Related provisions for SYSC 4.4.2
1 - 18 of 18 items.
1A common
platform firm must:(1) when relying on a third party for
the performance of operational functions which are critical for the performance
of regulated activities, listed activities or ancillary
services (in this chapter "relevant services and activities")
on a continuous and satisfactory basis, ensure that it takes reasonable steps
to avoid undue additional operational risk; (2) not undertake the outsourcing of important operational functions
in such a way as to impair
SYSC 4.1.1 R requires
a firm to have effective processes to
identify, manage, monitor and report risks and internal control mechanisms.
Except in relation to those functions described in SYSC 8.1.5 R, where a firm relies on a third party for the performance
of operational functions which are not critical or important for the performance
of relevant services and activities (see SYSC 8.1.1 R (1)) on a continuous
and satisfactory basis, it should take into account, in a manner that
For the
purposes of this chapter an operational function is regarded as critical or
important if a defect or failure in its performance would materially impair
the continuing compliance of a common platform
firm with the conditions and obligations of its authorisation or its other obligations under
the regulatory system, or its
financial performance, or the soundness or the continuity of its relevant
services and activities.[Note: article 13(1) of the MiFID
implementing Direc
If a firm outsources critical
or important operational functions or any relevant services and activities,
it remains fully responsible for discharging all of its obligations under
the regulatory system and must
comply, in particular, with the following conditions:2(1) the outsourcing must
not result in the delegation by senior personnel of
their responsibility;(2) the relationship and obligations
of the firm towards its clients under the regulatory
system must not be altered;(3)
A common platform firm must make available
on request to the appropriate
regulator and
any other relevant competent authority all
information necessary to enable the appropriate
regulator and
any other relevant competent authority to
supervise the compliance of the performance of the outsourced activities
with the requirements of the regulatory system.[Note: article
14(5) of the MiFID implementing Directive]
3(1) A firm must have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.8(2) 8A BIPRU firm and a third country
For a common platform firm, the 3 arrangements, processes and mechanisms referred to in SYSC 4.1.1 R must be comprehensive and proportionate to the nature, scale and complexity ofSYSC 4.1.7 R, SYSC 5.1.7 R ,8SYSC 7 and (for a BIPRU firm and a third country BIPRU firm)SYSC 19A, or (for a full-scope UK AIFM) SYSC 19B12.83[Note: article 22(2) of the Banking Consolidation Directive]
A firm (with the exception of a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements))3 must, taking into account the nature, scale and complexity of the business of the firm, and the nature and range of the financial services and activities 3undertaken in the course of that business:310(1) (if it is a common platform firm or a management company)10 establish, implement and maintain decision-making
3A firm that is not a common platform firm or a management company10 should take into account the decision-making procedures and effective internal reporting rules (SYSC 4.1.4R (1),10(3) and (4))10 as if they were guidance (and as if "should" appeared in those rules instead of "must") as explained in SYSC 1 Annex 1.3.3 G5.
The matters dealt with in a business continuity policy should include:(1) resource requirements such as people, systems and other assets, and arrangements for obtaining these resources;(2) the recovery priorities for the firm's operations; (3) communication arrangements for internal and external concerned parties (including the appropriate regulator, clients and the press);(4) escalation and invocation plans that outline the processes for implementing the business continuity
3Other firms should take account of the rule on the types of conflicts (see SYSC 10.1.4 R) as if it were guidance (and as if "should" appeared in that rule instead of "must") as explained in SYSC 1 Annex 1.3.3 G4, except when they produce or arrange the production of investment research in accordance with COBS 12.2, or produce or disseminate non-independent research in accordance with COBS 12.3 (see SYSC 10.1.16 R).
3Other firms should take account of the rule on records of conflicts (see SYSC 10.1.6 R) as if it were guidance (and as if "should" appeared in that rule instead of "must", as explained in SYSC 1 Annex 1.3.3 G4), except when they produce or arrange the production of investment research in accordance with COBS 12.2, or produce or disseminate non-independent research in accordance with COBS 12.3 (see SYSC 10.1.16 R).
3Other firms should take account of the rules relating to conflicts of interest policies (see SYSC 10.1.10 R and SYSC 10.1.11 R) as if they were guidance (and as if "should" appeared in those rules instead of "must", as explained in SYSC 1 Annex 1.3.3 G4), except when they produce or arrange the production of investment research in accordance with COBS 12.2, or produce or disseminate non-independent research in accordance with COBS 12.3 (see SYSC 10.1.16 R).
3The rules relating to:(1) types of conflict (see SYSC 10.1.4 R);(2) records of conflicts (see SYSC 10.1.6 R); and(3) conflicts of interest policies (see SYSC 10.1.10 R and SYSC 10.1.11 R);also apply to a firm which is not a common platform firm when it produces, or arranges for the production of, investment research that is intended or likely to be subsequently disseminated to clients of the firm or to the public in accordance with COBS 12.2, and when it produces or disseminates
A firm must arrange for orderly records to
be kept of its business and internal organisation, including all services
and transactions undertaken by it, which must be sufficient to enable the appropriate
regulator or any other
relevant competent authority under MiFID or the UCITS Directive4 to monitor the firm's compliance
with the requirements under the regulatory
system, and in particular to ascertain that the firm has complied with all obligations with
respect to clients.[Note:
article
The senior personnel of a common platform firm, a management company3, a full-scope UK AIFM,5 or of the UK branch of a non-EEA bank1must be of sufficiently good repute and sufficiently experienced as to ensure the sound and prudent management of the firm.[Note: article 9(1) of MiFID, article 7(1)(b) of the UCITS Directive3 article 8(1)(c) of AIFMD5 and article 11(1) second paragraph of the Banking Consolidation Directive ]
A common platform firm, a management company, a full-scope UK AIFM53 and the UK branch of a non-EEA bank1must ensure that its management is undertaken by at least two persons meeting the requirements laid down in SYSC 4.2.1 R and, for a full-scope UK AIFM, SYSC 4.2.7 R5.[Note: article 9(4) first paragraph of MiFID, article 7(1)(b) of the UCITS Directive3, article 8(1)(c) of AIFMD5and article 11(1) first paragraph of the Banking Consolidation Directive]
At least two independent minds should be applied to the formulation and implementation of the policies of a common platform firm, a management company3, a full-scope UK AIFM5 and the UK branch of a non-EEA bank1. Where a firm1 nominates just two individuals to direct its business, the appropriate regulator will not regard them as both effectively directing the business where one of them makes some, albeit significant, decisions relating to only a few aspects of the business.
