You are viewing the version of the document as on 2024-12-23.

SYSC 3.1 Systems and controls10

SYSC 3.1.1 R RP

A firm must take reasonable care to establish and maintain such systems and controls as are appropriate to its business.

SYSC 3.1.1A R

[deleted]1

1
SYSC 3.1.2 G RP
  1. (1)

    The nature and extent of the systems and controls which a firm will need to maintain under SYSC 3.1.1 R will depend upon a variety of factors including:

    1. (a)

      the nature, scale and complexity of its business;

    2. (b)

      the diversity of its operations, including geographical diversity;

    3. (c)

      the volume and size of its transactions; and

    4. (d)

      the degree of risk associated with each area of its operation.

  2. (2)

    To enable it to comply with its obligation to maintain appropriate systems and controls, a firm should carry out a regular review of them.

  3. (3)

    The areas typically covered by the systems and controls referred to in SYSC 3.1.1 R are those identified in SYSC 3.2. Detailed requirements regarding systems and controls relevant to particular business areas or particular types of firm are covered elsewhere in the Handbook.

SYSC 3.1.2A G RP

5 Firms should also consider the additional guidance on risk-centric governance arrangements for effective risk management contained in SYSC 21.

SYSC 3.1.3 G RP

Where the UK Corporate Governance Code4 is relevant to a firm, the appropriate regulator, in considering whether the firm's obligations under SYSC 3.1.1 R have been met, will give it due credit for following corresponding provisions in the code4 and related guidance.

4 4
SYSC 3.1.4 G RP

A firm has specific responsibilities regarding its appointed representatives or, where applicable, its tied agents3 (see SUP 12).

SYSC 3.1.5 G RP

SYSC 2.1.3 R (2) prescribes how a firm must allocate the function of overseeing the establishment and maintenance of systems and controls described in SYSC 3.1.1 R.

9Competent employees rule

SYSC 3.1.6 R RP

2A firm9must employ personnel with the skills, knowledge and expertise necessary for the discharge of the responsibilities allocated to them.

SYSC 3.1.7 R RP

2When complying with the competent employees rules, a firm must take into account the nature, scale and complexity of its business and the nature and range of financial services and activities undertaken in the course of that business.

SYSC 3.1.7A G

9 SYSC 28 contains rules and guidance relating to the minimum knowledge and competence requirements in relation to insurance distribution activities undertaken by a firm.

SYSC 3.1.8 G RP

2The Training and Competence sourcebook (TC) contains additional rules and guidance relating to specified retail activities undertaken by a firm.

SYSC 3.1.9 G RP

2 Firms which are carrying on activities that are not subject to TC may nevertheless wish to take TC into account in complying with the competence requirements in SYSC.

6
SYSC 3.1.10 G RP

2If a firm requires employees who are not subject to a qualification 7 requirement in TC7 to pass a relevant examination from the list of appropriate qualifications 8maintained by the FCA8, the appropriate regulator will take that into account when assessing whether the firm has ensured that the employee satisfies the knowledge component of the competent employees rule.

7 8 8 7 8 7 7 8

Insurance distribution activities

SYSC 3.1.11 R

9A firm carrying on insurance distribution activities must approve, implement and regularly review its internal policies and procedures in respect of its obligations under SYSC 28.

[Note: first paragraph of article 10(8) of the IDD]

SYSC 3.1.12 G

9 SYSC 2.1.6AR prescribes how a firm must allocate the function of ensuring the proper implementation of the policies and procedures approved in accordance with SYSC 3.1.11R.

SYSC 3.2 Areas covered by systems and controls

Introduction

SYSC 3.2.1 G RP

This section covers some of the main issues which a firm is expected to consider in establishing and maintaining the systems and controls appropriate to its business, as required by SYSC 3.1.1 R.

Organisation

SYSC 3.2.2 G RP

A firm's reporting lines should be clear and appropriate having regard to the nature, scale and complexity of its business. These reporting lines, together with clear management responsibilities, should be communicated as appropriate within the firm.

SYSC 3.2.3 G RP
  1. (1)

    A firm'sgoverning body is likely to delegate many functions and tasks for the purpose of carrying out its business. When functions or tasks are delegated, either to employees or to appointed representatives or, where applicable, its tied agents8, appropriate safeguards should be put in place.

  2. (2)

    When there is delegation, a firm should assess whether the recipient is suitable to carry out the delegated function or task, taking into account the degree of responsibility involved.

