General Organisational Requirements

1.1

Unless otherwise stated, this Part applies to a CRR firm:

1. (1) with respect to the carrying on of the following from an establishment in the UK:
1. (a) regulated activities;
2. (b) activities that constitute dealing in investments as principal, disregarding the exclusion in article 15 of Regulated Activities Order;
3. (c) ancillary activities;
4. (d) in relation to MiFID business, ancillary services; and
5. (e) unregulated activities in a prudential context;
2. (2) [deleted.]
3. (3) in a prudential context with respect to activities wherever they are carried on; and
4. (4) taking into account any activity of other members of a group of which the firm is a member.

1.1A

2.1 to 2.8 do not apply to a firm with respect to the carrying on of benchmarking activities except to the extent that before IP completion day, they were made for the purpose of transposing an EU instrument...

1.2

In this Part, the following definitions shall apply: 

protected disclosure

means a qualifying disclosure as defined in section 43B of the Employment Rights Act 1996 made by a worker in accordance with sections 43C to 43H of the Employment Rights Act 1996.

reportable concern

means a concern held by any person in relation to the activities of a firm, including:

(a) any matter that, if disclosed, would be the subject-matter of a protected disclosure, including a breach of any rule;

(b) a failure to comply with the firm’s policy and procedures; and

(c) behaviour that has or is likely to have an adverse effect on the firm’s reputation or financial well-being.

worker

has the meaning as defined by section 230(3) of the Employment Rights Act 1996 and as extended under section 43K of the Employment Rights Act 1996.

1.3

In this Part, a reference to a provision of the Employment Rights Act 1996 includes a reference to the corresponding provision of the Employment Rights (Northern Ireland) Order 1996.

2.1

A firm must establish, implement and maintain robust governance arrangements and decision-making procedures, which include:

1. (1) a clear and documented organisational structure with well defined, transparent and consistent lines of responsibility;
2. (2) a clear and documented decision-making procedure which specifies reporting lines and allocates functions and responsibilities;
3. (3) effective processes to identify, manage, monitor and report the risks it is or to which it might be exposed; and
4. (4) adequate internal control mechanisms designed to secure compliance with decisions and procedures at all levels of the firm, including:
   1. (a) sound administrative and accounting procedures;
   2. (b) effective control and safeguard arrangements for information processing systems;
   3. (c) effective internal reporting and communication of information at all relevant levels of the firm; and
   4. (d) adequate and orderly records of its business and internal organisation.

[Note: Art. 74(1) of the CRD, Art. 16(5) second paragraph of MiFID II]

2.1A

A firm must comply with the following organisational requirements:

1. (1) ensure that relevant persons are aware of the procedures referred to in 2.1 which must be followed for the proper discharge of their responsibilities;
2. (2) employ personnel with the skills, knowledge and expertise necessary for the discharge of the responsibilities allocated to them; and
3. (3) ensure that the performance of multiple functions by its relevant persons does not, and is not likely to, prevent those persons from discharging any particular function soundly, honestly, and professionally.

2.2

The arrangements, processes and mechanisms referred to in 2.1 and 2.1A must be comprehensive and proportionate to the nature, scale and complexity of the risks inherent in the firm's business model and of the nature and range of the firm's activities undertaken in the course of its business and must take into account the specific technical criteria described in 2.6, Skills, Knowledge and Expertise 3.2, Risk Control and Remuneration.

[Note: Art. 74(2) of the CRD]

2.2A

[Deleted]

2.2B

[Deleted]

2.3

2.4

A firm must establish, implement and maintain systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question. Without prejudice to the ability of the PRA to require access to communications in accordance with applicable law, a firm must have sound security mechanisms in place to guarantee the security and authentication of the means of transfer of information, minimise the risk of data corruption and unauthorised access and to prevent information leakage maintaining the confidentiality of the data at all times.

[Note: Art. 16(5) of the MiFID II]

2.5

A firm must take reasonable steps to ensure continuity and regularity in the performance of its regulated activities. To this end the firm must employ appropriate and proportionate systems, resources and procedures.

[Note: Art. 16(4) of MiFID II]

2.6

A firm must establish, implement and maintain contingency and business continuity plans to ensure the firm’s ability to operate on an ongoing basis and limit losses in the event of severe business disruption.

[Note: Art. 85(2) of the CRD]

2.6A

A firm must establish, implement and maintain an adequate business continuity policy aimed at ensuring, in the case of an interruption to its systems and procedures, the preservation of essential data and functions, and the maintenance of relevant services and activities, or, where that is not possible, the timely recovery of such data and functions and the timely resumption of such services and activities.

2.7

2.7A

A firm must establish, implement and maintain accounting policies and procedures and ensure that, upon the request of the PRA, it is able to deliver in a timely manner to the PRA financial reports which reflect a true and fair view of its financial position and which comply with all applicable accounting standards and rules.

2.8

A firm must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with this Chapter and take appropriate measures to address any deficiencies.

