Reset to Today

To access the FCA Handbook Archive choose a date between 1 January 2001 and 31 December 2004.

Content Options:

Content Options

View Options:


You are viewing the version of the document as on 2024-04-04.

Timeline guidance

SYSC 6.1 Compliance

[Note: ESMA has also issued guidelines under article 16(3) of the ESMA Regulation covering certain aspects of the MiFID compliance function requirements. See

https://www.esma.europa.eu/sites/default/files/library/esma35-36-1946_final_report_guidelines_on_certain_aspects_of_the_mifid_ii_compliance_function.pdf

.]

Application to a common platform firm

SYSC 6.1.-2 G RP

16For a common platform firm:

  1. (1)

    the MiFID Org Regulation applies, as summarised in SYSC 1 Annex 1 3.2G, SYSC 1 Annex 1 3.2-AR and SYSC 1 Annex 1 3.2-BR; and

  2. (2)

    the rules and guidance apply as set out in the table below:

    Subject

    Applicable rule or guidance

    Adequate policy and procedures

    SYSC 6.1.1R, SYSC 6.1.1AG

    Compliance function

    SYSC 6.1.4-AG, SYSC 6.1.7R

    Internal audit

    SYSC 6.2.2G

    Financial crime

    SYSC 6.3.1R to SYSC 6.3.11G

Application to an MiFID optional exemption firm and to a third country firm

SYSC 6.1.-1 G RP

16For a MiFID optional exemption firm and a third country firm:

  1. (1)

    the rules and guidance in this chapter apply to them as if they were rules or as guidance in accordance with SYSC 1 Annex 1 3.2CR(1); and

  2. (2)

    those articles of the MiFID Org Regulation in SYSC 1 Annex 1 2.8AR and 3.2CR apply to them as if they were rules or as guidance in accordance with SYSC 1 Annex 1 3.2CR(2).

Adequate policy and procedures

SYSC 6.1.1 R RP

1A firm must establish, implement and maintain adequate policies and procedures sufficient to ensure compliance of the firm including its managers, employees and appointed representatives (or where applicable, tied agents)3 with its obligations under the regulatory system and for countering the risk that the firm might be used to further financial crime.2

[Note: article 1616(2) of MiFID and article 12(1)(a) of the UCITS Directive]82

4 2
SYSC 6.1.1A G RP

10The FCA provides guidance on steps that a firm can take to reduce the risk that it might be used to further financial crime in FCG (Financial Crime Guide: A firm’s guide to countering financial crime risks) and FCTR (Financial Crime Thematic Reviews)18.

SYSC 6.1.2 R RP

A firm that is a20management company or an operator of an electronic system in relation to lending20 must, taking into4account the nature, scale and complexity of its business, and the nature and range of financial services and activities8 undertaken in the course of that business, establish, implement and maintain adequate policies and procedures designed to detect any risk of failure by the firm to comply with its obligations under the regulatory system, as well as associated risks, and put in place adequate measures and procedures designed to minimise such risks and to enable the FCA16 to exercise its powers effectively under the regulatory system22.

[Note:16 article 10(1) of the UCITS implementing Directive]8

16 8 4 8 19 20 16 8
SYSC 6.1.2A G RP

4Other firms should take account of the adequate policies and procedures rule (SYSC 6.1.2 R) as if it were guidance (and as if should appeared in that rule16 instead of must) as explained in SYSC 1 Annex 1 3.3 R(1)16.

5

Compliance function

SYSC 6.1.3 R RP

A firm that is a20management company or an operator of an electronic system in relation to lending20 must maintain a permanent and effective compliance function which operates independently and which has the following responsibilities:

16 8
  1. (1)

    to monitor and, on a regular basis, to assess the adequacy and effectiveness of the measures and procedures put in place in accordance with SYSC 6.1.2 R, and the actions taken to address any deficiencies in the firm's compliance with its obligations; and8

  2. (2)

    to advise and assist the relevant persons responsible for carrying out regulated activities to comply with the firm's obligations under the regulatory system.

