Prudential Regulation Authority Rulebook

12.1

Operational Continuity 4.2 sets requirements relating to the management and governance structures of intra-entity and intra-group critical service providers. The PRA expects that all intra-entity and intra-group critical service providers are supported by effective management and governance arrangements. Effective management and governance supports operational continuity by ensuring clarity of management responsibilities in resolution, sufficient seniority of service provision management, and continued availability of staff critical to ensuring the continuity of service provision.

12.2

In ensuring that effective management and governance arrangements are in place, the PRA expects firms to take into account other relevant PRA requirements and expectations, including those described in Chapter 1 of this SS. In addition, the PRA expects that the arrangements supporting an intra-entity or intra-group critical service provider’s management and governance structure should include, but are not limited to:

• being able to demonstrate that the critical service provider has management of sufficient seniority in place who are responsible for the day-to-day running of services, and who could ensure the critical services would continue to be performed in a resolution scenario;
• ensuring that critical service providers do not rely on senior staff that perform significant duties for other entities in the group. In cases where a member of senior staff has multiple roles within the group, the PRA expects firms to ensure the responsibilities for critical services are not deprioritised in resolution;
• ensuring that critical services providers do not rely excessively on senior staff remunerated by other entities in the group. Firms should anticipate that staff responsible for the running of the service provider will still need to be remunerated in a resolution scenario. As such, the main part of their remuneration should be paid by the service provider and they should be employed by the service provider, where the critical services provider is a separate group entity;
• ensuring the availability of staff (including senior staff) in OCIR key job roles that support the continuity of critical services. This should be interpreted as a subset of the key job roles firms may have identified to develop the capabilities described in Chapter 4 of the Bank’s SoP ‘Management, Governance and Communication’;²² and
• having change capabilities, including sufficient staff and expertise, to support service continuity during changes that arise during resolution and restructuring.

12.3

The PRA expects firms to be able to articulate to the PRA the management and governance arrangements a critical services provider has in place.

12.4

Responsibility for operational continuity in resolution should be clear and explicit. Where it exists, the Chief Operations Senior Management Function (SMF) 24 may hold overall responsibility for implementing OCIR policy. As set out in paragraph 2.11H of SS28/15 ‘Strengthening individual accountability in banking’, the PRA recognises that the responsibilities likely to be allocated to the SMF24 may overlap with other Prescribed Responsibilities.²³ For instance, responsibility for operational continuity may be subsumed under the Prescribed Responsibility in Rule 4.1(10) of the Allocation of Responsibilities Part of the PRA Rulebook (‘responsibility for developing and maintaining the firm’s recovery plan and resolution pack and, where relevant, resolution assessment, and for overseeing the internal processes regarding their governance’). As long as accountability for all relevant responsibilities is clear and explicit, firms may allocate them in whichever way best reflects the way they organise themselves in practice. Further information on the SMF24 function is contained in SS28/15.