Prudential Regulation Authority Rulebook

15.1

This Chapter does not apply to the FSCS.

15.2

A firm must provide the PRA with a report on its systems to comply with 11.1 and 11.2 and its continuity of access systems within three months of receiving a Part 4A permission to accept deposits.

15.3

A firm must notify the PRA and FSCS of a material change in the firm’s systems to comply with 11.1 and 11.2 and its continuity of access systems within 3 months of the change.

15.4

The notification in 15.3 must be accompanied by a statement signed on behalf of the firm’s governing body confirming that the firm’s systems to comply with 11.1 and 11.2 and its continuity of access systems satisfy the requirements in 11.1, 11.2, 11.8 and 13.4 to 13.9.

15.5

A firm must provide the report to the PRA promptly upon request by the PRA.

15.6

A firm must update the report annually.

15.7

The report that a firm provides under 15.2 must contain:

1. (1) a description of:
1. (a) the firm’s systems to comply with 11.1 and 11.2 and continuity of access systems and how those systems have been implemented;
2. (b) the testing undertaken with respect to its systems to comply with 11.1 and 11.2 and continuity of access systems;
3. (c) the firm’s plan for the ongoing maintenance of its systems to comply with 11.1 and 11.2 and continuity of access systems;
4. (d) how the firm’s governing body will ensure that they remain satisfied that its systems to comply with 11.1 and 11.2 and continuity of access systems continue to satisfy the requirements of 13.4 to 13.9;
5. (e) any other factors relevant to the design of its systems to comply with 11.1 and 11.2 and continuity of access systems or to an assessment of whether those systems satisfy the requirements of 13.4 to 13.9;
6. (f) any dependencies in operating its systems to comply with 11.1 and 11.2 and continuity of access systems (such as reliance on group systems);
2. (2) a statement signed on behalf of the firm’s governing body confirming that the firm’s systems to comply with 11.1 and 11.2 and continuity of access systems satisfy the requirements of 13.4 to 13.9;
3. (3) a statement of whether the firm’s systems to comply with 11.1 and 11.2 and continuity of access systems have been reviewed by internal or external auditors, and, if so, a statement of the findings of that review; and
4. (4) a statement of whether there has been a material change to the firm’s systems to comply with 11.1 and 11.2 and continuity of access systems since the date of the firm’s previous report.