  3. (3)

    The extent and limits of any delegation should be made clear to those concerned.

  4. (4)

    There should be arrangements to supervise delegation, and to monitor the discharge of delegates functions or tasks.

  5. (5)

    If cause for concern arises through supervision and monitoring or otherwise, there should be appropriate follow-up action at an appropriate level of seniority within the firm.

SYSC 3.2.4 G RP
  1. (1)

    The guidance relevant to delegation within the firm is also relevant to external delegation ('outsourcing'). A firm cannot contract out its regulatory obligations. So, for example, under Principle 3 a firm should take reasonable care to supervise the discharge of outsourced functions by its contractor.

  2. (2)

    A firm should take steps to obtain sufficient information from its contractor to enable it to assess the impact of outsourcing on its systems and controls.

SYSC 3.2.5 G RP

Where it is made possible and appropriate by the nature, scale and complexity of its business, a firm should segregate the duties of individuals and departments in such a way as to reduce opportunities for financial crime or contravention of requirements and standards under the regulatory system. For example, the duties of front-office and back-office staff should be segregated so as to prevent a single individual initiating, processing and controlling transactions.

SYSC 3.2.5A R

[deleted]

6
SYSC 3.2.5B G

[deleted]

6

5Systems and controls in relation to compliance, financial crime and money laundering5

SYSC 3.2.6 R RP

A firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime.

SYSC 3.2.6A R RP

5A firm must ensure that these systems and controls:

  1. (1)

    enable it to identify, assess, monitor and manage money laundering risk; and

  2. (2)

    are comprehensive and proportionate to the nature, scale and complexity of its activities.

SYSC 3.2.6B G RP

5"Money laundering risk" is the risk that a firm may be used to further money laundering. Failure by a firm to manage this risk effectively will increase the risk to society of crime and terrorism.

SYSC 3.2.6C R RP

5A firm must carry out regular assessments of the adequacy of these systems and controls to ensure that it continues to comply with SYSC 3.2.6A R.

SYSC 3.2.6D G RP

5A firm may also have separate obligations to comply with relevant legal requirements, including the Terrorism Act 2000, the Proceeds of Crime Act 2002 and the Money Laundering Regulations. SYSC 3.2.6 R to SYSC 3.2.6J G are not relevant for the purposes of regulation 76(6) or 86(2)17 of the Money Laundering Regulations, section 330(8) of the Proceeds of Crime Act 2002 or section 21A(6) of the Terrorism Act 2000.

12 12
SYSC 3.2.6E G RP

5The FCA, when considering whether a breach of its rules on systems and controls against money laundering has occurred, will have regard to whether a firm has followed relevant provisions in the guidance for the UK financial sector issued by the Joint Money Laundering Steering Group.

SYSC 3.2.6F G RP

5In identifying its money laundering risk and in establishing the nature of these systems and controls, a firm should consider a range of factors, including:

  1. (1)

    its customer, product and activity profiles;

  2. (2)

    its distribution channels;

  3. (3)

    the complexity and volume of its transactions;

  4. (4)

    its processes and systems; and

  5. (5)

    its operating environment.

SYSC 3.2.6G G RP

5A firm should ensure that the systems and controls include:

  1. (1)

    appropriate training for its employees in relation to money laundering;

  2. (2)

    appropriate provision of information to its governing body and senior management, including a report at least annually by that firm'smoney laundering reporting officer (MLRO) on the operation and effectiveness of those systems and controls;

  3. (3)

    appropriate documentation of its risk management policies and risk profile in relation to money laundering, including documentation of its application of those policies (see SYSC 3.2.20 R to SYSC 3.2.22 G);

  4. (4)

    appropriate measures to ensure that money laundering risk is taken into account in its day-to-day operation, including in relation to:

    1. (a)

      the development of new products;

    2. (b)

      the taking-on of new customers; and

    3. (c)

      changes in its business profile; and

  5. (5)

    appropriate measures to ensure that procedures for identification of new customers do not unreasonably deny access to its services to potential customers who cannot reasonably be expected to produce detailed evidence of identity.

SYSC 3.2.6H R RP

5A firm must allocate to a director or senior manager (who may also be the money laundering reporting officer) overall responsibility within the firm for the establishment and maintenance of effective anti-money laundering systems and controls.

