Related provisions for SUP 15.3.20
1 - 20 of 110 items.
Schedule to the Recognition Requirements Regulations, paragraphs 3 – 3H4Paragraph 3 – Systems and controls4(1)The [UK RIE] must ensure that the systems and controls, including procedures and arrangements,4 used in the performance of its functions and the functions of the trading venues it operates are adequate, effective4 and appropriate for the scale and nature of its business.(2)Sub-paragraph (1) applies in particular to systems and controls concerning - (a)the transmission
In assessing whether the systems and controls used by a UK recognised body in the performance of its relevant functions are adequate, effective4 and appropriate for the scale and nature of its business, the FCA3 may have regard to the UK recognised body's:3(1) arrangements for managing, controlling and carrying out its relevant functions, including: (a) the distribution of duties and responsibilities among the members of the management body4 and the departments of the UK recognised
REC 2.5.5G to REC 2.5.20G4 set out other matters to which the FCA3 may have regard in assessing the UK RIE’s4 systems and controls used for the transmission of information, risk management, 4the operation of settlement arrangements (the matters covered in paragraph 4(2)(d) of the Schedule to the Recognition Requirements Regulations),4 the safeguarding and administration of assets and certain other aspects of its operations4. 33
4Where the MiFID/MiFIR Systems Regulations apply to a UK RIE, the FCA will, in assessing the UK RIE’s systems and controls, additionally have regard to the UK RIE’s satisfaction of any relevant requirements in those regulations. Of particular importance is MiFID RTS 7, which will apply where a trading venue allows or enables algorithmic trading.
In assessing a UK RIE's systems and controls for 4the operation of settlement arrangements, the FCA3 may have regard to the totality of the arrangements and processes through which the UK RIE's transactions are4 cleared4 and settled, including:3333(1) (in relation to non-derivatives transactions)4 a UK RIE’s arrangements with another person4 under which any rights or liabilities arising from transactions are discharged including arrangements3 for transmission to a settlement
4Where the requirements of MiFID RTS 7 in respect of effecting and monitoring transactions do not apply to a UK RIE, the FCA may, in addition, assess the UK RIE’s systems and controls for the effecting and monitoring of transactions. In doing so, it will have regard to the UK RIE’s arrangements under which orders are received and matched, and its arrangements for trade and transaction reporting.
In assessing a UK recognised body's systems and controls for the safeguarding and administration of assets belonging to users of its facilities, the FCA3 may have regard to the totality of the arrangements and processes by which the UK recognised body: 3(1) records the assets held and the identity of the owners of (and other persons with relevant rights over) those assets; (2) records any instructions given in relation to those assets;(3) records the carrying out of those instructions;(4)
The FCA3 may also have regard to the systems and controls intended to ensure that confidential information is only used for proper purposes. Where relevant, recognised bodies will have to comply with section 348 (Restrictions on disclosure of confidential information by the FCA3 etc.) and regulations made under section 349 (Exemptions from section 348) of the Act.33
A UK recognised body's arrangements for internal and external audit will be an important part of its systems and controls. In assessing the adequacy of these arrangements, the FCA3 may have regard to: 3(1) the size, composition and terms of reference of any audit committee of the UK recognised body'sgoverning body;(2) the frequency and scope of external audit; (3) the provision and scope of internal audit; (4) the staffing and resources of the UK recognised body's internal audit
Where MiFID RTS 7 applies to the UK RIE4, the FCA may, in assessing the adequacy of the UK recognised body’s information technology systems,4 have regard to:33(1) the organisation, management and resources of the information technology department within the UK recognised body;(2) the arrangements for 4documenting the design, development, implementation and use of information technology systems; and(3) the arrangements for maintaining, recording and enforcing technical and operational
5A firm must:(1) appoint an individual as MLRO, with responsibility for oversight of its compliance with the FCA'srules on systems and controls against money laundering; and(2) ensure that its MLRO has a level of authority and independence within the firm and access to resources and information sufficient to enable him to carry out that responsibility.
