General Organisational Requirements

1.1

Unless otherwise stated, this Part applies to a CRR firm;

1. (1) with respect to the carrying on of the following from an establishment in the UK:
1. (a) regulated activities;
2. (b) activities that constitute dealing in investments as principal, disregarding the exclusion in article 15 of Regulated Activities Order;
3. (c) ancillary activities;
4. (d) in relation to MiFID business, ancillary services; and
5. (e) unregulated activities in a prudential context; and
2. (2) with respect to the carrying on of passported activities by it from a branch in another EEA state;
3. (3) in a prudential context with respect to activities wherever they are carried on; and
4. (4) taking into account any activity of other members of a group of which the firm is a member.

1.2

In this Part, the following definitions shall apply:

protected disclosure

means a qualifying disclosure as defined in section 43B of the Employment Rights Act 1996 made by a worker in accordance with sections 43C to 43H of the Employment Rights Act 1996.

reportable concern

means a concern held by any person in relation to the activities of a firm, including:

(a) any matter that, if disclosed, would be the subject-matter of a protected disclosure, including a breach of any rule;

(b) a failure to comply with the firm’s policy and procedures; and

(c) behaviour that has or is likely to have an adverse effect on the firm’s reputation or financial well-being.

worker

has the meaning as defined by section 230(3) of the Employment Rights Act 1996 and as extended under section 43K of the Employment Rights Act 1996.

1.3

In this Part, a reference to a provision of the Employment Rights Act 1996 includes a reference to the corresponding provision of the Employment Rights (Northern Ireland) Order 1996.

2.1

A firm must have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.

[Note: Art. 74(1) of the CRD, Art. 13(5) second paragraph of MiFID]

2.2

The arrangements, processes and mechanisms referred to in 2.1 must be comprehensive and proportionate to the nature, scale and complexity of the risks inherent in the business model and of the firm's activities and must take into account the specific technical criteria described in 2.6, Skills, Knowledge and Expertise 3.2, Risk Control and Remuneration.

2.3

A firm must, taking into account the nature, scale and complexity of the business of the firm, and the nature and range of the financial services and activities undertaken in the course of that business establish, implement and maintain:

1. (1) decision-making procedures and an organisational structure which clearly and in a documented manner specifies reporting lines and allocates functions and responsibilities;
2. (2) adequate internal control mechanisms designed to secure compliance with decisions and procedures at all levels of the firm; and
3. (3) effective internal reporting and communication of information at all relevant levels of the firm.

[Note: Arts. 5(1) final paragraph, 5(1)(a), 5(1)(c) and 5(1)(e) of the MiFID implementing Directive]

2.4

A firm must establish, implement and maintain systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question.

[Note: Art. 5(2) of the MiFID implementing Directive]

2.5

A firm must take reasonable steps to ensure continuity and regularity in the performance of its regulated activities. To this end the firm must employ appropriate and proportionate systems, resources and procedures.

[Note: Art. 13(4) of MiFID]

2.6

A firm must establish, implement and maintain an adequate business continuity policy aimed at ensuring, in the case of an interruption to its systems and procedures, that any losses are limited, the preservation of essential data and functions, and the maintenance of its regulated activities, or, where that is not possible, the timely recovery of such data and functions and the timely resumption of those activities.

[Note: Art. 5(3) of the MiFID implementing Directive and Art 85(2) of the CRD]

2.7

A firm must establish, implement and maintain accounting policies and procedures that enable it, at the request of the PRA, to deliver in a timely manner to the PRA financial reports which reflect a true and fair view of its financial position and which comply with all applicable accounting standards and rules.

[Note: Art. 5(4) of the MiFID implementing Directive]

2.8

A firm must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with 2.3 to 2.7 and take appropriate measures to address any deficiencies.

[Note: Art. 5(5) of the MiFID implementing Directive]

2.9

2A.1

1. (1) 2A.2 applies to every CRR firm.
2. (2) 2A.3 – 2A.6 apply to any CRR firm that has average total gross assets exceeding £250 million, determined on the basis of the annual average amount of gross assets calculated across a rolling period of five years or, if it has been in existence for less than five years, across the period during which it has existed (in each case, calculated with reference to the CRR firm’s annual accounting reference date).

