General Organisational Requirements

1.1

Unless otherwise stated, this Part applies to a CRR firm;

1. (1) with respect to the carrying on of the following from an establishment in the UK:
1. (a) regulated activities;
2. (b) activities that constitute dealing in investments as principal, disregarding the exclusion in article 15 of Regulated Activities Order;
3. (c) ancillary activities;
4. (d) in relation to MiFID business, ancillary services; and
5. (e) unregulated activities in a prudential context;
2. (2) with respect to the carrying on of passported activities by it from a branch in another EEA state;
3. (3) in a prudential context with respect to activities wherever they are carried on; and
4. (4) taking into account any activity of other members of a group of which the firm is a member.

1.1A

2.1 to 2.8 do not apply to a firm with respect to the carrying on of benchmarking activities except to the extent that they transpose an EU instrument.

1.2

In this Part, the following definitions shall apply:

Article 21 Organisational Requirements

means requirements and obligations as set out in Article 21(1)(a),(c),(e),(f),(3),(4) (General Organisational Requirements) of the MODR.

Article 25 Senior Management Requirements

means requirements and obligations as set out in Article 25 (Responsibility of senior management) of the MODR.

other matters

means, in relation to a requirement under the MODR, matters within the scope of 1.1 that are not within the scope of that requirement.

protected disclosure

means a qualifying disclosure as defined in section 43B of the Employment Rights Act 1996 made by a worker in accordance with sections 43C to 43H of the Employment Rights Act 1996.

reportable concern

means a concern held by any person in relation to the activities of a firm, including:

(a) any matter that, if disclosed, would be the subject-matter of a protected disclosure, including a breach of any rule;

(b) a failure to comply with the firm’s policy and procedures; and

(c) behaviour that has or is likely to have an adverse effect on the firm’s reputation or financial well-being.

worker

has the meaning as defined by section 230(3) of the Employment Rights Act 1996 and as extended under section 43K of the Employment Rights Act 1996.

1.3

In this Part, a reference to a provision of the Employment Rights Act 1996 includes a reference to the corresponding provision of the Employment Rights (Northern Ireland) Order 1996.

2.1

A firm must have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.

[Note: Art. 74(1) of the CRD, Art. 16(5) second paragraph of MiFID II]

2.2

The arrangements, processes and mechanisms referred to in 2.1 must be comprehensive and proportionate to the nature, scale and complexity of the risks inherent in the business model and of the firm's activities and must take into account the specific technical criteria described in 2.6, Skills, Knowledge and Expertise 3.2, Risk Control and Remuneration.

[Note: Art. 74(2) of the CRD]

2.2A

A MiFID investment firm must extend the arrangements required by the Article 21 Organisational Requirements, so they apply with respect to other matters on the following basis:

1. (1) references to “investment services and activities” are references to financial services and activities;
2. (2) references to “relevant persons” are references to relevant persons; and
3. (3) references to “Article 25(2)” are references to General Organisational Requirements 4.2.

2.2B

A firm that is not a MiFID investment firm must comply with the Article 21 Organisational Requirements, on the basis set out in 2.2A and as if references to “investment firm” refer to a firm.

2.3

2.4

A firm must establish, implement and maintain systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question. Without prejudice to the ability of a competent authority to require access to communications in accordance with applicable law, a firm must have sound security mechanisms in place to guarantee the security and authentication of the means of transfer of information, minimise the risk of data corruption and unauthorised access and to prevent information leakage maintaining the confidentiality of the data at all times.

[Note: Art. 16(5) of the MiFID II]

2.5

A firm must take reasonable steps to ensure continuity and regularity in the performance of its regulated activities. To this end the firm must employ appropriate and proportionate systems, resources and procedures.

[Note: Art. 16(4) of MiFID II]

2.6

A firm must establish, implement and maintain contingency and business continuity plans to ensure the firm’s ability to operate on an ongoing basis and limit losses on the event of severe business disruption.

[Note: Art. 85(2) of the CRD]

2.7

2.8

A firm must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with this Chapter and take appropriate measures to address any deficiencies.

2.9

2A.1

1. (1) 2A.2 applies to every CRR firm.
2. (2) 2A.3 – 2A.6 apply to any CRR firm that has average total gross assets exceeding £250 million, determined on the basis of the annual average amount of gross assets calculated across a rolling period of five years or, if it has been in existence for less than five years, across the period during which it has existed (in each case, calculated with reference to the CRR firm’s annual accounting reference date).

2A.2

1. (1) A firm must establish, implement and maintain appropriate and effective arrangements for the disclosure of reportable concerns by a person, including a firm’s employee, internally through a specific, independent and autonomous channel.
2. (2) The channel in (1) may be provided through arrangements with third parties, including social partners, subject to any applicable requirement under the Outsourcing Part.

[Note: Art. 71(3) of the CRD and Art. 73(2) of MiFID II]

2A.3

A firm must inform all workers of the channel in 2A.2.