5The money laundering reporting officer

SYSC 3.2.6I R RP

5A firm must:

  1. (1)

    appoint an individual as MLRO, with responsibility for oversight of its compliance with the FCA'srules on systems and controls against money laundering; and

  2. (2)

    ensure that its MLRO has a level of authority and independence within the firm and access to resources and information sufficient to enable him to carry out that responsibility.

SYSC 3.2.6J G RP

5The job of the MLRO within a firm is to act as the focal point for all activity within the firm relating to anti-money laundering. The FCA expects that a firm'sMLRO will be based in the United Kingdom.

Financial crime guidance

SYSC 3.2.6K G RP

14The FCA provides guidance on steps that a firm can take to reduce the risk that it might be used to further financial crime in FCG (Financial Crime Guide: A firm’s guide to countering financial crime risks) and FCTR (Financial Crime Thematic Reviews)21.

The compliance function5

SYSC 3.2.7 G RP
  1. (1)

    Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to have a separate compliance function. The organisation and responsibilities of a compliance function should be documented. A compliance function should be staffed by an appropriate number of competent staff who are sufficiently independent to perform their duties objectively. It should be adequately resourced and should have unrestricted access to the firm's relevant records as well as ultimate recourse to its governing body.

  2. (2)

    [deleted]5

    5
  3. (3)

    [deleted]5

    35
SYSC 3.2.8 R RP
  1. (1)

    A firm20 must allocate to a director or senior manager the function of:

    8818
    1. (a)

      having responsibility for oversight of the firm's compliance; and

    2. (b)

      reporting to the governing body in respect of that responsibility.1

  2. (2)

    In 10 (1) "compliance" means compliance with the firm’s obligations under the regulatory system in relation to which the FCA has responsibility.20

SYSC 3.2.9 G RP

SUP 10C.6.1R uses SYSC 3.2.8R to describe the controlled function, known as the compliance oversight function, of acting in the capacity of a director or senior manager to whom this function is allocated.20

Conduct risk oversight (Lloyd’s) function

SYSC 3.2.9A R

20In relation to business done at Lloyd’s, the Society must allocate to a director or senior manager the function of having responsibility for overseeing the conduct of business standards required of managing agents for which the Society has responsibility.

Risk assessment

SYSC 3.2.10 G RP
  1. (1)

    Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to have a separate risk assessment function responsible for assessing the risks that the firm faces and advising the governing body and senior managers on them.

  2. (2)

    The organisation and responsibilities of a risk assessment function should be documented. The function should be adequately resourced and staffed by an appropriate number of competent staff who are sufficiently independent to perform their duties objectively.

  3. (3)

    The term 'risk assessment function' refers to the generally understood concept of risk assessment within a firm, that is, the function of setting and controlling risk exposure. The risk assessment function is not an FCA16controlled function itself, but firms it may fall under the PRA chief risk officer controlled function20.

    16913
  4. (4)

    Paragraphs (1) and (3) do not apply to a Solvency II firm and (2) only applies as if the term ‘risk assessment function’ was replaced by ‘risk management function’. 15

  5. (5)

    Solvency II firms are subject to requirements for an effective risk management system in PRA Rulebook: Solvency II firms: Conditions Governing Business 3. 15

  6. (6)

    Also, PRA Rulebook: Solvency II firms: Insurance Senior Management Functions makes the chief risk function a PRA controlled function. The chief risk function is the function of having responsibility for overall management of the risk management system, as specified in PRA Rulebook: Solvency II firms: Conditions Governing Business 3.15

  7. (7)

    The FCA will take the requirements in (5) and (6) into account.15

Management information

SYSC 3.2.11 G
  1. (1)

    [deleted]25

    25
  2. (2)

    [deleted]25

    25
SYSC 3.2.11A G RP
  1. (1)

    25A firm's arrangements should be such as to furnish its governing body with the information it needs to play its part in identifying, measuring, managing and controlling risks of regulatory concern. Three factors will be the relevance, reliability and timeliness of that information.

  2. (2)

    Risks of regulatory concern are those risks which relate to the fair treatment of the firm'scustomers, to the protection of consumers, to effective competition and to the integrity of the UK financial system. Risks which are relevant to the integrity of the UK financial system include risks which relate to its soundness, stability and resilience and to the use of the system in connection with financial crime.

SYSC 3.2.12 G RP

It is the responsibility of the firm to decide what information is required, when, and for whom, so that it can organise and control its activities and can comply with its regulatory obligations. The detail and extent of information required will depend on the nature, scale and complexity of the business.

