Content Options:

Content Options

View Options:

SYSC 4.1 General requirements

[Note: ESMA has also issued guidelines under article 16(3) of the ESMA Regulation covering certain aspects of the MiFID compliance function requirements. See http://www.esma.europa.eu/content/Guidelines-certain-aspects-MiFID-compliance-function-requirements.]
SYSC 4.1.1 R RP
3
  1. (1)

    A firm must have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.8

  2. (2)

    8A BIPRU firm and a third country BIPRU firm must comply with the Remuneration Code.

[Note: article 22(1) of the Banking Consolidation Directive, article 13(5) second paragraph of MiFID and article 12(1)(a) of the UCITS Directive]10

SYSC 4.1.2 R RP

For a common platform firm, the 3 arrangements, processes and mechanisms referred to in SYSC 4.1.1 R must be comprehensive and proportionate to the nature, scale and complexity ofSYSC 4.1.7 R, SYSC 5.1.7 R ,8SYSC 7 and (for a BIPRU firm and a third country BIPRU firm)SYSC 19A.8

3

[Note: article 22(2) of the Banking Consolidation Directive]

SYSC 4.1.2A G RP

3Other firms should take account of the comprehensiveness and proportionality rule (SYSC 4.1.2 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G5.9

SYSC 4.1.2B R RP

10For a management company, the arrangements, processes and mechanisms referred to in SYSC 4.1.1 R must also take account of the UCITS schemes and EEA UCITS schemes managed by the management company.

[Note: article 12(1) second paragraph of the UCITS Directive]

Resources for management companies

SYSC 4.1.2C R RP

10A management company must have, and employ effectively, the resources and procedures that are necessary for the proper performance of its business activities.

[Note: articles 12(1)(a) and 14(1)(c) of the UCITS Directive]

Mechanisms and procedures for a BIPRU firm10

SYSC 4.1.3 R

A BIPRU firm must ensure that its internal control mechanisms and administrative and accounting procedures permit the verification of its compliance with rules adopted in accordance with the Capital Adequacy Directive at all times.

[Note: article 35(1) final sentence of the Capital Adequacy Directive]

SYSC 4.1.4 R RP

A firm (with the exception of a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements))3 must, taking into account the nature, scale and complexity of the business of the firm, and the nature and range of the financial services and activities 3undertaken in the course of that business:

3 10
  1. (1)

    (if it is a common platform firm or a management company)10 establish, implement and maintain decision-making procedures and an organisational structure which clearly and in a documented manner specifies reporting lines and allocates functions and responsibilities;

    3
  2. (2)

    establish, implement and maintain adequate internal control mechanisms designed to secure compliance with decisions and procedures at all levels of the firm;

    10
  3. (3)

    (if it is a common platform firm) 3establish, implement and maintain effective internal reporting and communication of information at all relevant levels of the firm; and10

  4. (4)

    10(if it is a management company) establish, implement and maintain effective internal reporting and communication of information at all relevant levels of the management company as well as effective information flows with any third party involved.

[Note: articles 5(1) final paragraph, 5(1)(a), 5(1)(c) and 5(1)(e) of the MiFID implementing Directive and articles 4(1) final paragraph, 4(1)(a), 4(1)(c) and 4(1)(d) of the UCITS implementing Directive]10

SYSC 4.1.4A G RP

3A firm that is not a common platform firm or a management company10 should take into account the decision-making procedures and effective internal reporting rules (SYSC 4.1.4R (1),10(3) and (4))10 as if they were guidance (and as if "should" appeared in those rules instead of "must") as explained in SYSC 1 Annex 1.3.3 G5.

SYSC 4.1.5 R RP

A MiFID investment firm and a management company10 must establish, implement and maintain systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question.

[Note:

article 5(2) of the MiFID implementing Directive and article 4(2) of the UCITS implementing Directive]10

Business continuity

SYSC 4.1.6 R RP

A common platform firm must take reasonable steps to ensure continuity and regularity in the performance of its regulated activities. To this end the common platform firm3 must employ appropriate and proportionate systems, resources and procedures.

