SUP 10A.8 Systems and controls functions
Systems and controls function (CF28)
The systems and controls function is the function of acting in the capacity of an employee of the firm with responsibility for reporting to the governing body of a firm, or the audit committee (or its equivalent) in relation to:
- (1)
its financial affairs;
- (2)
setting and controlling its risk exposure (see SYSC 3.2.10G, SYSC 7.1.6R, article 23(2) of the MiFID Org Regulation and article 23(2) of the MiFID Org Regulation (as applied in accordance with SYSC 1 Annex 1 2.8AR, SYSC 1 Annex 1 3.2-AR, SYSC 1 Annex 1 3.2-BR, SYSC 1 Annex 1 3.2CR and SYSC 1 Annex 1 3.3R)); and3
- (3)
adherence to internal systems and controls, procedures and policies (see SYSC 3.2.16 G, SYSC 6.2, article 24 of the MiFID Org Regulation and article 24 of the MiFID Org Regulation (as applied in accordance with SYSC 1 Annex 1 2.8AR, SYSC 1 Annex 1 3.2-AR, SYSC 1 Annex 1 3.2-BR, SYSC 1 Annex 1 3.2CR and SYSC 1 Annex 1 3.3R)3).
2For a Solvency II firm which is an insurance special purpose vehicle or a third-country insurance or reinsurance undertaking, the systems and controls function is modified as follows:
- (1)
it does not include any of the activities described in any PRA controlled function if that controlled function applies to the firm;
- (2)
it does not include activities allocated to and carried on by another person who is a PRA approved person; and
- (3)
it only includes that part of the function that relates to compliance with FCA requirements and standards under the regulatory system.
The systems and controls function does not apply in relation to:5
4- (1)
bidding in emissions auctions carried on by a firm that is exempt from MiFID under article 2(1)(j); or5
- (2)
- (1)
The systems and controls function does not apply in relation to a PRA-authorised person. PRA approval is required instead.2
- (2)
The exception is a Solvency II firm which is an insurance special purpose vehicle or a third-country insurance or reinsurance undertaking. For such firms, FCA approval may be required but only to the extent that the activities are not already covered by a PRA controlled function that applies to the firm or are not activities allocated to and carried on by another person who is a PRA approved person.2
- (3)
Also, for firms in (2), the function is expressly limited to that part of the function that relates to compliance with FCA requirements and standards under the regulatory system.2
- (4)
For firms in (2), references in SUP 10A.8.1R to SYSC should also be read as including references to comparable provisions in the PRA Rulebook: Solvency II Firms: Third Country Branches and Solvency II Regulations, as appropriate.2
Where an employee performs the systems and controls function the FCA would expect the firm to ensure that the employee had sufficient expertise and authority to perform that function effectively. A director or senior manager would meet this expectation.
Full scope UK AIFM
1For a full-scope UK AIFM, the requirement to have an employee responsible for reporting to the governing body of the firm or the audit committee for matters in SUP 10A.8.1R (2) and SUP 10A.8.1R (3) is derived from the AIFMD level 2 regulation, which imposes obligations on such firms to have a permanent risk management function and, where appropriate and proportionate for their business, an internal audit function.