Where there are more than two individuals directing the business of a common platform firm, a management company3, a full-scope UK AIFM5 or the UK branch of a non-EEA bank,1 the appropriate regulator does not regard it as necessary for all of these individuals to be involved in all decisions relating to the determination of strategy and general direction. However, at least two individuals should be involved in all such decisions. Both individuals' judgement should be engaged
If a common platform firm, (other than a credit institution or AIFM investment firm5) or the UK branch of a non-EEA bank1, is:1(1) a natural person; or(2) a legal person managed by a single natural person; it must have alternative arrangements in place which ensure sound and prudent management of the firm.[Note: article 9(4) second paragraph of MiFID]
1A firm must employ personnel with the skills, knowledge and expertise necessary for the discharge of the responsibilities allocated to them.[Note:article 5(1)(d) of the MiFID implementing Directive, articles 12(1)(a) and 14(1)(c) of the UCITS Directive and article 5(1) of the UCITS implementing Directive]63
The systems, internal control mechanisms and arrangements established by a firm in accordance with this chapter must take into account the nature, scale and complexity of its business and the nature and range of financial services and activities 3undertaken in the course of that business.[Note:article 5(1) final paragraph of the MiFID implementing Directiveand articles 4(1) final paragraph and 5(4) of the UCITS implementing Directive]66
The senior personnel of a common platform firm must approve and periodically review the strategies and policies for taking up, managing, monitoring and mitigating the risks the firm is or might be exposed to, including those posed by the macroeconomic environment in which it operates in relation to the status of the business cycle.[Note: annex V paragraph 2 of the Banking Consolidation Directive]
For a common platform firm included within the scope of SYSC 20 (Reverse stress testing), the strategies, policies and procedures for identifying, taking up, managing, monitoring and mitigating the risks to which the firm is or might be exposed include conducting reverse stress testing in accordance with SYSC 20. A common platform firm which falls outside the scope of SYSC 20 should consider conducting reverse stress tests on its business plan as well. This would further senior
2(1) SYSC 4.1.3 R requires a BIPRU firm to ensure that its internal control mechanisms and administrative and accounting procedures permit the verification of its compliance with rules adopted in accordance with the Capital Adequacy Directive at all times. In complying with this obligation, a BIPRU firm should document the organisation and responsibilities of its risk management function and it should document its risk management framework setting out how the risks in the business
(1) 4A firm which is not a common platform firm or management company8 and which carries on designated investment business with or for retail clients or professional clients must allocate to a director or senior manager the function of:(a) having responsibility for oversight of the firm's compliance; and(b) reporting to the governing body in respect of that responsibility.(2) In SYSC 6.1.4A R (1) compliance means compliance with the rules in:(a) COBS (Conduct of Business sourcebook);(b)
(1) 9This rule applies to a common platform firm conducting investment services and activities from a branch in another EEA State.(2) References to the regulatory system in SYSC 6.1.1R, SYSC 6.1.2 R and SYSC 6.1.3 R apply in respect of a firm'sbranch as if regulatory system includes a Host State's requirements under MiFID and the MiFID implementing Directive which are applicable to the investment services and activities conducted from the firm'sbranch.[Note: article 13(2) of
A firm must provide a retail client with the following general information, if relevant:(1) the name and address of the firm, and the contact details necessary to enable a client to communicate effectively with the firm;(2) in the case of MiFID or equivalent third country business, the languages in which the client may communicate with the firm, and receive documents and other information from the firm;(3) the methods of communication to be used between the firm and the client
Afirm (with the exception of a sole trader who does not employ any person who is required to be approved under section 59 of the Act (Approval for particular arrangements)),2 when allocating functions internally, must ensure that senior personnel and, where appropriate, the supervisory function, are responsible for ensuring that the firm complies with its obligations under the regulatory system1. In particular, senior personnel and, where appropriate, the supervisory function
(1) If a firm'sremuneration policy is not aligned with effective risk management it is likely that employees will have incentives to act in ways that might undermine effective risk management.(2) The Remuneration Code covers all aspects of remuneration that could have a bearing on effective risk management including salaries, bonuses, long-term incentive plans, options, hiring bonuses, severance packages and pension arrangements. In applying the Remuneration Code, a firm should
1The term 'internal audit function' in SYSC 6.2.1 R (and SYSC 4.1.11 G) refers to the generally understood concept of internal audit within a firm, that is, the function of assessing adherence to and the effectiveness of internal systems and controls, procedures and policies.The internal audit function is not a controlled function itself, but is part of the systems and controls function (CF28).42