Employees and agents

SYSC 3.2.13 G RP

A firm's systems and controls should enable it to satisfy itself of the suitability of anyone who acts for it.

SYSC 3.2.14 G RP
  1. (1)

    SYSC 3.2.13 G includes assessing an individual's honesty, and competence. This assessment should normally be made at the point of recruitment. An individual's honesty need not normally be revisited unless something happens to make a fresh look appropriate.

  2. (2)

    Any assessment of an individual's suitability should take into account the level of responsibility that the individual will assume within the firm. The nature of this assessment will generally differ depending upon whether it takes place at the start of the individual's recruitment, at the end of the probationary period (if there is one) or subsequently.

  3. (3)

    [deleted]7

    7
  4. (4)

    The requirements on firms with respect to approved persons are in Part V of the Act (Performance of regulated activities) and SUP 10C20 and the Senior Insurance Management Functions parts of the PRA Rulebook20

    16

Audit committee

SYSC 3.2.15 G RP

Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to form an audit committee. An audit committee could typically examine management's process for ensuring the appropriateness and effectiveness of systems and controls, examine the arrangements made by management to ensure compliance with requirements and standards under the regulatory system, oversee the functioning of the internal audit function (if applicable - see SYSC 3.2.16 G9) and provide an interface between management and the external auditors. It should have an appropriate number of non-executive directors and it should have formal terms of reference.

Internal audit

SYSC 3.2.16 G RP
9
  1. (1)

    Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to delegate much of the task of monitoring the appropriateness and effectiveness of its systems and controls to an internal audit function. An internal audit function should have clear responsibilities and reporting lines to an audit committee or appropriate senior manager, be adequately resourced and staffed by competent individuals, be independent of the day-to-day activities of the firm and have appropriate access to a firm's records.9

  2. (2)

    The term 'internal audit function' refers to the generally understood concept of internal audit within a firm, that is, the function of assessing adherence to and the effectiveness of internal systems and controls, procedures and policies. The internal audit function is not an FCA16controlled function itself, but for certain firms16 it may fall under the PRA chief risk officer controlled function20.

    913
  3. (3)

    Paragraph (1) does not apply to Solvency II firms. 15

  4. (4)

    Solvency II firms are subject to a requirement in PRA Rulebook: Solvency II firms: Conditions Governing Business, rule 5 to have an effective internal audit function.15

  5. (5)

    Also, the PRA Rulebook: Solvency II firms: Insurance Senior Management Functions makes the chief internal audit function a PRA controlled function. The chief internal audit function is the function of having responsibility for management of the internal audit function specified in PRA Rulebook: Solvency II firms: Conditions Governing Business, rule 5.15

  6. (6)

    The FCA will take the requirements in (4) and (5) into account.15

Business strategy

SYSC 3.2.17 G RP

A firm should plan its business appropriately so that it is able to identify, measure, manage and control risks of regulatory concern (see SYSC 3.2.11 G (2)). In some firms, depending on the nature, scale and complexity of their business, it may be appropriate to have business plans or strategy plans documented and updated on a regular basis to take account of changes in the business environment.

Remuneration policies

SYSC 3.2.18 G RP

It is possible that firms' remuneration policies will from time to time lead to tensions between the ability of the firm to meet the requirements and standards under the regulatory system and the personal advantage of those who act for it. Where tensions exist, these should be appropriately managed. See also Solvency II Regulation23(Article 275) and EIOPA Guidelines on system of governance dated 28 January 2015 (EIOPA-BoS-14/253 EN)23 (Guidelines 9 and 10).15

Business continuity

SYSC 3.2.19 G RP

A firm, other than a Solvency II firm,15 should have in place appropriate arrangements, having regard to the nature, scale and complexity of its business, to ensure that it can continue to function and meet its regulatory obligations in the event of unforeseen interruption. These arrangements should be regularly updated and tested to ensure their effectiveness. Solvency II firms are subject to the business continuity requirements in PRA Rulebook: Solvency II firms: Conditions Governing Business, 2.6, and the FCA will take those requirements into account.15

Records

SYSC 3.2.20 R RP
  1. (1)

    A firm must take reasonable care to make and retain adequate records of matters and dealings (including accounting records) which are the subject of requirements and standards under the regulatory system.

  2. (2)

    Subject to (3) and to any other record-keeping rule in the Handbook, the records required by (1) or by such other rule must be capable of being reproduced in the English language on paper.

