Related provisions for SYSC 13.8.8

1 - 16 of 16 items.
Results filter

Search Term(s)

Filter by Modules

Filter by Documents

Filter by Keywords

Effective Period

Similar To

To access the FCA Handbook Archive choose a date between 1 January 2001 and 31 December 2004 (From field only).

SYSC 13.8.3GRP
SYSC 3.2.19 G provides high level guidance on business continuity. This section provides additional guidance on managing business continuity in the context of operational risk.
SYSC 13.8.4GRP
The high level requirement for appropriate systems and controls at SYSC 3.1.1 R applies at all times, including when a business continuity plan is invoked. However, the FSA recognises that, in an emergency, a firm may be unable to comply with a particular rule and the conditions for relief are outlined in GEN 1.3 (Emergency).
SYSC 13.8.5GRP
A firm should consider the likelihood and impact of a disruption to the continuity of its operations from unexpected events. This should include assessing the disruptions to which it is particularly susceptible (and the likely timescale of those disruptions) including through:(1) loss or failure of internal and external resources (such as people, systems and other assets);(2) the loss or corruption of its information; and(3) external events (such as vandalism, war and "acts
SYSC 13.8.6GRP
A firm should implement appropriate arrangements to maintain the continuity of its operations. A firm should act to reduce both the likelihood of a disruption (including by succession planning, systems resilience and dual processing); and the impact of a disruption (including by contingency arrangements and insurance).
SYSC 13.8.7GRP
A firm should document its strategy for maintaining continuity of its operations, and its plans for communicating and regularly testing the adequacy and effectiveness of this strategy. A firm should establish:(1) formal business continuity plans that outline arrangements to reduce the impact of a short, medium or long-term disruption, including:(a) resource requirements such as people, systems and other assets, and arrangements for obtaining these resources;(b) the recovery
SYSC 4.1.6RRP
A common platform firm must take reasonable steps to ensure continuity and regularity in the performance of its regulated activities. To this end the common platform firm3 must employ appropriate and proportionate systems, resources and procedures.[Note: article 13(4) of MiFID]
SYSC 4.1.7RRP
A common platform firm and a management company10 must establish, implement and maintain an adequate business continuity policy aimed at ensuring, in the case of an interruption to its systems and procedures, that any losses are limited, the preservation of essential data and functions, and the maintenance of its regulated activities, or, in the case of a management company, its collective portfolio management activities,10 or, where that is not possible, the timely recovery of
SYSC 4.1.7AGRP
3Other firms should take account of the business continuity rules (SYSC 4.1.6 R and 4.1.7 R) as if they were guidance (and as if "should" appeared in those rules instead of "must") as explained in SYSC 1 Annex 1.3.3 G5.
SYSC 4.1.8GRP
The matters dealt with in a business continuity policy should include:(1) resource requirements such as people, systems and other assets, and arrangements for obtaining these resources;(2) the recovery priorities for the firm's operations; (3) communication arrangements for internal and external concerned parties (including the FSA, clients and the press);(4) escalation and invocation plans that outline the processes for implementing the business continuity plans, together with
SYSC 13.9.4GRP
Before entering into, or significantly changing, an outsourcing arrangement, a firm should:(1) analyse how the arrangement will fit with its organisation and reporting structure; business strategy; overall risk profile; and ability to meet its regulatory obligations;(2) consider whether the agreements establishing the arrangement will allow it to monitor and control its operational risk exposure relating to the outsourcing;(3) conduct appropriate due diligence of the service
SYSC 13.9.5GRP
In negotiating its contract with a service provider, a firm should have regard to:(1) reporting or notification requirements it may wish to impose on the service provider;(2) whether sufficient access will be available to its internal auditors, external auditors or actuaries (see section 341 of the Act) and to the FSA (see SUP 2.3.5 R (Access to premises) and SUP 2.3.7 R (Suppliers under material outsourcing arrangements);(3) information ownership rights, confidentiality agreements
SYSC 13.9.8GRP
A firm should ensure that it has appropriate contingency arrangements to allow business continuity in the event of a significant loss of services from the service provider. Particular issues to consider include a significant loss of resources at, or financial failure of, the service provider, and unexpected termination of the outsourcing arrangement.
CREDS 2.2.61GRP
The policy and procedures manual should cover all aspects of the credit union's operations, including matters such as:(1) cash handling and disbursements;(2) collection procedures;(3) lending, including large exposures (see CREDS 7.1 to CREDS 7.5);(4) arrears management (see CREDS 7.2.9 G to CREDS 7.2.10 G);(5) provisioning (see CREDS 7.5);(6) liquidity management (see CREDS 6);(7) financial risk management (see CREDS 3);(8) money laundering prevention (see SYSC 6.3);(9) internal
CREDS 2.2.62GRP
Guidance on business continuity is located in SYSC 4.1.6R to SYSC 4.1.8 G.[Note: As explained in SYSC 1 Annex 1.3.3G, SYSC 4.1.6R is to be read as guidance rather than as a rule, and as if "should" appeared in that provision instead of "must".]
CREDS 2.2.63GRP
A credit union should put in place contingency arrangements to ensure that it could continue to operate and meet its regulatory requirements in the event of an unforeseen interruption that may otherwise prevent the credit union from operating normally (for example, if there was a complete failure of IT systems or if the premises were destroyed by fire).
CREDS 2.2.64GRP
Business continuity arrangements should be reviewed and tested regularly in order to ensure their effectiveness.
SYSC 13.7.1GRP
A firm should establish and maintain appropriate systems and controls for managing operational risks that can arise from inadequacies or failures in its processes and systems (and, as appropriate, the systems and processes of third party suppliers, agents and others). In doing so a firm should have regard to:(1) the importance and complexity of processes and systems used in the end-to-end operating cycle for products and activities (for example, the level of integration of systems);(2)
SYSC 13.7.2GRP
Internal documentation may enhance understanding and aid continuity of operations, so a firm should ensure the adequacy of its internal documentation of processes and systems (including how documentation is developed, maintained and distributed) in managing operational risk.
REC 3.16.1GRP
The purpose of REC 3.16 is to ensure that the FSA receives a copy of the UK recognised body's plans and arrangements for ensuring business continuity if there are major problems with its computer systems. The FSA does not need to be notified of minor revisions to, or updating of, the documents containing a UK recognised body's business continuity plan (for example, changes to contact names or telephone numbers).
SYSC 13.4.2GRP
Regarding operational risk, matters of which the FSA would expect notice under Principle 11 include:(1) any significant operational exposures that a firm has identified;(2) the firm's invocation of a business continuity plan; and(3) any other significant change to a firm's organisation, infrastructure or business operating environment.
REC 2.5.1UKRP