[Note: article

13(4) of MiFID]

SYSC 4.1.7 R RP

A common platform firm and a management company10 must establish, implement and maintain an adequate business continuity policy aimed at ensuring, in the case of an interruption to its systems and procedures, that any losses are limited, the preservation of essential data and functions, and the maintenance of its regulated activities, or, in the case of a management company, its collective portfolio management activities,10 or, where that is not possible, the timely recovery of such data and functions and the timely resumption of those activities.10

[Note:

article 5(3) of the MiFID implementing Directive,10 annex V paragraph 13 of the Banking Consolidation Directive and article 4(3) of the UCITS implementing Directive]10

10 10
SYSC 4.1.7A G RP

3Other firms should take account of the business continuity rules (SYSC 4.1.6 R and 4.1.7 R) as if they were guidance (and as if "should" appeared in those rules instead of "must") as explained in SYSC 1 Annex 1.3.3 G5.

SYSC 4.1.8 G RP

The matters dealt with in a business continuity policy should include:

  1. (1)

    resource requirements such as people, systems and other assets, and arrangements for obtaining these resources;

  2. (2)

    the recovery priorities for the firm's operations;

  3. (3)

    communication arrangements for internal and external concerned parties (including the appropriate regulator, clients and the press);

  4. (4)

    escalation and invocation plans that outline the processes for implementing the business continuity plans, together with relevant contact information;

  5. (5)

    processes to validate the integrity of information affected by the disruption; and

  6. (6)

    regular testing of the business continuity policy in an appropriate and proportionate manner in accordance with SYSC 4.1.10 R.

SYSC 4.1.8A R RP

An operator of an electronic system in relation to lending must take reasonable steps to ensure that arrangements are in place to ensure that P2P agreements facilitated by it will continue to be managed and administered, in accordance with the contract terms, if at any time it ceases to carry on the activity of operating an electronic system in relation to lending.

Accounting policies

SYSC 4.1.9 R RP

A common platform firm and a management company10 must establish, implement and maintain accounting policies and procedures that enable it, at the request of the appropriate regulator, to deliver in a timely manner to the appropriate regulator financial reports which reflect a true and fair view of its financial position and which comply with all applicable accounting standards and rules.

[Note:

article 5(4) of the MiFID implementing Directive and article 4(4) of the UCITS implementing Directive]10

Regular monitoring

SYSC 4.1.10 R RP

A common platform firm and a management company10 must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with SYSC 4.1.4 R to SYSC 4.1.9 R and take appropriate measures to address any deficiencies.

[Note:

article 5(5) of the MiFID implementing Directive and article 4(5) of the UCITS implementing Directive]10

SYSC 4.1.10A G RP

3Other firms should take account of the regular monitoring rule (SYSC 4.1.10 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G5, but ignoring the cross-reference to SYSC 4.1.5 R and 4.1.9 R.

Audit committee

SYSC 4.1.11 G RP

Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to form an audit committee. An audit committee could typically examine management's process for ensuring the appropriateness and effectiveness of systems and controls, examine the arrangements made by management to ensure compliance with requirements and standards under the regulatory system, oversee the functioning of the internal audit function (if applicable) and provide an interface between management and external auditors. It should have an appropriate number of non-executive directors and it should have formal terms of reference.

SYSC 4.1.12 G

[deleted]8

8
6

Risk control: additional guidance

SYSC 4.1.13 G RP

7 Firms should also consider the additional guidance on risk-centric governance arrangements for effective risk management contained in SYSC 21.

Apportionment of responsibilities: the role of the non-executive director

SYSC 4.1.14 G RP

7The role undertaken by a non-executive director will vary from one firm to another. Where a non-executive director is an approved person, for example where the firm is a body corporate, his responsibility and therefore liability will be limited by the role that he undertakes.