  3. (3)

    If a firm's records relate to business carried on from an establishment in a country or territory outside the United Kingdom, an official language of that country or territory may be used instead of the English language as required by (2).

SYSC 3.2.21 G RP

A firm should have appropriate systems and controls in place to fulfil the firm's regulatory and statutory obligations with respect to adequacy, access, periods of retention and security of records. The general principle is that records should be retained for as long as is relevant for the purposes for which they are made.

SYSC 3.2.21A G

19 SYSC 28 contains rules and guidance relating to knowledge and competence record keeping requirements in relation to insurance distribution activities undertaken by a firm.

SYSC 3.2.22 G RP

Detailed record-keeping requirements for different types of firm are to be found elsewhere in the Handbook. Schedule 1 to the Handbook is a consolidated schedule of these requirements.

Investment strategy and investment decision making

SYSC 3.2.23 G
  1. (1)

    22This guidance sets out the FCA’s expectation on how a firm may take into account ESG financial considerations and other financial considerations and non-financial matters as part of its investment strategy and investment decision making, to demonstrate compliance with Principles 2, 3, 6 or 8.

  2. (2)

    This guidance only applies where the firm’sinvestment strategy or investment decision could have a material impact on a policyholder’sinvestment returns and relates to a product where:

    1. (a)

      the primary purpose is to provide an investment return; and

    2. (b)

      any investment risk is borne by a policyholder who is a natural person or a relevant policyholder.

  3. (3)

    As part of its investment strategy or investment decision making, a firm should take into account ESG financial considerations and other financial considerations over the period of time that the firm reasonably considers is needed to achieve the investment objective or investment strategy.

  4. (4)

    References to other financial considerations in (3) may include (but are not limited to) interest rate, liquidity, concentration, exchange rate, political and counterparty risks.

  5. (5)

    As part of its investment strategy or investment decision making in relation to a product, a firm may take into account non-financial matters if:

    1. (a)

      the firm has good reason to consider that affected policyholders or relevant policyholders would generally share the views on which the non-financial matters are based; and

    2. (b)

      taking those matters into account would not involve a risk of a significant financial detriment to any affected investment.

  6. (6)

    (5) does not apply to a firm’sinvestment strategy or investment decision making in relation to a product (other than in relation to a relevant scheme or a pathway investment), that has been deliberately designed by the firm to take into account non-financial matters, and policyholders or relevant policyholders make an active decision to select that product.

6
SYSC 3.2.23 R

[deleted]6

6
SYSC 3.2.24 R

[deleted]6

6

Operators of pensions dashboard services: security, integrity and confidentiality

SYSC 3.2.24 R

24A firm carrying on regulated pensions dashboard activity must comply with the requirements set out in SYSC 4.1.5AR, SYSC 4.1.5BR and SYSC 4.1.5CR as if those rules applied to firms to which SYSC 3 applies.

SYSC 3.2.25 R

[deleted]6

6
SYSC 3.2.26 R

[deleted]6

6
SYSC 3.2.27 R

[deleted]6

6
6
SYSC 3.2.28 R

[deleted]6

6
6
SYSC 3.2.29 R

[deleted]6

6
SYSC 3.2.30 R

[deleted]6

6
SYSC 3.2.31 R

[deleted]6

6
SYSC 3.2.32 R

[deleted]6

6
SYSC 3.2.33 R

[deleted]6

6
SYSC 3.2.34 R

[deleted]6

6
SYSC 3.2.35 R

[deleted]6

6
SYSC 3.2.36 R

[deleted]6

6

SYSC 3.3 Additional requirements for insurance distribution

Application

SYSC 3.3.1 R

1 SYSC 3.3 applies to an insurer in the course of it carrying on any insurance distribution activities.

SYSC 3.3.2 G

[deleted]3

1 2 2
SYSC 3.3.3 R

[deleted]3

SYSC 3.3.4 G
1

[deleted]3

Identifying conflicts

SYSC 3.3.5 R

1A firm must take all appropriate steps to identify conflicts of interest that arise between:

  1. (1)

    the firm, including its managers, employees and appointed representatives (or where applicable, tied agents), or any person directly or indirectly linked to it3 by control, and a client of the firm; or

  2. (2)

    one client of the firm and another client.