Schedule to the Recognition Requirements Regulations, paragraph 3

2(1)

The [UK RIE] must ensure that the systems and controls used in the performance of its [relevant functions] are adequate, and appropriate for the scale and nature of its business.

(2)

Sub-paragraph (1) applies in particular to systems and controls concerning -

(a)

the transmission of information;

(b)

the assessment, mitigation and management of risks to the performance of the [UK RIE'srelevant functions];

(c)

the effecting and monitoring of transactions on the [UK RIE];

(ca)

the technical operation of the [UK RIE], including contingency arrangements for disruption to its facilities;

(d)

the operation of the arrangements mentioned in paragraph 4(2)(d); and

(e)

(where relevant) the safeguarding and administration of assets belonging to users of the [UK RIE's] facilities.

REC 2.5.19GRP
The FSA may also have regard to the arrangements for maintaining, recording and enforcing technical and operational standards and specifications for information technology systems, including:(1) the procedures for the evaluation and selection of information technology systems;(2) the arrangements for testing information technology systems before live operations;(3) the procedures for problem management and system change;(4) the arrangements to monitor and report system performance,
COLL 5.7.11GRP
An authorised fund manager carrying out due diligence for the purpose of the rules in this section should make enquiries or otherwise obtain information needed to enable him properly to consider:(1) whether the experience, expertise, qualifications and professional standing of the second scheme's investment manager is adequate for the type and complexity of the second scheme;(2) the adequacy of the regulatory, legal and accounting regimes applicable to the second scheme and its
SYSC 13.6.2GRP
A firm should establish and maintain appropriate systems and controls for the management of operational risks that can arise from employees. In doing so, a firm should have regard to:(1) its operational risk culture, and any variations in this or its human resource management practices, across its operations (including, for example, the extent to which the compliance culture is extended to in-house IT staff);(2) whether the way employees are remunerated exposes the firm to the
ICOBS 8.4.9RRP
The conditions referred to in ICOBS 8.4.4R (2)(d) and ICOBS 8.4.7R (1)(a)(ii) are that the tracing office is one which:(1) maintains a database which:(a) accurately and reliably stores information submitted to it by firms for the purposes of complying with these rules;(b) has systems which can adequately keep it up to date in the light of new information provided by firms;(c) has an effective search function which allows a person inputting data included on the database relating
SYSC 3.2.19GRP
A firm should have in place appropriate arrangements, having regard to the nature, scale and complexity of its business, to ensure that it can continue to function and meet its regulatory obligations in the event of an unforeseen interruption. These arrangements should be regularly updated and tested to ensure their effectiveness.
SYSC 1.4.2RRP
A contravention of a rule in SYSC 11 to 2SYSC 213 does not give rise to a right of action by a private person under section 150 of the Act (and each of those rules is specified under section 150(2) of the Act as a provision giving rise to no such right of action). 344
DEPP 6.5D.4GRP
(1) The FSA will consider reducing the amount of a penalty if a firm will suffer serious financial hardship as a result of having to pay the entire penalty. In deciding whether it is appropriate to reduce the penalty, the FSA will take into consideration the firm’s financial circumstances, including whether the penalty would render the firm insolvent or threaten the firm’s solvency. The FSA will also take into account its regulatory objectives, for example in situations where
SYSC 8.1.4RRP
For the purposes of this chapter an operational function is regarded as critical or important if a defect or failure in its performance would materially impair the continuing compliance of a common platform firm with the conditions and obligations of its authorisation or its other obligations under the regulatory system, or its financial performance, or the soundness or the continuity of its relevant services and activities.[Note: article 13(1) of the MiFID implementing Direc
GENPRU 1.2.88GRP
6A firm should include in the written record referred to in GENPRU 1.2.60 R a description of the broad business strategy ofthe insurance group, the UK consolidation group or the non-EEA sub-group of which it is a member, the group’s view of its principal risks and its approach to measuring, managing and controlling the risks. This description should include the role of stress testing, scenario analysis and contingency planning in managing risk at the solo and consolidated lev