9(1) Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to delegate much of the task of monitoring the appropriateness and effectiveness of its systems and controls to an internal audit function. An internal audit function should have clear responsibilities and reporting lines to an audit committee or appropriate senior manager, be adequately resourced and staffed by competent individuals, be independent of the day-to-day activities
SYSC 12.1.8R (1) deals with the systems and controls that a firm should have in respect of the exposure it has to the rest of the group. On the other hand, the purpose of SYSC 12.1.8R (2) and the rules in this section that amplify it is to require groups to have adequate systems and controls. However a group is not a single legal entity on which obligations can be imposed. Therefore the obligations have to be placed on individual firms. The purpose of imposing the obligations
The FCA4 will consider the full circumstances of each case when determining whether or not to take action for a financial penalty or public censure. Set out below is a list of factors that may be relevant for this purpose. The list is not exhaustive: not all of these factors may be applicable in a particular case, and there may be other factors, not listed, that are relevant.4(1) The nature, seriousness and impact of the suspected breach, including:(a) whether the breach was deliberate
In some cases it may not be appropriate to take disciplinary measures against a firm for the actions of an individual6 (an example might be where the firm can show that it took all reasonable steps to prevent the breach). In other cases, it may be appropriate for the FCA4 to take action against both the firm and the individual6. For example, a firm may have breached the rule requiring it to take reasonable care to establish and maintain such systems and controls as are appropriate
9When determining, for the purposes of section 66A(5) of the Act, whether an SMF manager was responsible for the management of any of the firm’s activities in relation to which a contravention of a relevant requirement by the firm occurred, the FCA will consider the full circumstances of each case. A list of considerations that may be relevant for this purpose is set out below. This list is not exhaustive.(1) The SMF manager’sstatement of responsibilities, including whether the
9When determining under section 66A(5)(d) of the Act whether or not an SMF manager has taken such steps as a person in their position could reasonably be expected to take to avoid the contravention of a relevant requirement by the firm occurring (or continuing), additional considerations to which the FCA would expect to have regard include, but are not limited to:(1) the role and responsibilities of the SMF manager (for example, such steps as an SMF manager in a non-executive
The FCA will approve a person as a sponsor only if it is satisfied that the person :4(1) is 4an authorised person or a member of a designated professional body;(2) is 4competent to provide8sponsor services4 in accordance with LR 88; and8(3) has appropriate 4systems and controls in place to carry out its role as a sponsor in accordance with LR 884.488
7Situations when the FCA may impose restrictions or limitations on the services a sponsor can provide include (but are not limited to) where it appears to the FCA that: (1) the employees of the person applying to be a sponsor whom it is proposed will perform sponsor services have no or limited relevant experience and expertise of providing certain types of sponsor services or of providing sponsor services to certain types of company; or(2) the person applying to be a sponsor does
(1) A firm should:2(a) carry out assessments of the sort described in the overall Pillar 2 rule and IFPRU 2.2.13R on an ongoing basis; and2(b) document the assessments in (a), in line with IFPRU 2.2.43R to IFPRU 2.2.44R (Documentation of risk assessments), at least annually, or more frequently if changes in the business, strategy, nature or scale of its activities or operational environment suggest that the current level of financial resources is no longer adequate.2(2) The appropriateness
Compliance with the obligations in IFPRU 2.2.59 R must enable the FCA consolidation group or the non-EEA sub-group to have arrangements, processes and mechanisms that are consistent, well integrated and ensure that data relevant to the purpose of supervision can be produced.[Note: article 109(2) of CRD]
A firm should satisfy itself that the systems (including IT) of the FCA consolidation group or the non-EEA sub-group of which it is a member are sufficiently sound to support the effective management and, where applicable, the quantification of the risks that could affect the FCA consolidation group or the non-EEA sub-group, as the case may be.
The FCA, when considering whether a breach of its rules on systems and controls against money laundering has occurred, will have regard to whether a firm has followed relevant provisions in the guidance for the United Kingdom financial sector issued by the Joint Money Laundering Steering Group.1
A firm (with the exception of a sole trader who has no employees)21 must:12(1) appoint an individual as MLRO, with responsibility for oversight of its compliance with the FCA'srules on systems and controls against money laundering; and(2) ensure that its MLRO has a level of authority and independence within the firm and access to resources and information sufficient to enable him to carry out that responsibility.