[Note: article 28(1) of the IDD]

SYSC 3.3.6 R

3For the purposes of identifying, in accordance with SYSC 3.3.5R and SYSC 3.3.13R, the types of conflicts of interest that arise in the course of carrying out any insurance distribution activities related to policies and which entail a risk of damage to the interests of a client, a firm must assess whether it, a relevant person or any person directly or indirectly linked to it by control, has an interest in the outcome of the insurance distribution activities, which meets the following criteria:

  1. (1)

    3it is distinct from the client’s or potential client’s interest in the outcome of the insurance distribution activities;

  2. (2)

    3it has the potential to influence the outcome of the insurance distribution activities to the detriment of the client.

A firm must proceed in the same way for the purposes of identifying conflicts of interest between one client and another.3

SYSC 3.3.7 R

3For the purposes of the assessment in SYSC 3.3.6R, a firm must take into account, by way of minimum criteria, the following situations:

  1. (1)

    3the firm, a relevant person or any person directly or indirectly linked to it by control is likely to make a financial gain, or avoid a financial loss, to the potential detriment of the client;

  2. (2)

    3the firm, a relevant person or any person directly or indirectly linked to it by control has a financial or other incentive to favour the interest of another client or group of clients over the interest of the client;

  3. (3)

    3the firm, a relevant person or any person directly or indirectly linked by control to the firm is substantially involved in the management or development of policies, in particular where such a person has an influence on the pricing of those policies or their distribution costs.

[Note: article 3 of the IDD Regulation]

Managing conflicts

SYSC 3.3.8 R

1A firm must maintain and operate effective organisational and administrative arrangements with a view to taking all reasonable steps designed to prevent conflicts of interest identified under SYSC 3.3.5R from adversely affecting the interests of its clients.

[Note: article 27 of the IDD]

Proportionality

SYSC 3.3.9 R

1The arrangements in SYSC 3.3.8R must be proportionate to the activities performed, the policies sold and the type of insurance distributor the firm is or uses.

[Note: article 27 of the IDD]

Conflicts policy

SYSC 3.3.10 R
  1. (1)

    3For the purposes of SYSC 3.3.8R and SYSC 3.3.9R, a firm must establish, implement and maintain an effective conflicts of interest policy set out in writing and appropriate to its size and organisation and the nature, scale and complexity of its business.

  2. (2)

    3Where the firm is a member of a group, the policy must also take into account any circumstances, of which the firm is or should be aware, which may give rise to a conflict of interest arising as a result of the structure and business activities of other members of the group.

[Note: article 4(1) of the IDD Regulation]

Contents of policy

SYSC 3.3.11 R

3The conflicts of interest policy required in SYSC 3.3.10R must include the following content:

  1. (1)

    3with reference to the specific insurance distribution activities carried out, the circumstances which constitute or may give rise to a conflict of interest entailing a risk of damage to the interests of one or more clients;

  2. (2)

    3procedures to be followed and measures to be adopted in order to manage such conflicts and prevent them from damaging the interests of the client.

[Note: article 4(2) of the IDD Regulation]

SYSC 3.3.12 R
  1. (1)

    3The procedures and measures required in SYSC 3.3.11R(2) must be appropriate to the size and activities of the firm and of the group to which it may belong, and to the risk of damage to the interests of the client.

  2. (2)

    3The procedures to be followed and measures required in SYSC 3.3.11R(2) must include, where appropriate, the following:

    1. (a)

      effective procedures to prevent or control the exchange of information between relevant persons engaged in activities involving a risk of conflict of interest where the exchange of that information may damage the interests of one or more clients;

    2. (b)

      the separate supervision of relevant persons whose principal functions involve carrying out activities on behalf of, or providing services, to clients whose interests may conflict, or who otherwise represent different interests that may conflict, including those of the firm;

    3. (c)

      the removal of any direct link between payments, including remuneration, to relevant persons engaged in one activity and payments, including remuneration, to different relevant persons principally engaged in another activity, where a conflict of interest may arise in relation to those activities;

    4. (d)

      measures to prevent or limit any person from exercising inappropriate influence over the way in which insurance distribution activities are carried out by the firm or its managers or employees or any person directly or indirectly linked to it by control;

    5. (e)

      measures to prevent or control the simultaneous or sequential involvement of a relevant person in separate insurance distribution activities where such involvement may impair the proper management of conflicts of interest;

    6. (f)

      a gifts and benefits policy which determines clearly under which conditions gifts and benefits can be accepted or granted and which steps are to be taken when accepting and granting gifts and benefits.