SYSC 4.2 Persons who effectively direct the business

SYSC 4.2.1 R RP

The senior personnel of a common platform firm, a management company3, or of the UK branch of a non-EEA bank1must be of sufficiently good repute and sufficiently experienced as to ensure the sound and prudent management of the firm.

[Note: article 9

(1) of MiFID, article 7(1)(b) of the UCITS Directive3 and article 11(1) second paragraph of the Banking Consolidation Directive ]

SYSC 4.2.1A G RP

1Other firms should take account of the senior personnel rule (SYSC 4.2.1 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G2.

SYSC 4.2.2 R RP

A common platform firm, a management company3 and the UK branch of a non-EEA bank1must ensure that its management is undertaken by at least two persons meeting the requirements laid down in SYSC 4.2.1 R

.

[Note: article 9(4) first paragraph of MiFID, article 7(1)(b) of the UCITS Directive3and article 11(1) first paragraph of the Banking Consolidation Directive]

SYSC 4.2.3 G RP

In the case of a body corporate, the persons referred to in SYSC 4.2.2 R should either be executive directors or persons granted executive powers by, and reporting immediately to, the governing body. In the case of a partnership, they should be active partners.

SYSC 4.2.4 G RP

At least two independent minds should be applied to both the formulation and implementation of the policies of a common platform firm, a management company3 and the UK branch of a non-EEA bank1. Where such1 a firm1 nominates just two individuals to direct its business, the appropriate regulator will not regard them as both effectively directing the business where one of them makes some, albeit significant, decisions relating to only a few aspects of the business. Each should play a part in the decision-making process on all significant decisions. Both should demonstrate the qualities and application to influence strategy, day-to-day policy and its implementation. This does not require their day-to-day involvement in the execution and implementation of policy. It does, however, require involvement in strategy and general direction, as well as knowledge of, and influence on, the way in which strategy is being implemented through day-to-day policy.

1
SYSC 4.2.5 G RP

Where there are more than two individuals directing the business of a common platform firm, a management company3 or the UK branch of a non-EEA bank,1 the appropriate regulator does not regard it as necessary for all of these individuals to be involved in all decisions relating to the determination of strategy and general direction. However, at least two individuals should be involved in all such decisions. Both individuals' judgement should be engaged so that major errors leading to difficulties for the firm are less likely to occur. Similarly, each individual should have sufficient experience and knowledge of the business and the necessary personal qualities and skills to detect and resist any imprudence, dishonesty or other irregularities by the other individual. Where a single individual, whether a chief executive, managing director or otherwise, is particularly dominant in such 1a firm this will raise doubts about whether SYSC 4.2.2 R is met.

SYSC 4.2.6 R RP

If a common platform firm, (other than a credit institution) or the UK branch of a non-EEA bank1, is:

1
  1. (1)

    a natural person; or

  2. (2)

    a legal person managed by a single natural person;

it must have alternative arrangements in place which ensure sound and prudent management of the firm.

[Note: article 9(4) second paragraph of MiFID]

SYSC 4.3 Responsibility of senior personnel

SYSC 4.3.1 R RP

Afirm (with the exception of a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements)),2 when allocating functions internally, must ensure that senior personnel and, where appropriate, the supervisory function, are responsible for ensuring that the firm complies with its obligations under the regulatory system1. In particular, senior personnel and, where appropriate, the supervisory function must assess and periodically review the effectiveness of the policies, arrangements and procedures put in place to comply with the firm's obligations under the regulatory system1 and take appropriate measures to address any deficiencies.

[Note:

article 9(1) of the MiFID implementing Directive and articles 9(1) and 9(3) of the UCITS implementing Directive]4

1 2 1 1
SYSC 4.3.2 R RP

A common platform firm1(with the exception of a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements))2 and a management company,4 must ensure that:2

1
  1. (1)

    its senior personnel receive on a frequent basis, and at least annually, written reports on the matters covered by SYSC 6.1.2 R to SYSC 6.1.5 R, SYSC 6.2.1 R and SYSC 7.1.2 R, SYSC 7.1.3 R and SYSC 7.1.5 R to SYSC 7.1.7 R, indicating in particular whether the appropriate remedial measures have been taken in the event of any deficiencies; and

    2
  2. (2)

    the supervisory function, if any, receives 2on a regular basis written reports on the same matters.

