaty rights or UCITS Directive rights.

  3. (3)

    SUP sets out the relationship between the FSA and authorised persons (referred to in the Handbook as firms). As a general rule, material that is of continuing relevance after authorisation is in SUP.

  4. (4)

    [deleted]2

    2
  5. (5)

    DEPP is principally concerned with and sets out the FSA's decision making procedures that involve the giving of statutory notices, the FSA's policy in respect to the imposition and amount of penalties, and the conduct of interviews to which a direction under section 169(7) of the Act has been given or the FSA is considering giving. 2

    2
SUP 1.2.2 G

For a firm which undertakes business internationally (or is part of a group which does), the FSA will have regard to the context in which it operates, including the nature and scope of the regulation to which it is subject in jurisdictions other than the United Kingdom. For a firm with its head office outside the United Kingdom, the regulation in the jurisdiction where the head office is located will be particularly relevant. As part of its supervision of such a firm, the FSA will usually seek to cooperate with relevant overseas regulators, including exchanging information on the firm. Different arrangements apply for an incoming EEA firm, an incoming Treaty firm and a UCITS qualifier. The arrangements applying for an incoming EEA firm and an incoming Treaty firm are addressed in SYSC App 1. For UCITS qualifiers see also COLLG, and CIS 2.3, CIS 16, and CIS 171.

SUP 1.2.3 G

The FSA continues to develop the risk assessment approach set out in this chapter. The approach will not be introduced for all firms at commencement. For those firms where the approach is not introduced at commencement, the FSA continues to operate the risk assessment approach of the firm's previous regulator.

SUP 1.3 The FSA's risk based approach to supervision

Purpose

SUP 1.3.1 G

The purpose of taking a risk-based approach to supervision is to focus the FSA's resources on the mitigation of risks to the regulatory objectives, and to have regard to the need to use the FSA's resources in the most efficient and economic way. The approach to risk assessment of firms is based on the extent to which they pose risks to the FSA meeting the regulatory objectives. This extent encompasses both the impact of such risks were they to crystallise and the probability of their doing so. The probability of risks crystallising depends on the inherent risks run by firms, the environment within which they operate and the internal systems and controls designed to mitigate such risks. This approach permits a matching of the intensity of the FSA's supervisory effort with the degree of risk posed by firms to meeting the regulatory objectives.

Impact and probability assessment

SUP 1.3.2 G

The FSA uses a standard risk assessment process applied consistently across all its activities. It involves assessing the risk posed by the firm against a number of impact and probability factors, both initially and on a continuing basis.

SUP 1.3.3 G

The impact of a firm is assessed by reference to a range of factors derived from the regulatory objectives, including:

  1. (1)

    the degree to which risks related to the firm, were they to materialise, would damage market confidence;

  2. (2)

    the extent to which the firm may pose risks to the achievement of the objective of promoting public understanding;2

    2
  3. (3)

    the extent to which consumers may be adversely affected either directly or indirectly by the firm as a result of prudential failure, misconduct, market malfunction, market manipulation or the need to contribute to the financial reconstitution of compensation schemes;

  4. (4)

    the incidence and materiality of any financial crime which may be perpetrated through or by the firm.

SUP 1.3.4 G

The probability of a firm posing a risk to meeting the regulatory objectives is, where applicable, assessed in terms of "risk groups". These are discrete sources of risks to meeting the regulatory objectives which arise from:

  1. (1)

    the firm's strategy;

  2. (2)

    the firm's business risk: those risks (such as credit, market and operational risk) which are inherent in the business;

  3. (3)

    the financial soundness of the firm;

  4. (4)

    the nature of the firm's customers and the products and services it offers;

  5. (5)

    the internal systems and controls and the compliance culture of the firm; and

  6. (6)

    the organisation of the firm and the role played by its governing body, management and staff in effectively mitigating risk.

SUP 1.3.5 G

The impact and probability assessments are combined to give an overall judgment as to the firm's priority for the FSA and therefore the nature of the relationship which the FSA will seek to have with the firm (see 'A new regulator for the new millennium' and 'Building the new regulator, Progress report 1').

SUP 1.3.6 G

In addition to assessing the firm in terms of these impact and probability factors, the FSA takes into account three further factors which may affect the choice of supervisory approach and activities:

  1. (1)

    the level of confidence in the information on which the risk assessment is based;

  2. (2)

    the quality of the home regulatory regime (for firms with their head office overseas); and

  3. (3)

    any anticipated material change in impact and probability factors.

The scope of the risk assessment process for firms

SUP 1.3.7 G

The risk assessment process applies to all firms, although the detail required may vary from firm to firm. Firms judged as high impact are likely to require a more detailed assessment. A peer review process within the FSA assists consistency.

SUP 1.3.8 G

The main steps in the risk assessment process are:

  1. (1)

    preliminary assessment of a firm's potential impact on the regulatory objectives;

  2. (2)

    probability assessment - the level of detail depends on the impact rating and the complexity of the firm (in the case of low impact firms, the firm-specific probability analysis will be minimal);

  3. (3)

    for a sample of firms, validation panel for peer review of risk grading and resource allocation;

  4. (4)

    letter to firm regarding risk assessment and any remedial actions (see SUP 1.3.10 G); and

  5. (5)

    continuing review of risk assessment as necessary.

SUP 1.3.9 G

In order to create incentives for firms to raise standards and to maximise the success of the FSA's supervisory arrangements, it is important that a firm understands the FSA's evaluation of its risk so that it can take appropriate action.