  3. (3)

    3Where the firm can demonstrate that the measures and procedures referred to in (1) and (2) are not appropriate to ensure that the insurance distribution activities are carried out in accordance with the best interest of the client and are not biased due to conflicting interests of the firm, an insurance intermediary or another client, the firm must adopt adequate alternative measures and procedures for that purpose.

[Note: article 5 of the IDD Regulation]

Disclosure of conflicts

SYSC 3.3.13 R
  1. (1)

    1If arrangements made under SYSC 3.3.8R are not sufficient to ensure, with reasonable confidence, that risks of damage to the interests of a client will be prevented, the firm must:

    1. (a)

      clearly disclose to the client the general nature or sources of the conflicts of interest (or both); and

    2. (b)

      include sufficient detail in the disclosure, taking into account the nature of the client, to enable that client to take an informed decision with respect to the insurance distribution activities in the context of which the conflict of interest arises.

  2. (2)

    The disclosure must be made:

    1. (a)

      in a durable medium; and

    2. (b)

      in good time before the conclusion of the contract of insurance.

[Note: article 28(2) and (3) of the IDD]

SYSC 3.3.14 R
  1. (1)

    3A firm must avoid over-reliance on disclosure to ensure that disclosure to clients, under SYSC 3.3.13R is a measure of last resort that can be used only where the effective organisational and administrative arrangements established by the firm to prevent or manage conflicts of interest in accordance with SYSC 3.3.8R and SYSC 3.3.9R are not sufficient to ensure, with reasonable confidence, that risks of damage to the interests of the client will be prevented.

  2. (2)

    3For the purposes of a disclosure of conflicts of interest a firm must:

    1. (a)

      provide a specific description of the conflict of interest in question;

    2. (b)

      explain the general nature and sources of the conflict of interest;

    3. (c)

      explain the risks to the client that arise as a result of the conflict of interest and the steps undertaken to mitigate those risks;

    4. (d)

      clearly state that the organisational and administrative arrangements established by the firm to prevent or manage the conflict of interest are not sufficient to ensure, with reasonable confidence, that risks of damage to the interests of the client will be prevented.

[Note: article 6 of the IDD Regulation]

Review of conflicts policy

SYSC 3.3.15 R

3For the purposes of SYSC 3.3.8R, a firm must assess and periodically review, on an at least annual basis, the conflicts of interest policy established in accordance with SYSC 3.3.10R and take all appropriate measures to address any deficiencies.

[Note: article 7(1) of the IDD Regulation]

Record keeping

SYSC 3.3.16 R
  1. (1)

    3A firm must keep and regularly update a record of the situations in which a conflict of interest entailing a risk of damage to the interests of a client has arisen or, in the case of an ongoing service or activity may arise.

  2. (2)

    3A firm must ensure its senior management receives on a frequent basis, and at least annually, written reports on the situations referred to in (1).

[Note: article 7(2) of the IDD Regulation]

SYSC 3.3.17 R

1A firm carrying on insurance distribution activities in relation to insurance-based investment products must retain its records relating to:

  1. (1)

    suitability (COBS 9A); and

  2. (2)

    appropriateness (COBS 10A),

for a period of at least five years.

SYSC 3.3.18 G
  1. (1)

    1COBS 9A.4 and COBS 10A.7 (record keeping and retention periods for suitability and appropriateness records) contain record keeping requirements that specify information which should be recorded by firms3 in relation to insurance-based investment products and for how long the records must be retained.

  2. (2)

    For the purposes of SYSC 3.3.17R, a firm will need to consider whether the requirement in COBS 9A.4.3R or COBS 10A.7.2AR3 means that a record needs to be retained for longer than five years.

    22
SYSC 3.3.19 R
  1. (1)

    3The records required under COBS 9A.4 and COBS 10A.7 must be retained in a medium that allows the storage of information in a way accessible for future reference by the FCA.

  2. (2)

    3The FCA must be able to access the records in (1) readily, to reconstitute each element in a clear and accurate manner and to identify easily any changes, corrections or other amendments, and the contents of the records prior to such modifications.

[Note: article 19(4) of the IDD Regulation]

SYSC 3.4 SRD requirements

Application

SYSC 3.4.1 R

1This section applies to:

  1. (a)

    a UK insurer; and

  2. (b)

    a UK pure reinsurer,

doing long-term insurance business.