    [Note:

    article 9(2) and article 9(3) of the MiFID implementing Directive and articles 9(4) and 9(6) of the UCITS implementing Directive]4

    2
SYSC 4.3.2A G RP

2Other firms should take account of the written reports rule (SYSC 4.3.2 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G3.

SYSC 4.3.3 G RP

The supervisory function does not include a general meeting of the shareholders of a firm,2 or equivalent bodies, but could involve, for example, a separate supervisory board within a two-tier board structure or the establishment of a non-executive committee of a single-tier board structure.

SYSC 4.3.4 G

[deleted]1

1

SYSC 4.4 Apportionment of responsibilities

Application

SYSC 4.4.1 R

1This section applies to:

  1. (1)

    an authorised professional firm in respect of its non-mainstream regulated activities unless the firm is also conducting other regulated activities and has appointed approved persons to perform the governing functions with equivalent responsibilities for the firm'snon-mainstream regulated activities and other regulated activities;

  2. (2)

    3activities carried on by a firm whose principal purpose is to carry on activities other than regulated activities and which is:3

    1. (a)

      an oil market participant; or3

    2. (b)

      a service company; or3

    3. (c)

      an energy market participant; or3

    4. (d)

      a wholly-owned subsidiary of:3

      1. (i)

        a local authority; or3

      2. (ii)

        a registered social landlord; or3

    5. (e)

      a firm with permission to carry on insurance mediation activity in relation to non-investment insurance contracts but no other regulated activity;3

  3. (3)

    [deleted]3

  4. (4)

    [deleted]3

  5. (5)

    [deleted]3

    1. (a)

      [deleted]3

    2. (b)

      [deleted]3

  6. (6)

    [deleted]3

  7. (7)

    an incoming Treaty firm, an incoming EEA firm or a UCITS qualifier (but only SYSC 4.4.5R (2) applies for these firms); and

  8. (8)

    a sole trader, but only if he employs any person who is required to be approved under section 59 of the Act (Approval for particular arrangements).

SYSC 4.4.1A R RP

[deleted]6

6
SYSC 4.4.2 G RP

This section does not apply to a common platform firm.

Maintaining a clear and appropriate apportionment

SYSC 4.4.3 R RP

A firm must take reasonable care to maintain a clear and appropriate apportionment of significant responsibilities among its directors and senior managers in such a way that:

  1. (1)

    it is clear who has which of those responsibilities; and

  2. (2)

    the business and affairs of the firm can be adequately monitored and controlled by the directors, relevant senior managers and governing body of the firm.

SYSC 4.4.4 G

[deleted]4

4

Allocating functions of apportionment and oversight

SYSC 4.4.5 R RP

A firm must appropriately allocate to one or more individuals, in accordance with the following table, the functions of:

  1. (1)

    dealing with the apportionment of responsibilities under SYSC 4.4.3 R; and

  2. (2)

    overseeing the establishment and maintenance of systems and controls under SYSC 4.1.1 R.

  3. 1: Firm type

    2: Allocation of both functions must be to the following individual, if any (see Note):

    3: Allocation to one or more individuals selected from this column is compulsory if there is no allocation to an individual in column 2, but is otherwise optional and additional:

    (1) A firm which is a body corporate and is a member of a group, other than a firm in row (2)

    (1) the firm'schief executive (and all of them jointly, if more than one); or

    the firm's and its group's:

    (1) directors; and

    (2) senior managers

    (2) a director or senior manager responsible for the overall management of:

    (a) the group; or

    (b) a group division within which some or all of the firm'sregulated activities fall

    (2) An incoming EEA firm or incoming Treaty firm (note: only the functions in SYSC 4.4.5R (2) must be allocated)

    (not applicable)

    the firm's and its group's:

    (1) directors; and

    (2) senior managers

    (3) Any other firm

    the firm'schief executive (and all of them jointly, if more than one)

    the firm's and its group's:

    (1) directors; and

    (2) senior managers

    Note: Column 2 does not require the involvement of the chief executive or other executive director or senior manager in an aspect of corporate governance if that would be contrary to generally accepted principles of good corporate governance.