2A.4

A firm must inform all workers:

1. (1) that they may disclose directly to the PRA or to the FCA anything that would be the subject-matter of a protected disclosure;
2. (2) of what would constitute a protected disclosure;
3. (3) that the PRA or the FCA are prescribed persons under section 43F of the Employments Rights Act 1996 and the effect of making a protected disclosure to the PRA or to the FCA; and
4. (4) of the means available to make a protected disclosure to the PRA or the FCA.

2A.5

A firm must ensure that nothing in its arrangements prevents or discourages any worker from making any disclosure to the PRA or the FCA before making the disclosure through the channel referred to in 2A.2.

2A.6

A firm must ensure that nothing in any employment contract or settlement agreement, including any other related or ancillary documentation, between the firm and a worker relating to the worker’s employment with the firm, entered into after the date on which these rules come into effect, prevents or discourages the worker from:

1. (a) making a protected disclosure, including to the PRA; and
2. (b) making a further protected disclosure connected to a protected disclosure already made under (a).

2A.7

If

1. (1) the firm is a subsidiary of a third country firm; and
2. (2) the third country firm also carries on regulated activities from an establishment in the UK;

the firm must provide information to the third country firm in the UK on the channel in 2A.2 and make the channel available to workers in the third country firm’s UK establishment.

2A.8

If

1. (1) the third country firm is a subsidiary of a firm [P]; and
2. (2) the third country firm also carries on regulated activities from an establishment in the UK

the firm [P] must provide information to the third country firm in the UK on the channel in 2A.2 and make the channel available to workers in the third country firm’s UK establishment.

3.1

The senior personnel of a firm must be of sufficiently good repute and sufficiently experienced as to ensure the sound and prudent management of the firm.

[Note: Art. 9(4) of MiFID II, Art. 91(1) of the CRD]

3.2

A firm must ensure that its management is undertaken by at least two persons meeting the requirements laid down in 3.1.

[Note: Art. 9(6) first paragraph of MiFID II and Art. 13(1) of the CRD]

4.1

4.1A

A MiFID investment firm must extend the arrangements required by the Article 25 Senior Management Requirements so they apply with respect to the other matters on the following basis:

(1) references to “Directive 2014/56/EU” are references to “the regulatory system”; and

(2) references to “Articles 22, 23 and 24” are references to Compliance and Internal Audit and Risk Control.

4.1B

A firm that is not a MiFID investment firm must comply with the Article 25 Senior Management Requirements on the basis set out in 4.1A and as if references to “investment firm” refer to a firm.

4.2

5.1

A firm must ensure that the management body defines, oversees and is accountable for the implementation of governance arrangements that ensure effective and prudent management of the firm, including the segregation of duties in the organisation and the prevention of conflicts of interest. The firm must ensure that the management body:

1. (1) has overall responsibility for the firm;
2. (2) approves and oversees implementation of the firm’s strategic objectives, risk strategy and internal governance;
3. (3) ensures the integrity of the firm’s accounting and financial reporting systems, including financial and operational controls and compliance with the regulatory system;
4. (4) oversees the process of disclosure and communications;
5. (5) has responsibility for providing effective oversight of senior management; and
6. (6) monitors and periodically assesses:
1. (a) the adequacy and the implementation of the firm’s strategic objectives in the provision of its regulated activities;
2. (b) the effectiveness of the firm’s governance arrangements and adequacy of the policies relating to the provision of services to clients; and
3. (c) takes appropriate steps to address any deficiencies.

[Note: Art. 88(1) of the CRD and Art. 9(3) of MiFID II]

5.1A

Without prejudice to 5.1, those arrangements must ensure that the management body defines, approves and oversees:

1. (1) the organisation of the firm for the provision of regulated activities, including the skills, knowledge and expertise required by personnel, the resources, the procedures and the arrangements for the provision of services and activities, taking into account the nature, scale and complexity of its business and all the requirements the firm has to comply with; and
2. (2) a policy as to services, activities, products and operations offered or provided in accordance with the risk tolerance of the firm and the characteristics and needs of the clients of the firm to whom they will be offered or provided, including carrying out appropriate stress testing, where appropriate; and
3. (3) a remuneration policy of persons involved in the provision of services to clients aiming to encourage responsible business conduct, fair treatment of clients as well as avoiding conflict of interest in the relationship with clients.

[Note: Art. 9(3) of MiFID II]

5.2

A firm must ensure that the members of the management body of the firm:

1. (1) are of sufficiently good repute;
2. (2) possess sufficient knowledge, skills and experience to perform their duties;
3. (3) possess adequate collective knowledge, skills and experience to understand the firm’s activities, including the main risks;
4. (4) reflect an adequately broad range of experiences;
5. (5) commit sufficient time to perform their functions in the firm; and
6. (6) act with honesty, integrity and independence of mind to effectively assess and challenge the decisions of senior management where necessary and to effectively oversee and monitor management decision-making.