[Note:16 article 10(2) of the UCITS implementing Directive]8

SYSC 6.1.3A G RP
  1. (1)

    4Other firms should take account of the compliance function rule (SYSC 6.1.3 R) as if it were guidance (and as if should appeared in that rule16 instead of must) as explained in SYSC 1 Annex 1 3.3 R(1)16.

    5
  2. (2)

    Notwithstanding SYSC 6.1.3 R, as it applies under (1), depending on the nature, scale and complexity of its business, it may be appropriate for a firm to have a separate compliance function. Where a firm has a separate compliance function the firm should also take into account SYSC 6.1.3 R and SYSC 6.1.4 R as guidance.

SYSC 6.1.4 R RP

In order to enable the compliance function to discharge its responsibilities properly and independently, a firm that is a20management company or an operator of an electronic system in relation to lending20 must ensure that the following conditions are satisfied:

16 8
  1. (1)

    the compliance function must have the necessary authority, resources, expertise and access to all relevant information;

  2. (2)

    a compliance officer must be appointed and must be responsible for the compliance function and for any reporting as to compliance required by SYSC 4.3.2 R;

  3. (3)

    the relevant persons involved in the compliance functions must not be involved in the performance of the 16services or activities they monitor;

  4. (4)

    the method of determining the remuneration of the relevant persons involved in the compliance function must not compromise their objectivity and must not be likely to do so.

[Note:16 article 10(3) of the UCITS implementing Directive]8

SYSC 6.1.4-A G RP

6 24In setting the method of determining the remuneration of relevant persons involved in the compliance function:11

11
  1. (1)

    [deleted]23

    1114
  1. (2) 11

    [deleted]23

    71611
  2. (3)

    firms that SYSC 19D applies to will also need to comply with the dual-regulated firms Remuneration Code; 23

  3. (4)

    firms that the remuneration part of the PRA Rulebook16 applies to will also need to comply with it; and23

  4. (5)

    23firms that SYSC 19G applies to will also need to comply with the MIFIDPRU Remuneration Code.

7
SYSC 6.1.4A R RP
  1. (1)

    4A firm which is not a common platform firm or management company8 and which carries on designated investment business with or for retail clients or professional clients must allocate to a director or senior manager the function of:

    1. (a)

      having responsibility for oversight of the firm's compliance; and

    2. (b)

      reporting to the governing body in respect of that responsibility.

  2. (2)

    In SYSC 6.1.4A R (1) compliance means compliance with the rules in:

    1. (a)

      COBS (Conduct of Business sourcebook);

    2. (b)

      COLL (Collective Investment Schemes sourcebook);

      135
    3. (c)

      CASS (Client Assets sourcebook); and5

      5
    4. (d)

      ICOBS (Insurance: Conduct of Business sourcebook).5

SYSC 6.1.4-B G RP

12In setting the method of determining the remuneration of relevant persons involved in the compliance function, full-scope UK AIFMs will need to comply with the AIFM Remuneration Code.

SYSC 6.1.4C R RP
  1. (1)

    21A firm in (2) or (3) must appoint a compliance officer to be responsible for ensuring the firm meets its obligations under SYSC 6.1.1R for any compliance function the firm has and for any reporting as to compliance which may be made under SYSC 4.3.2R.

  2. (2)

    21This rule applies to:

    1. (a)

      a debt management firm; and

    2. (b)

      a credit repair firm.

  3. (3)

    21This rule also applies to a firm that meets the following conditions:

    1. (a)

      it is a Class 1 firm as defined in CMCOB 7.2.5R(1); and

    2. (b)

      SUP 10C (FCA senior managers regime for approved persons in SMCR firms) applies the compliance oversight function to it.

SYSC 6.1.4-C G RP
  1. (1)

    15This guidance is relevant to an SMCR firm17 required to appoint a compliance officer under SYSC 6.1.4R or article 22(3) of the MiFID Org Regulation as applicable16.