SYSC 4.4.6 G RP

Frequently asked questions about allocation of functions in SYSC 4.4.5 R

Question

Answer

1

Does an individual to whom a function is allocated under SYSC 4.4.5 R need to be an approved person?

An individual to whom a function is allocated under SYSC 4.4.5 R will be performing the apportionment and oversight function (CF 8, see SUP 10A.7.1 R17) and an application must be made under section 59 of the Act for approval of the individual before the function is performed. There are exceptions from this in SUP 10A.117 (Approved persons - Application).

17 17

2

If the allocation is to more than one individual, can they perform the functions, or aspects of the functions, separately?

If the functions are allocated to joint chief executives under SYSC 4.4.5 R, column 2, they are expected to act jointly. If the functions are allocated to an individual under SYSC 4.4.5 R, column 2, in addition to individuals under SYSC 4.4.5 R, column 3, the former may normally be expected to perform a leading role in relation to the functions that reflects his position. Otherwise, yes.

3

What is meant by "appropriately allocate" in this context?

The allocation of functions should be compatible with delivering compliance with Principle 3, SYSC 4.4.3 R and SYSC 4.1.1 R. The appropriate regulator considers that allocation to one or two individuals is likely to be appropriate for most firms.

4

If a committee of management governs a firm or group, can the functions be allocated to every member of that committee?

Yes, as long as the allocation remains appropriate (see Question 3). If the firm also has an individual as chief executive, then the functions must be allocated to that individual as well under SYSC 4.4.5 R, column 2 (see Question 7).

5

Does the definition of chief executive include the possessor of equivalent responsibilities with another title, such as a managing director or managing partner?

Yes.

6

Is it possible for a firm to have more than one individual as its chief executive?

Although unusual, some firms may wish the responsibility of a chief executive to be held jointly by more than one individual. In that case, each of them will be a chief executive and the functions must be allocated to all of them under SYSC 4.4.5 R, column 2 (see also Questions 2 and 7).

7

If a firm has an individual as chief executive, must the functions be allocated to that individual?

Normally, yes, under SYSC 4.4.5 R, column 2.

But if the firm is a body corporate and a member of a group, the functions may, instead of being allocated to the firm'schief executive, be allocated to a director or senior manager from the group responsible for the overall management of the group or of a relevant group division, so long as this is appropriate (see Question 3). Such individuals may nevertheless require approval under section 59 (see Question 1).

If the firm chooses to allocate the functions to a director or senior manager responsible for the overall management of a relevant group division, the FSA would expect that individual to be of a seniority equivalent to or greater than a chief executive of the firm for the allocation to be appropriate.

See also Question 14.

8

If a firm has a chief executive, can the functions be allocated to other individuals in addition to the chief executive?

Yes. SYSC 4.4.5 R, column 3, permits a firm to allocate the functions, additionally, to the firm's (or where applicable the group's) directors and senior managers as long as this is appropriate (see Question 3).

9

What if a firm does not have a chief executive?

Normally, the functions must be allocated to one or more individuals selected from the firm's (or where applicable the group's) directors and senior managers under SYSC 4.4.5 R, column 3.

But if the firm:

(1) is a body corporate and a member of a group; and

(2) the group has a director or senior manager responsible for the overall management of the group or of a relevant group division;

then the functions must be allocated to that individual (together, optionally, with individuals from column 3 if appropriate) under SYSC 4.4.5 R, column 2.

