SYSC 12.1 Application

SYSC 12.1.1RRP

1Subject to SYSC 12.1.2 R to SYSC 12.1.4 R, this section applies to each of the following which is a member of a group:

  1. (1)

    a firm that falls into any one or more of the following categories:

    1. (a)

      an investment firm that is not a designated investment firm18;

      15
    2. (b)

      [deleted]8

      8
    3. (c)

      an insurer;

    4. (ca)

      a UK ISPV;16

    5. (d)

      [deleted]18

    6. (e)

      a UK parent entity of an investment firm group that is subject to prudential consolidation under MIFIDPRU 2.5 or to the group capital test under MIFIDPRU 2.6; and18

      151715
    7. (f)

      a firm subject to the rules in IPRU(INV) Chapter 14.

  2. (2)

    a UCITS firm, but only if its group contains a firm falling into (1); and

  3. (3)

    the Society.

SYSC 12.1.2RRP

Except as set out in SYSC 12.1.4 R, this section applies with respect to different types of group as follows:

  1. (1)

    SYSC 12.1.8 R and SYSC 12.1.10 R apply with respect to all groups, including 17financial conglomerates and groups dealt with in SYSC 12.1.13 R to 12SYSC 12.1.15 R12;

    1919
  2. (2)

    the additional requirements set out in SYSC 12.1.11 R and SYSC 12.1.12 R only apply with respect to a financial conglomerate of which notification has been made that it has been identified as a financial conglomerate as contemplated by regulation 2 of the Financial Groups Directive Regulations; and17

    1919
  3. (3)

    the additional requirements set out in SYSC 12.1.13 R to 12SYSC 12.1.15 R12 only apply with respect to groups of the kind dealt with by whichever of those rules apply.

SYSC 12.1.3RRP

This section does not apply toan ICVC.17

SYSC 12.1.4RRP
  1. (1)

    This rule applies in respect of the following rules:

    1. (a)

      SYSC 12.1.8R (2);

    2. (b)

      SYSC 12.1.10R (1), so far as it relates to SYSC 12.1.8R (2);

    3. (c)

      SYSC 12.1.10R (2); and

    4. (d)

      SYSC 12.1.11 R to SYSC 12.1.15 R.

  2. (2)

    The rules referred to in (1):

    1. (a)

      only apply with respect to a financial conglomerate if it is a financial conglomerate of which notification has been made that it has been identified as a financial conglomerate as contemplated by regulation 2 of the Financial Groups Directive Regulations17;19

      19
    2. (b)

      [deleted]17

    3. (c)

      (so far as they apply with respect to a financial conglomerate) do not apply to a firm with respect to a financial conglomerate of which it is a member if the interest of the financial conglomerate in that firm is no more than a participation;

    4. (d)

      (so far as they apply with respect to other groups) do not apply to a firm with respect to a group of which it is a member if the only relationship of the kind set out in paragraph (3) of the definition of group between it and the other members of the group is nothing more than a participation; and

    5. (e)

      do not apply with respect to a third-country group.

SYSC 12.1.5GRP

For the purpose of this section, a group is defined in the Glossary, and includes the whole of a firm's group, including financial and non-financial undertakings. It also covers undertakings with other links to group members if their omission from the scope of group risk systems and controls would be misleading. The scope of the group systems and controls requirements may therefore differ from the scope of the quantitative requirements for groups.

Purpose

SYSC 12.1.6GRP

The purpose of this chapter is to set out how the systems and control requirements imposed by SYSC (Senior Management Arrangements, Systems and Controls) apply where a firm is part of a group. If a firm is a member of a group, it should be able to assess the potential impact of risks arising from other parts of its group as well as from its own activities.

SYSC 12.1.7GRP

[deleted]17

12121512

General rules

SYSC 12.1.8RRP

A firm must:

  1. (1)

    have adequate, sound and appropriate risk management processes and internal control mechanisms for the purpose of assessing and managing its own exposure to group risk, including sound administrative and accounting procedures; and

  2. (2)

    ensure that its group has adequate, sound and appropriate risk management processes and internal control mechanisms at the level of the group, including sound administrative and accounting procedures.

SYSC 12.1.9GRP

For the purposes of SYSC 12.1.8 R, the question of whether the risk management processes and internal control mechanisms are adequate, sound and appropriate should be judged in the light of the nature, scale and complexity of the group's business and of the risks that the group bears. 18

141212144
SYSC 12.1.10RRP

The internal control mechanisms referred to in SYSC 12.1.8 R must include:

  1. (1)

    mechanisms that are adequate for the purpose of producing any data and information which would be relevant for the purpose of monitoring compliance with any prudential requirements (including any reporting requirements and any requirements relating to capital adequacy, solvency, systems and controls and large exposures):

    1. (a)

      to which the firm is subject with respect to its membership of a group; or

    2. (b)

      that apply to or with respect to that group or part of it; and

  2. (2)

    mechanisms that are adequate to monitor funding within the group.

SYSC 12.1.10AGRP

12SYSC 1.1A.2 G sets out the general principle that the FCA will apply provisions to the extent of its powers and regulatory responsibilities. SYSC 12.1.10 R will, therefore, have limited application to a Solvency II firm.