  2. (2)

    Taking account of the nature, scale and complexity of its activities, the firm should have appropriate procedures to ensure that the removal or any other disciplinary sanctioning of the compliance officer does not undermine the independence of the compliance function.

  3. (3)

    In the FCA's view, it will be appropriate, in many cases, for the removal or any other disciplinary sanctioning of the compliance officer to require the approval of a majority of the management body, including at least a majority of its members who do not perform any executive function in the firm.

SYSC 6.1.5 R RP

A firm that is a20management company or an operator of an electronic system in relation to lending20 need not comply with SYSC 6.1.4 R (3) or SYSC 6.1.4 R (4) if it is able to demonstrate that in view of the nature, scale and complexity of its business, and the nature and range of financial services and activities,4 the requirements under those rules are not proportionate and that its compliance function continues to be effective.

[Note: 16article 10(3) second paragraph of the UCITS implementing Directive]8

16 8 8
SYSC 6.1.6 G RP

4Other firms should take account of the proportionality rule (SYSC 6.1.5 R) as if it were guidance (and as if should appeared in that rule16 instead of must) as explained in SYSC 1 Annex 1 3.3R(1)16.

5
SYSC 6.1.7 R RP

[deleted]19

SYSC 6.1.8 G

20The exemptions in SYSC 6.1.5R are unlikely to apply to a firm that is an operator of an electronic system in relation to lending where that firm offers lenders a P2P portfolio with a target rate.

SYSC 6.2 Internal audit

SYSC 6.2.1 R RP

A firm that is a9management company or an operator of an electronic system in relation to lending97management company5 must, where appropriate and proportionate in view of the nature, scale and complexity of its business and the nature and range of its financial services and activities,5 undertaken in the course of that business, establish and maintain an internal audit function which is separate and independent from the other functions and activities of the firm and which has the following responsibilities:

5
  1. (1)

    to establish, implement and maintain an audit plan to examine and evaluate the adequacy and effectiveness of the firm's systems, internal control mechanisms and arrangements;

  2. (2)

    to issue recommendations based on the result of work carried out in accordance with (1);

  3. (3)

    to verify compliance with those recommendations;

  4. (4)

    to report in relation to internal audit matters in accordance with SYSC 4.3.2 R.

[Note: 7article 11 of the UCITS implementing Directive]5

SYSC 6.2.1A G RP

2Other firms should take account of the internal audit rule (SYSC 6.2.1 R) as if it were guidance (and as if should appeared in that rule7 instead of must) as explained in SYSC 1 Annex 1 3.3 R(1)7.

3
SYSC 6.2.1B G RP
  1. (1)

    6This guidance is relevant to an SMCR firm8 required to establish and maintain an internal audit function under article 24 of the MiFID Org Regulation7.

  2. (2)

    Taking account of the nature, scale and complexity of its activities, the firm should have appropriate procedures to ensure that the removal or any other disciplinary sanctioning of the head of the internal audit function does not undermine the independence of the internal audit function.

  3. (3)

    In the FCA's view, it will be appropriate, in many cases, for the removal or any other disciplinary sanctioning of the head of the internal audit function to require the approval of a majority of the management body, including at least a majority of its members who do not perform any executive function in the firm.

SYSC 6.2.2 G RP
  1. (1)

    The term 'internal audit function' in SYSC 6.2.1R (and SYSC 4.1.11G), and for a common platform firm in article 24 of the MiFID Org Regulation,7 refers to the generally understood concept of internal audit within a firm, that is, the function of assessing adherence to and the effectiveness of internal systems and controls, procedures and policies.6

  2. (2)

    [deleted]10

    688
  3. (3)

    6For an SMCR firm that is a PRA-authorised person10,the internal audit function is a PRA controlled function (SMF5). For an enhanced scope SMCR firm it is an FCA controlled function (SMF5).10

    8

SYSC 6.3 Financial crime

SYSC 6.3.1 R RP

A firm must ensure the policies and procedures established under SYSC 6.1.1 R include systems and controls that:

1
  1. (1)

    enable it to identify, assess, monitor and manage money laundering risk; and

  2. (2)

    are comprehensive and proportionate to the nature, scale and complexity of its activities.