SYSC 3.4.2 R

The rules in this section apply to the extent that a firm is investing (or has invested), directly or through an SRD asset manager, in shares traded on a regulated market.

SYSC 3.4.3 G

The defined term regulated market has an extended meaning for the purposes of this section. The definition includes certain markets situated outside the United Kingdom2.

Engagement policy and disclosure of information

SYSC 3.4.4 R

A firm must either:

  1. (1)
    1. (a)

      develop and publicly disclose an engagement policy that meets the requirements of SYSC 3.4.5R (an “engagement policy”); and

    2. (b)

      publicly disclose on an annual basis how its engagement policy has been implemented, in a way that meets the requirements of SYSC 3.4.6R; or

  2. (2)

    publicly disclose a clear and reasoned explanation of why it has chosen not to comply with any of the requirements imposed by (1).

[Note: article 3g(1) and (1)(a) of SRD]

SYSC 3.4.5 R

The engagement policy must describe how the firm:

  1. (1)

    integrates shareholder engagement in its investment strategy;

  2. (2)

    monitors investee companies on relevant matters, including:

    1. (a)

      strategy;

    2. (b)

      financial and non-financial performance and risk;

    3. (c)

      capital structure; and

    4. (d)

      social and environmental impact and corporate governance;

  3. (3)

    conducts dialogues with investee companies;

  4. (4)

    exercises voting rights and other rights attached to shares;

  5. (5)

    cooperates with other shareholders;

  6. (6)

    communicates with relevant stakeholders of the investee companies; and

  7. (7)

    manages actual and potential conflicts of interests in relation to the firm’s engagement.

[Note: article 3g(1)(a) of SRD]

SYSC 3.4.6 R
  1. (1)

    The annual disclosure must include a general description of voting behaviour, an explanation of the most significant votes and the use of the services of proxy advisors.

  2. (2)
    1. (a)

      Subject to (b), a firm must publicly disclose how it has cast votes in the general meetings of companies in which it holds shares.

    2. (b)

      A firm is not required to disclose votes that are insignificant due to the subject matter of the vote or the size of the holding in the company.

[Note: article 3g(1)(b) of SRD]

SYSC 3.4.7 R
  1. (1)

    The applicable disclosures or information referred to in SYSC 3.4.4R to SYSC 3.4.6R must be made available free of charge on the firm’s website.

  2. (2)

    Where an SRD asset manager implements the engagement policy, including voting, on behalf of a firm, the firm must make a reference as to where such voting information has been published by the SRD asset manager.

[Note: article 3g(2) of SRD]

Investment strategy and arrangements with SRD asset managers

SYSC 3.4.8 R

A firm must disclose publicly how the main elements of its equity investment strategy are consistent with the profile and duration of its liabilities, in particular long-term liabilities, and how they contribute to the medium- to long-term performance of its assets.

[Note: article 3h(1) of SRD]

SYSC 3.4.9 R
  1. (1)

    Where an SRD asset manager invests on behalf of a firm, whether on a discretionary client-by-client basis or through a collective investment undertaking, the firm must publicly disclose the following information regarding its arrangement with the SRD asset manager:

    1. (a)

      how the arrangement with the SRD asset manager incentivises the SRD asset manager to align its investment strategy and decisions with the profile and duration of the liabilities of the firm, in particular long-term liabilities;

    2. (b)

      how that arrangement incentivises the SRD asset manager to make investment decisions based on assessments of medium- to long-term financial and non-financial performance of the investee company, and to engage with investee companies in order to improve their performance in the medium- to long-term;

    3. (c)

      how the method and time horizon of the evaluation of the SRD asset manager’s performance and the remuneration for asset management services are in line with the profile and duration of the liabilities of the firm, in particular its long-term liabilities, taking into account its absolute long-term performance;

    4. (d)

      how the firm monitors portfolio turnover costs incurred by the SRD asset manager and how it defines and monitors a targeted portfolio turnover or turnover range; and

    5. (e)

      the duration of the arrangement with the SRD asset manager.

  2. (2)

    Where the arrangement with the SRD asset manager does not contain one or more such elements, the firm must give a clear and reasoned explanation why this is the case.

[Note: article 3h(2) of SRD]

SYSC 3.4.10 R

The information referred to in SYSC 3.4.8R and SYSC 3.4.9R must:

  1. (1)

    be made available, free of charge, on the firm’s website; and

  2. (2)

    be updated annually, unless there is no material change.

[Note: article 3h(3), first paragraph of SRD]