2A.2

1. (1) A firm must establish, implement and maintain appropriate and effective arrangements for the disclosure of reportable concerns by a person, including a firm’s employee, internally through a specific, independent and autonomous channel.
2. (2) The channel in (1) may be provided through arrangements with third parties, including social partners, subject to any applicable requirement under the Outsourcing Part.

[Note: Art. 71(3) of the CRD]

2A.3

A firm must inform all workers of the channel in 2A.2.

2A.4

A firm must inform all workers:

1. (1) that they may disclose directly to the PRA or to the FCA anything that would be the subject-matter of a protected disclosure;
2. (2) of what would constitute a protected disclosure;
3. (3) that the PRA or the FCA are prescribed persons under section 43F of the Employments Rights Act 1996 and the effect of making a protected disclosure to the PRA or to the FCA; and
4. (4) of the means available to make a protected disclosure to the PRA or the FCA.

2A.5

A firm must ensure that nothing in its arrangements prevents or discourages any worker from making any disclosure to the PRA or the FCA before making the disclosure through the channel referred to in 2A.2.

2A.6

A firm must ensure that nothing in any employment contract or settlement agreement, including any other related or ancillary documentation, between the firm and a worker relating to the worker’s employment with the firm, entered into after the date on which these rules come into effect, prevents or discourages the worker from:

1. (a) making a protected disclosure, including to the PRA; and
2. (b) making a further protected disclosure connected to a protected disclosure already made under (a).

3.1

The senior personnel of a firm must be of sufficiently good repute and sufficiently experienced as to ensure the sound and prudent management of the firm.

[Note: Art. 9(1) of MiFID, Art. 13(1) of the CRD]

3.2

A firm must ensure that its management is undertaken by at least two persons meeting the requirements laid down in 3.1.

[Note: Art. 9(4) first paragraph of MiFID and Art. 13(1) of the CRD]

4.1

A firm, when allocating functions internally, must ensure that senior personnel and, where appropriate, the supervisory function, are responsible for ensuring that the firm complies with its obligations under the regulatory system. In particular, senior personnel and, where appropriate, the supervisory function must assess and periodically review the effectiveness of the policies, arrangements and procedures put in place to comply with the firm’s obligations under the regulatory system and take appropriate measures to address any deficiencies.

[Note: Art. 9(1) of the MiFID implementing Directive]

4.2

A firm must ensure that:

1. (1) its senior personnel receive on a frequent basis, and at least annually, written reports on the matters covered by Compliance and Internal Audit 2.2 to 2.4 and 3.1, and Risk Control 2.1, 2.2 and 2.4 to 2.6, indicating in particular whether the appropriate remedial measures have been taken in the event of any deficiencies; and
2. (2) the supervisory function, if any, receives on a regular basis written reports on the same matters.

[Note: Art. 9(2) and Art. 9(3) of the MiFID implementing Directive]

5.1

A firm must ensure that the management body defines, oversees and is accountable for the implementation of governance arrangements that ensure effective and prudent management of the firm, including the segregation of duties in the organisation and the prevention of conflicts of interest. The firm must ensure that the management body:

1. (1) has overall responsibility for the firm;
2. (2) approves and oversees implementation of the firm’s strategic objectives, risk strategy and internal governance;
3. (3) ensures the integrity of the firm’s accounting and financial reporting systems, including financial and operational controls and compliance with the regulatory system;
4. (4) oversees the process of disclosure and communications;
5. (5) has responsibility for providing effective oversight of senior management; and
6. (6) monitors and periodically assesses the effectiveness of the firm’s governance arrangements and takes appropriate steps to address any deficiencies.

[Note: Art. 88(1) of the CRD]

5.2

A firm must ensure that the members of the management body of the firm:

1. (1) are of sufficiently good repute;
2. (2) possess sufficient knowledge, skills and experience to perform their duties;
3. (3) possess adequate collective knowledge, skills and experience to understand the firm’s activities, including the main risks;
4. (4) reflect an adequately broad range of experiences;
5. (5) commit sufficient time to perform their functions in the firm; and
6. (6) act with honesty, integrity and independence of mind to effectively assess and challenge the decisions of senior management where necessary and to effectively oversee and monitor management decision-making.