Under section 289 of the Act (Applications: supplementary) or (for an RAP applicant) regulation 2 of the RAP regulations,3 the FCA5 may require the applicant to provide additional information, and may require the applicant to verify any information in any manner. In view of their likely importance for any application, the FCA5 will normally wish to arrange for its own inspection of an applicant's information technology systems.55
Information and supporting documentation (see REC 5.2.4 G).(1)Details of the applicant's constitution, structure and ownership, including its memorandum and articles of association (or similar or analogous documents ) and any agreements between the applicant, its owners or other persons relating to its constitution or governance (if not contained in the information listed in REC 5.2.3A G)1. An applicant for RAP status must provide details of the relationship between the governance
4The financial risk assessment should be based on a methodology which provides a reasonable estimate of the potential business losses which a UK RIE might incur in stressed but plausible market conditions. The FCA5 would expect a UK RIE to carry out a financial risk assessment at least once in every twelve-month period, or more frequently if there are material changes in the nature, scale or complexity of the UK RIE's operations or its business plans that suggest such financial
4The FCA5 would expect to consider the relevant annual6 financial risk assessment, any proposal with respect to an operational risk buffer and, if applicable, the consolidated balance sheet, in formulating, in accordance with the usual prudential cycle for UK RIEs,6 its guidance on the amount of eligible financial resources it considers to be sufficient for the UK RIE to hold for6 the recognition requirements. In formulating its guidance, the FCA5 would, where relevant, consider
10Situations when the FCA may impose restrictions or limitations on the services a sponsor can provide include (but are not limited to) where it appears to the FCA that: (1) the sponsor has no or limited relevant experience and expertise of providing certain types of sponsor services or of providing sponsor services to certain types of company; or(2) the sponsor does not have systems and controls in place which are appropriate for the nature of the sponsor services which the sponsor
A sponsor must notify the FCA in writing as soon as possible if:(1) 8(a) 8the sponsor ceases to satisfy the criteria for approval as a sponsor set out in LR 8.6.5 R or becomes aware of any matter which, in its reasonable opinion, would be relevant to the FCA in considering whether the sponsor continues to comply with LR 8.6.6 R; or(b) 8the sponsor becomes aware of any fact or circumstance relating to the sponsor or any of its employees engaged in the provision of sponsor services
The purpose of REC 3.16 is to ensure that the FCA1receives a copy of the UK recognised body's plans and arrangements for ensuring business continuity if there are major problems with its computer systems. The FCA1does not need to be notified of minor revisions to, or updating of, the documents containing a UK recognised body's business continuity plan (for example, changes to contact names or telephone numbers). [Note:MiFID RTS 7 requires that the operator of a trading venue assess
Where any reserve information technology system of a UK recognised body fails in such a way that, if the main information technology system of that body were also to fail, it would be unable to operate any of its facilities during its normal hours of operation, that body must immediately give the FCA1notice of that event, and inform the FCA:111(1) what action that UK recognised body is taking to restore the operation of the reserve information technology system; and (2) when it
1When considering whether to cancel a sponsor's approval on its own initiative, the FCA will take into account all relevant factors, including, but not limited to, the following: (1) the competence of the sponsor; (2) the adequacy of the sponsor's systems and controls; (3) the sponsor's history of compliance with the listing rules; (4) the nature, seriousness and duration of the suspected failure of the sponsor to meet (at
1When considering whether to cancel a primary information provider’s approval on its own initiative, the FCA will take into account all relevant factors, including, but not limited to, the following: (1) the competence of the primary information provider; (2) the adequacy of the primary information provider’s systems and controls; (3) the primary information provider’s history of compliance with DTR 8; (4) the nature, seriousness and duration of the suspected
(1) In the FCA's view: (a) a firm's staff includes its employees; (b) a person who performs a significant influence function for, or is a senior manager of, a firm would normally be expected to be part of the firm'sBIPRU Remuneration Code staff; (c) the table in (2) provides a non-exhaustive list of examples of key positions that should, subject to (d), be within a firm's definition of staff who are risk takers; (d) firms should consider how the examples in the table in (2) apply