Financial conglomerates

SYSC 12.1.11RRP

Where this section applies with respect to a financial conglomerate, the risk management processes referred to in SYSC 12.1.8R (2) or, for a Solvency II firm, the risk management system referred to in the PRA Rulebook: Solvency II firms: Conditions Governing Business, rule 3,12 must include:

  1. (1)

    sound governance and management processes, which must include the approval and periodic review by the appropriate managing bodies within the financial conglomerate of the strategies and policies of the financial conglomerate in respect of all the risks assumed by the financial conglomerate, such review and approval being carried out at the level of the financial conglomerate;

  2. (2)

    adequate capital adequacy policies at the level of the financial conglomerate, one of the purposes of which must be to anticipate the impact of the business strategy of the financial conglomerate on its risk profile and on the capital adequacy requirements to which it and its members are subject;

  3. (3)

    adequate procedures for the purpose of ensuring that the risk monitoring systems of the financial conglomerate and its members are well integrated into their organisation;

    9
  4. (4)

    adequate procedures for the purpose of ensuring that the systems and controls of the members of the financial conglomerate are consistent and that the risks can be measured, monitored and controlled at the level of the financial conglomerate; and7

    7
  5. (5)

    arrangements in place to contribute to and develop, if required, adequate recovery and resolution arrangements and plans; a firm must update these9 arrangements regularly.7

    9

[Note: article 9(2) of the Financial Groups Directive]7

SYSC 12.1.12RRP

Where this section applies with respect to a financial conglomerate, the internal control mechanisms referred to in SYSC 12.1.8R (2) or, for a Solvency II firm, the internal control system referred to in the PRA Rulebook: Solvency II firms: Conditions Governing Business, rule 3,12 must include:

  1. (1)

    mechanisms that are adequate to identify and measure all material risks incurred by members of the financial conglomerate and appropriately relate capital in the financial conglomerate to risks; and

  2. (2)

    sound reporting and accounting procedures for the purpose of identifying, measuring, monitoring and controlling intra-group transactions and risk concentrations.

CRR firms and non-CRR firms that are parent financial holding companies in the United Kingdom or UK parent financial holding companies10

SYSC 12.1.13RRP

If this rule applies under SYSC 12.1.14 R to a firm, the firm must:

  1. (1)

    comply with SYSC 12.1.8R (2) in relation to any UK consolidation group 18of which it is a member, as well as in relation to its group; and

    17
  2. (2)

    ensure that the risk management processes and internal control mechanisms at the level of any consolidation group 18of which it is a member comply with the obligations set out in the following provisions on a consolidated (or sub-consolidated) basis:

    17
    1. (a)

      SYSC 4.1.1 R and SYSC 4.1.2 R1;

      1
    2. (b)

      SYSC 4.1.7 R1;

      1
    3. (bA)

      SYSC 4.3A;10

    4. (c)

      SYSC 5.1.7 R1;

      1
    5. (d)

      SYSC 7;1

      1
    6. (dA)

      the dual-regulated firms Remuneration Code, if18 18applicable;13

      6
    7. (e)

      [deleted]18

      1351010510
    8. (f)

      [deleted];10

      110
    9. (g)

      [deleted];10

      110
    10. (h)

      [deleted];10

      10

    [Note: article 109(2) of CRD10]

    10
  3. (3)

    10ensure that compliance with the obligations in (2) enables the consolidation group 18to have arrangements, processes and mechanisms that are consistent and well integrated and that any data relevant to the purpose of supervision can be produced.

    [Note: article 109(2) of CRD]

    17
SYSC 12.1.14RRP

SYSC 12.1.13 R applies to a firm that is:

  1. (1)

    [deleted]8

    8
  2. (2)

    a CRR firm;10 or

    10
  3. (3)

    anon-CRR firm10 that is a parent financial holding company in the United Kingdom or a UK parent financial holding company17.

    10
SYSC 12.1.15RRP

In the case of a firm that:

  1. (1)

    is aCRR firm; and

    810
  2. (2)

    has a mixed-activity holding company as a parent undertaking;

the risk management processes and internal control mechanisms referred to in SYSC 12.1.8 R must include sound reporting and accounting procedures and other mechanisms that are adequate to identify, measure, monitor and control transactions between the firm's parent undertaking mixed-activity holding company and any of the mixed-activity holding company's subsidiary undertakings.

SYSC 12.1.15ARRP

[deleted]18

11

Nature and extent of requirements and allocation of responsibilities within the group

SYSC 12.1.18GRP

Assessment of the adequacy of a group's systems and controls required by this section will form part of the FCA’s14 risk management process.

SYSC 12.1.19GRP

The nature and extent of the systems and controls necessary under SYSC 12.1.8R (1) to address group risk will vary according to the materiality of those risks to the firm and the position of the firm within the group.

SYSC 12.1.20GRP

In some cases the management of the systems and controls used to address the risks described in SYSC 12.1.8R (1) may be organised on a group-wide basis. If the firm is not carrying out those functions itself, it should delegate them to the group members that are carrying them out. However, this does not relieve the firm of responsibility for complying with its obligations under SYSC 12.1.8R (1). A firm cannot absolve itself of such a responsibility by claiming that any breach of that rule is caused by the actions of another member of the group to whom the firm has delegated tasks. The risk management arrangements are still those of the firm, even though personnel elsewhere in the firm's group are carrying out these functions on its behalf.

SYSC 12.1.21GRP

SYSC 12.1.8R (1) deals with the systems and controls that a firm should have in respect of the exposure it has to the rest of the group. On the other hand, the purpose of SYSC 12.1.8R (2) and the rules in this section that amplify it is to require groups to have adequate systems and controls. However a group is not a single legal entity on which obligations can be imposed. Therefore the obligations have to be placed on individual firms. The purpose of imposing the obligations on each firm in the group is to make sure that the FCA14 can take supervisory action against any firm in a group whose systems and controls do not meet the standards in this section. Thus responsibility for compliance with the rules for group systems and controls is a joint one.

SYSC 12.1.22GRP

If both a firm and its parent undertaking are subject to SYSC 12.1.8R (2), the FCA14 would not expect systems and controls to be duplicated. In this case, the firm should assess whether and to what extent it can rely on its parent's group risk systems and controls.