[Note: Art. 91(1)-(2) and (7)-(8) of the CRD]

5.3

A firm must devote adequate human and financial resources to the induction and training of members of the management body.

[Note: Art. 91(9) of the CRD]

5.4

A firm must ensure that the members of the management body of the firm do not hold more directorships than is appropriate taking into account individual circumstances and the nature, scale and complexity of the firm’s activities.

[Note: Art. 91(3) of the CRD]

5.5

1. (1) A firm that is significant must ensure that the members of the management body of the firm do not hold more than one of the following combinations of directorship in any organisation at the same time:
1. (a) one executive directorship with two non-executive directorships; and
2. (b) four non-executive directorships.
2. (2) Paragraph (1) does not apply to members of the management body that represent the UK.

[Note: Art. 91(3) of the CRD]

5.6

For the purposes of 5.4 and 5.5:

1. (1) directorships in organisations which do not pursue predominantly commercial objectives shall not count; and
2. (2) the following shall count as a single directorship:
1. (a) executive or non-executive directorships held within the same group; or
2. (b) executive or non-executive directorships held within:
1. (i) firms that are members of the same institutional protection scheme provided that the conditions set out in Article 113(7) of the CRR are fulfilled; or
2. (ii) undertakings (including non-financial entities) in which the firm holds a qualifying holding.

[Note: Art. 91(4) and (5) of the CRD]

5.7

5.8

A firm that maintains a website must explain on the website how it complies with the requirements of this Chapter and Senior Management Functions 8.2.

[Note: Art. 96 of the CRD]

6.1

A firm that is significant must:

1. (1) establish a nomination committee composed of members of the management body who do not perform any executive function in the firm;
2. (2) ensure that the nomination committee is able to use any forms of resources the nomination committee deems appropriate, including external advice; and
3. (3) ensure that the nomination committee receives appropriate funding.

[Note: Art. 88(2) of the CRD]

6.2

A firm that has a nomination committee must ensure that the nomination committee:

1. (1) engage a broad set of qualities and competences when recruiting members to the management body and for that purpose puts in place a policy promoting diversity on the management body;
2. (2) identifies and recommends for approval, by the management body or by general meeting, candidates to fill management body vacancies, having evaluated the balance of knowledge, skills, diversity and experience of the management body;
3. (3) prepares a description of the roles and capabilities for a particular appointment, and assesses the time commitment required;
4. (4) decides on a target for the representation of the underrepresented gender in the management body and prepares a policy on how to increase the number of the underrepresented gender in the management body in order to meet that target;
5. (5) periodically, and at least annually, assesses the structure, size, composition and performance of the management body and makes recommendations to the management body with regard to any changes;
6. (6) periodically, and at least annually, assesses the knowledge, skills and experience of individual members of the management body and of the management body collectively, and reports this to the management body;
7. (7) periodically reviews the policy of the management body for selection and appointment of senior management and makes recommendations to the management body; and
8. (8) in performing its duties, and to the extent possible, on an ongoing basis, takes account of the need to ensure that the management body’s decision making is not dominated by any one individual or small group of individuals in a manner that is detrimental to the interest of the firm as a whole.

[Note: Art. 88(2) and Art. 91(10) of the CRD]

6.3

A firm that does not have a nomination committee must engage a broad set of qualities and competences when recruiting members to the management body. For that purpose a firm that does not have a nomination committee must put in place a policy promoting diversity on the management body.

[Note: Art. 91(10) of the CRD]

6.4

A firm that maintains a website must explain on the website how it complies with the requirements of this Chapter.

[Note: Art. 96 of the CRD]

7.1

Where a firm is a member of a consolidation group, the firm must ensure that the risk management processes and internal control mechanisms at the level of the consolidation group of which it is a member comply with the obligations set out in 2.1, 2.6, Chapter 5 and Chapter 6 of this Part on a consolidated basis.

7.2

Compliance with the obligations referred to in 7.1 must enable the consolidation group to have arrangements, processes and mechanisms that are consistent and well integrated and that any data relevant to the purpose of supervision can be produced.

[Note: Art 109(2) of the CRD]