SUP 1.3.10 G

The FSA intends to communicate the outcomes of its risk assessment to the firm. In the case of firms in which risks have been identified which could have a material bearing on the FSA meeting the regulatory objectives, the FSA will also outline a programme intended to address these. The FSA considers that it would generally be inappropriate for the firm to disclose the FSA risk assessment to third parties, except those who have a right to be aware of it, for example external auditors. The assessment is directed towards a very specific purpose - to illustrate the risk posed by the firm to the regulatory objectives and to enable the FSA to allocate its resources accordingly. Using it for any other purpose might well be misleading. The FSA therefore discourages firms from disclosing their assessments.

The nature of the FSA's relationship with firms

SUP 1.3.11 G

The FSA's relationship with firms has five main elements:

  1. (1)

    Determining satisfaction of the threshold conditions: in order to carry on regulated activities, a firm must demonstrate that it can satisfy, initially and on a continuing basis, the threshold conditions (see COND) (for example, the need to maintain adequate resources).

  2. (2)

    Baseline monitoring which is designed to ensure that firms comply, on a continuing basis, with the regulatory requirements which apply to them (see SUP 1.1.2 G): the FSA collects and analyses data supplied by firms (see for example SUP 16) and by third parties such as the Financial Ombudsman Service Limited, consumers, and by other regulators.

  3. (3)

    Sectoral reviews and thematic work which will be used, for example, to validate information provided by a firm and to collect up to date information on a particular sector, in order to assess whether a firm meets required standards: thematic work is carried out to assess the risks posed by a particular issue (rather than by a sector or group of firms). The issues selected for such work are likely to be broader and proportionately more significant to the FSA's regulatory objectives.

  4. (4)

    Programmes designed to mitigate specific risks in individual firms these programmes depend on the firm's priority for the FSA (see SUP 1.3.5 G).

  5. (5)

    Work undertaken after particular risks have escalated or crystallised: once the FSA has identified an issue, it will need to use its regulatory judgment to determine how it should respond, if at all.

SUP 1.3.12 G

The exact mixture of elements will thus vary with the firm's risk categorisation. Moreover, the elements being used at a particular time will depend on the firm's circumstances - for example, whether it is applying for permission to conduct other regulated activities, or is being investigated by the FSA.

SUP 1.4 Tools of supervision

SUP 1.4.1 G

In order to meet the regulatory objectives and address identified risks to those objectives, the FSA has a range of supervisory tools available to it.

SUP 1.4.2 G

The FSA classifies these tools under four headings:

  1. (1)

    diagnostic: designed to identify, assess and measure risks;

  2. (2)

    monitoring: to track the development of identified risks, wherever these arise;

  3. (3)

    preventative: to limit or reduce identified risks and so prevent them crystallising or increasing; and

  4. (4)

    remedial: to respond to risks when they have crystallised.

SUP 1.4.3 G

Tools may serve more than one purpose. For example, supervisory powers can be used to address risks which have materialised or to assist in preventing risks from escalating. In the first instance they are remedial, in the second, preventative.

SUP 1.4.4 G

Certain of these tools, for example the use of public statements to deliver messages to firms or consumers of financial services, do not involve the FSA in direct oversight of the business of firms. Other tools do involve a direct relationship with firms. The FSA also has powers to act on its own initiative to impose individual requirements on a firm (see SUP 7).

SUP 1.4.5 G

The FSA uses a variety of tools to monitor whether a firm, once authorised, remains in compliance with regulatory requirements. These tools include:

  1. (1)

    desk-based reviews;

  2. (2)

    liaison with other agencies or regulators;

  3. (3)

    meetings with management and other representatives of a firm;

  4. (4)

    on-site inspections;

  5. (5)

    reviews and analysis of periodic returns and notifications;

  6. (6)

    reviews of past business;

  7. (7)

    transaction monitoring;

  8. (8)

    use of auditors;

  9. (9)

    use of skilled persons.

SUP 1.4.6 G

The FSA also uses a variety of tools to address specific risks identified in firms. These tools include:

  1. (1)

    making recommendations for preventative or remedial action;

  2. (2)

    giving other individual guidance to a firm;

  3. (3)

    imposing individual requirements;

  4. (4)

    varying a firm's permission in another way.

SUP 1.4.7 G

For further discussion of the FSA's regulatory approach, see publications on the FSA website (www.fsa.gov.uk): in particular, 'A new regulator for the new millennium' and 'Building the new regulator, Progress report 1'.

SUP 1.5 Lead supervision

Application

SUP 1.5.1 G

This section applies to a firm which is a member of a group with more than one supervisory contact at the FSA.

Purpose

SUP 1.5.2 G

The FSA has developed arrangements for lead supervision in order to achieve more efficient and more effective supervision of firms and their groups. Lead supervision is designed to deliver a coordinated approach to the supervision of groups with more than one supervisory contact at the FSA, assisting the FSA to monitor them effectively and respond to the risks that arise.

Process

SUP 1.5.3 G

The FSA appoints a lead supervisor for a group with more than one supervisory contact at the FSA. The choice of lead supervisor depends principally on the predominant business of the group.

SUP 1.5.4 G

The lead supervisor has three key responsibilities:

  1. (1)

    to produce an overall assessment of the group: this comprises an assessment of the strengths and weaknesses of the business of the group and each of the firms within a group and a risk assessment of the group as a whole;

  2. (2)

    to coordinate the supervision programme: based on the overall assessment, the coordinated supervision programme is a single, risk-based supervision plan for the whole group for a specified period; and

  3. (3)

    to act as the central point of contact for the group with the FSA, where the group decides to use the lead supervisor in this way; this removes the need for duplicate communication between the FSA and firms in groups on group-wide issues.