SYSC 6.3.2 G RP

"Money laundering risk" is the risk that a firm may be used to further money laundering. Failure by a firm to manage this risk effectively will increase the risk to society of crime and terrorism.

SYSC 6.3.3 R RP

A firm must carry out a1 regular assessment of the adequacy of these systems and controls to ensure that they continue 1to comply with SYSC 6.3.1 R.

1 1
SYSC 6.3.4 G RP

A firm may also have separate obligations to comply with relevant legal requirements, including the Terrorism Act 2000, the Proceeds of Crime Act 2002 and the Money Laundering Regulations. SYSC 6.1.1 R and SYSC 6.3.1 R to SYSC 6.3.10 G are not relevant for the purposes of regulation 76(6) or 86(2)5 of the Money Laundering Regulations, section 330(8) of the Proceeds of Crime Act 2002 or section 21A(6) of the Terrorism Act 2000.

1 2 2
SYSC 6.3.5 G RP

The FCA, when considering whether a breach of its rules on systems and controls against money laundering has occurred, will have regard to whether a firm has followed relevant provisions in the guidance for the United Kingdom financial sector issued by the Joint Money Laundering Steering Group.

1
SYSC 6.3.6 G RP

In identifying its money laundering risk and in establishing the nature of these systems and controls, a firm should consider a range of factors, including:

1
  1. (1)

    its customer, product and activity profiles;

  2. (2)

    its distribution channels;

  3. (3)

    the complexity and volume of its transactions;

  4. (4)

    its processes and systems; and

  5. (5)

    its operating environment.

SYSC 6.3.7 G RP

A firm should ensure that the systems and controls include:

1
  1. (1)

    appropriate training for its employees in relation to money laundering;

  2. (2)

    appropriate provision of information to its governing body and senior management, including a report at least annually by that firm'smoney laundering reporting officer (MLRO) on the operation and effectiveness of those systems and controls;

  3. (3)

    appropriate documentation of its risk management policies and risk profile in relation to money laundering, including documentation of its application of those policies (see SYSC 9);

  4. (4)

    appropriate measures to ensure that money laundering risk is taken into account in its day-to-day operation, including in relation to:

    1. (a)

      the development of new products;

    2. (b)

      the taking-on of new customers; and

    3. (c)

      changes in its business profile; and

  5. (5)

    appropriate measures to ensure that procedures for identification of new customers do not unreasonably deny access to its services to potential customers who cannot reasonably be expected to produce detailed evidence of identity.

SYSC 6.3.8 R RP
  1. (1)

    A firm must allocate to a director or senior manager (who may also be the money laundering reporting officer) overall responsibility within the firm for the establishment and maintenance of effective anti-money laundering systems and controls.4

  2. (2)

    A firm may not allocate overall responsibility under (1) to a person who is approved to perform the other overall responsibility function.4

The money laundering reporting officer

SYSC 6.3.9 R RP

A firm (with the exception of a sole trader who has no employees)21 must:

1 2
  1. (1)

    appoint an individual as MLRO, with responsibility for oversight of its compliance with the FCA'srules on systems and controls against money laundering; and

  2. (2)

    ensure that its MLRO has a level of authority and independence within the firm and access to resources and information sufficient to enable him to carry out that responsibility.

SYSC 6.3.10 G RP

The job of the MLRO within a firm is to act as the focal point for all activity within the firm relating to anti-money laundering. The FCA expects that a firm'sMLRO will be based in the United Kingdom.

Financial crime guidance

SYSC 6.3.11 G RP

3The FCA provides guidance on steps that a firm can take to reduce the risk that it might be used to further financial crime in FCG (Financial Crime Guide: A firm’s guide to countering financial crime risks) and FCTR (Financial Crime Thematic Reviews)6.