10

What do you mean by "group division within which some or all of the firm's regulated activities fall"?

A "division" in this context should be interpreted by reference to geographical operations, product lines or any other method by which the group's business is divided.

If the firm's regulated activities fall within more than one division and the firm does not wish to allocate the functions to its chief executive, the allocation must, under SYSC 4.4.5 R, be to:

(1) a director or senior manager responsible for the overall management of the group; or (2) a director or senior manager responsible for the overall management of one of those divisions;

together, optionally, with individuals from column 3 if appropriate. (See also Questions 7 and 9.)

11

How does the requirement to allocate the functions in SYSC 4.4.5 R apply to an overseas firm which is not an incoming EEA firm, incoming Treaty firm or UCITS qualifier?

The firm must appropriately allocate those functions to one or more individuals, in accordance with SYSC 4.4.5 R, but:

(1) The responsibilities that must be apportioned and the systems and controls that must be overseen are those relating to activities carried on from a UK establishment with certain exceptions (see

SYSC 1 Annex 1.1.8R ). Note that SYSC 1 Annex 1.1.10R does not extend the territorial scope of SYSC 4.4 for an overseas firm.

(2) The chief executive of an overseas firm is the person responsible for the conduct of the firm's business within the United Kingdom (see the definition of "chief executive"). This might, for example, be the manager of the firm'sUK establishment, or it might be the chief executive of the firm as a whole, if he has that responsibility.

The apportionment and oversight function applies to such a firm, unless it falls within a particular exception from the approved persons regime (see Question 1).

12

How does the requirement to allocate the functions in SYSC 4.4.5 R apply to an incoming EEA firm or incoming Treaty firm?

SYSC 1 Annex 1.1.1R(2) and SYSC 1 Annex 1.1.8R restrict the application of SYSC 4.4.5 R for such a firm. Accordingly:

(1) Such a firm is not required to allocate the function of dealing with apportionment in SYSC 4.4.5R (1).

(2) Such a firm is required to allocate the function of oversight in SYSC 4.4.5R (2). However, the systems and controls that must be overseen are those relating to matters which the appropriate regulator, as Host State regulator, is entitled to regulate (there is guidance on this in SUP 13A Annex 2). Those are primarily, but not exclusively, the systems and controls relating to the conduct of the firm's activities carried on from its UK branch.

(3) Such a firm need not allocate the function of oversight to its chief executive; it must allocate it to one or more directors and senior managers of the firm or the firm'sgroup under SYSC 4.4.5 R, row (2).

(4) An incoming EEA firm which has provision only for cross border services is not required to allocate either function if it does not carry on regulated activities in the United Kingdom; for example if they fall within the overseas persons exclusions in article 72 of the Regulated Activities Order.

See also Questions 1 and 15.

13

What about a firm that is a partnership or a limited liability partnership?

The appropriate regulator envisages that most if not all partners or members will be either directors or senior managers, but this will depend on the constitution of the partnership (particularly in the case of a limited partnership) or limited liability partnership. A partnership or limited liability partnership may also have a chief executive (see Question 5). A limited liability partnership is a body corporate and, if a member of a group, will fall within SYSC 4.4.5 R, row (1) or (2).

14

What if generally accepted principles of good corporate governance recommend that the chief executive should not be involved in an aspect of corporate governance?

The Note to SYSC 4.4.5 R provides that the chief executive or other executive director or senior manager need not be involved in such circumstances. For example, the UK Corporate Governance Code5 recommends that the board of a listed company should establish an audit committee of non-executive directors to be responsible for oversight of the audit. That aspect of the oversight function may therefore be allocated to the members of such a committee without involving the chief executive. Such individuals may require approval under section 59 in relation to that function (see Question 1).

5

15

What about incoming electronic commerce activities carried on from an establishment in another EEA State with or for a person in the United Kingdom?

SYSC does not apply to an incoming ECA provider acting as such.