2.9

2A.1

1. (1) 2A.2 applies to every CRR firm.
2. (2) 2A.3 – 2A.6 apply to any CRR firm that has average total gross assets exceeding £250 million, determined on the basis of the annual average amount of gross assets calculated across a rolling period of five years or, if it has been in existence for less than five years, across the period during which it has existed (in each case, calculated with reference to the CRR firm’s annual accounting reference date).

2A.2

1. (1) A firm must establish, implement and maintain appropriate and effective arrangements for the disclosure of reportable concerns by a person, including a firm’s employee, internally through a specific, independent and autonomous channel.
2. (2) The channel in (1) may be provided through arrangements with third parties, including social partners, subject to any applicable requirement under the Outsourcing Part.

[Note: Art. 71(3) of the CRD and Art. 73(2) of MiFID II]

2A.3

A firm must inform all workers of the channel in 2A.2.

2A.4

A firm must inform all workers:

1. (1) that they may disclose directly to the PRA or to the FCA anything that would be the subject-matter of a protected disclosure;
2. (2) of what would constitute a protected disclosure;
3. (3) that the PRA or the FCA are prescribed persons under section 43F of the Employments Rights Act 1996 and the effect of making a protected disclosure to the PRA or to the FCA; and
4. (4) of the means available to make a protected disclosure to the PRA or the FCA.

2A.5

A firm must ensure that nothing in its arrangements prevents or discourages any worker from making any disclosure to the PRA or the FCA before making the disclosure through the channel referred to in 2A.2.

2A.6

A firm must ensure that nothing in any employment contract or settlement agreement, including any other related or ancillary documentation, between the firm and a worker relating to the worker’s employment with the firm, entered into after the date on which these rules come into effect, prevents or discourages the worker from:

1. (a) making a protected disclosure, including to the PRA; and
2. (b) making a further protected disclosure connected to a protected disclosure already made under (a).

2A.7

If

1. (1) the firm is a subsidiary of a third country firm; and
2. (2) the third country firm also carries on regulated activities from an establishment in the UK;

the firm must provide information to the third country firm in the UK on the channel in 2A.2 and make the channel available to workers in the third country firm’s UK establishment.

2A.8

If

1. (1) the third country firm is a subsidiary of a firm [P]; and
2. (2) the third country firm also carries on regulated activities from an establishment in the UK

the firm [P] must provide information to the third country firm in the UK on the channel in 2A.2 and make the channel available to workers in the third country firm’s UK establishment.

3.1

The senior personnel of a firm must be of sufficiently good repute and sufficiently experienced as to ensure the sound and prudent management of the firm.

[Note: Art. 9(4) of MiFID II, Art. 91(1) of the CRD]

3.2

A firm must ensure that its management is undertaken by at least two persons meeting the requirements laid down in 3.1.

[Note: Art. 9(6) first paragraph of MiFID II and Art. 13(1) of the CRD]

4.1

[Deleted]

4.1A

[Deleted]

4.1B

[Deleted]

4.2

4.3

A firm must ensure that, when allocating functions internally, senior management and, where applicable, the governing body are responsible for ensuring that the firm complies with its obligations under the regulatory system.

4.4

A firm must ensure that senior management and, where applicable, the governing body assess and periodically review the effectiveness of the policies, arrangements and procedures put in place to comply with the firm's obligations under the regulatory system and take appropriate measures to address any deficiencies.

4.5

In its allocation of significant functions among senior managers, a firm must clearly establish who is responsible for overseeing and maintaining the firm's organisational requirements.

4.6

A firm must keep its records of the allocation of significant functions up-to-date.

4.7

A firm must ensure that its senior management receive on a frequent basis, and at least annually, written reports on the matters covered by the Compliance and Internal Audit and Risk Control Parts. Such written reports must indicate whether the appropriate remedial measures have been taken in the event of any deficiencies.

4.8

A firm must ensure that, for the purposes of 4.3 and 4.4, the governing body receives written reports on the matters covered by the Compliance, Internal Audit and Risk Control Parts on a regular basis.

5.1

A firm must ensure that the management body defines, oversees and is accountable for the implementation of governance arrangements that ensure effective and prudent management of the firm, including the segregation of duties in the organisation and the prevention of conflicts of interest. The firm must ensure that the management body:

1. (1) has overall responsibility for the firm;
2. (2) approves and oversees implementation of the firm’s strategic objectives, risk strategy and internal governance;
3. (3) ensures the integrity of the firm’s accounting and financial reporting systems, including financial and operational controls and compliance with the regulatory system;
4. (4) oversees the process of disclosure and communications;
5. (5) has responsibility for providing effective oversight of senior management; and
6. (6) monitors and periodically assesses:
1. (a) the adequacy and the implementation of the firm’s strategic objectives in the provision of its regulated activities;
2. (b) the effectiveness of the firm’s governance arrangements and adequacy of the policies relating to the provision of services to clients; and
3. (c) takes appropriate steps to address any deficiencies.