[Note: Art. 91(1)-(2) and (7)-(8) of the CRD and Art. 9(1) and (4) of MiFID II]

5.3

A firm must devote adequate human and financial resources to the induction and training of members of the management body.

[Note: Art. 91(9) of the CRD]

5.4

A firm must ensure that the members of the management body of the firm do not hold more directorships than is appropriate taking into account individual circumstances and the nature, scale and complexity of the firm’s activities.

[Note: Art. 91(3) of the CRD and Art. 9(1) of MiFID II]

5.5

1. (1) A firm that is significant must ensure that the members of the management body of the firm do not hold more than one of the following combinations of directorship in any organisation at the same time:
1. (a) one executive directorship with two non-executive directorships; and
2. (b) four non-executive directorships.
2. (2) Paragraph (1) does not apply to members of the management body that represent the UK.

[Note: Art. 91(3) of the CRD and Art. 9(1) of MiFID II]

5.6

For the purposes of 5.4 and 5.5:

1. (1) directorships in organisations which do not pursue predominantly commercial objectives shall not count; and
2. (2) the following shall count as a single directorship:
1. (a) executive or non-executive directorships held within the same group; or
2. (b) executive or non-executive directorships held within:
1. (i) firms that are members of the same institutional protection scheme provided that the conditions set out in Article 113(7) of the CRR are fulfilled; or
2. (ii) undertakings (including non-financial entities) in which the firm holds a qualifying holding.

[Note: Art. 91(4) and (5) of the CRD and Art. 9(1) of MiFID II]

5.7

A firm must ensure that the members of the management body of the firm have adequate access to information and documents that are needed to oversee and monitor management decision-making.

[Note: Art. 9(3) of MiFID II]

5.8

A firm that maintains a website must explain on the website how it complies with the requirements of this Chapter and Senior Management Functions 8.2.

[Note: Art. 96 of the CRD]

6.1

A firm that is significant must:

1. (1) establish a nomination committee composed of members of the management body who do not perform any executive function in the firm;
2. (2) ensure that the nomination committee is able to use any forms of resources the nomination committee deems appropriate, including external advice; and
3. (3) ensure that the nomination committee receives appropriate funding.

[Note: Art. 88(2) of the CRD and Art. 9(1) of MiFID II]

6.2

A firm that has a nomination committee must ensure that the nomination committee:

1. (1) engage a broad set of qualities and competences when recruiting members to the management body and for that purpose puts in place a policy promoting diversity on the management body;
2. (2) identifies and recommends for approval, by the management body or by general meeting, candidates to fill management body vacancies, having evaluated the balance of knowledge, skills, diversity and experience of the management body;
3. (3) prepares a description of the roles and capabilities for a particular appointment, and assesses the time commitment required;
4. (4) decides on a target for the representation of the underrepresented gender in the management body and prepares a policy on how to increase the number of the underrepresented gender in the management body in order to meet that target;
5. (5) periodically, and at least annually, assesses the structure, size, composition and performance of the management body and makes recommendations to the management body with regard to any changes;
6. (6) periodically, and at least annually, assesses the knowledge, skills and experience of individual members of the management body and of the management body collectively, and reports this to the management body;
7. (7) periodically reviews the policy of the management body for selection and appointment of senior management and makes recommendations to the management body; and
8. (8) in performing its duties, and to the extent possible, on an ongoing basis, takes account of the need to ensure that the management body’s decision making is not dominated by any one individual or small group of individuals in a manner that is detrimental to the interest of the firm as a whole.

[Note: Art. 88(2) and Art. 91(10) of the CRD and Art. 9(1) of MiFID II]

6.3

A firm that does not have a nomination committee must engage a broad set of qualities and competences when recruiting members to the management body. For that purpose a firm that does not have a nomination committee must put in place a policy promoting diversity on the management body.

[Note: Art. 91(10) of the CRD and Art. 9(1) of MiFID II]

6.4

A firm that maintains a website must explain on the website how it complies with the requirements of this Chapter.

[Note: Art. 96 of the CRD]

7.1

Where a firm is a member of a consolidation group, the firm must ensure that the risk management processes and internal control mechanisms at the level of the consolidation group of which it is a member comply with the obligations set out in 2.1, 2.6, Chapter 5 and Chapter 6 of this Part on a consolidated basis.

7.1A

If this Part applies to a firm on a consolidated basis or on a sub-consolidated basis, the firm must carry out consolidation to the same extent and in the same manner as it is required to comply with the obligations laid down in Parts Two to Eight of the CRR on a consolidated basis or sub-consolidated basis.

7.2

Compliance with the obligations referred to in 7.1 must enable the consolidation group to have arrangements, processes and mechanisms that are consistent and well integrated and that any data relevant to the purpose of supervision can be produced.

[Note: Art 109(2) of the CRD]