[Note: Art. 88(1) of the CRD and Art. 9(3) of MiFID II]

5.1A

Without prejudice to 5.1, those arrangements must ensure that the management body defines, approves and oversees:

1. (1) the organisation of the firm for the provision of regulated activities, including the skills, knowledge and expertise required by personnel, the resources, the procedures and the arrangements for the provision of services and activities, taking into account the nature, scale and complexity of its business and all the requirements the firm has to comply with; and
2. (2) a policy as to services, activities, products and operations offered or provided in accordance with the risk tolerance of the firm and the characteristics and needs of the clients of the firm to whom they will be offered or provided, including carrying out appropriate stress testing, where appropriate; and
3. (3) a remuneration policy of persons involved in the provision of services to clients aiming to encourage responsible business conduct, fair treatment of clients as well as avoiding conflict of interest in the relationship with clients.

[Note: Art. 9(3) of MiFID II]

5.2

A firm must ensure that the members of the management body of the firm:

1. (1) are of sufficiently good repute;
2. (2) possess sufficient knowledge, skills and experience to perform their duties;
3. (3) possess adequate collective knowledge, skills and experience to understand the firm’s activities, including the main risks;
4. (4) reflect an adequately broad range of experiences;
5. (5) commit sufficient time to perform their functions in the firm; and
6. (6) act with honesty, integrity and independence of mind to effectively assess and challenge the decisions of senior management where necessary and to effectively oversee and monitor management decision-making. Being a member of the management body of affiliated companies does not in itself constitute an obstacle to acting with independence of mind.

[Note: Art. 91(1)-(2) and (7)-(8) of the CRD and Art. 9(1) and (4) of MiFID II]

5.3

A firm must devote adequate human and financial resources to the induction and training of members of the management body.

[Note: Art. 91(9) of the CRD]

5.4

A firm must ensure that the members of the management body of the firm do not hold more directorships than is appropriate taking into account individual circumstances and the nature, scale and complexity of the firm’s activities.

[Note: Art. 91(3) of the CRD and Art. 9(1) of MiFID II]

5.5

1. (1) A firm that is significant must ensure that the members of the management body of the firm do not hold more than one of the following combinations of directorship in any organisation at the same time:
1. (a) one executive directorship with two non-executive directorships; and
2. (b) four non-executive directorships.
2. (2) Paragraph (1) does not apply to members of the management body that represent the UK.

[Note: Art. 91(3) of the CRD and Art. 9(1) of MiFID II]

5.6

For the purposes of 5.4 and 5.5:

1. (1) directorships in organisations which do not pursue predominantly commercial objectives shall not count; and
2. (2) the following shall count as a single directorship:
1. (a) executive or non-executive directorships held within the same group; or
2. (b) executive or non-executive directorships held within:
1. (i) firms that are members of the same institutional protection scheme provided that the conditions set out in Article 113(7) of the CRR are fulfilled; or
2. (ii) undertakings (including non-financial entities) in which the firm holds a qualifying holding.

[Note: Art. 91(4) and (5) of the CRD and Art. 9(1) of MiFID II]

5.7

A firm must ensure that the members of the management body of the firm have adequate access to information and documents that are needed to oversee and monitor management decision-making.

[Note: Art. 9(3) of MiFID II]

5.8

A firm that maintains a website must explain on the website how it complies with the requirements of this Chapter and Senior Management Functions 8.2.

[Note: Art. 96 of the CRD]

6.1

A firm that is significant must:

1. (1) establish a nomination committee composed of members of the management body who do not perform any executive function in the firm;
2. (2) ensure that the nomination committee is able to use any forms of resources the nomination committee deems appropriate, including external advice; and
3. (3) ensure that the nomination committee receives appropriate funding.

[Note: Art. 88(2) of the CRD and Art. 9(1) of MiFID II]

6.2

A firm that has a nomination committee must ensure that the nomination committee:

1. (1) engage a broad set of qualities and competences when recruiting members to the management body and for that purpose puts in place a policy promoting diversity on the management body;
2. (2) identifies and recommends for approval, by the management body or by general meeting, candidates to fill management body vacancies, having evaluated the balance of knowledge, skills, diversity and experience of the management body;
3. (3) prepares a description of the roles and capabilities for a particular appointment, and assesses the time commitment required;
4. (4) decides on a target for the representation of the underrepresented gender in the management body and prepares a policy on how to increase the number of the underrepresented gender in the management body in order to meet that target;
5. (5) periodically, and at least annually, assesses the structure, size, composition and performance of the management body and makes recommendations to the management body with regard to any changes;
6. (6) periodically, and at least annually, assesses the knowledge, skills and experience of individual members of the management body and of the management body collectively, and reports this to the management body;
7. (7) periodically reviews the policy of the management body for selection and appointment of senior management and makes recommendations to the management body; and
8. (8) in performing its duties, and to the extent possible, on an ongoing basis, takes account of the need to ensure that the management body’s decision making is not dominated by any one individual or small group of individuals in a manner that is detrimental to the interest of the firm as a whole.

[Note: Art. 88(2) and Art. 91(10) of the CRD and Art. 9(1) of MiFID II]

6.3

A firm that does not have a nomination committee must engage a broad set of qualities and competences when recruiting members to the management body. For that purpose a firm that does not have a nomination committee must put in place a policy promoting diversity on the management body.

[Note: Art. 91(10) of the CRD and Art. 9(1) of MiFID II]

6.4

A firm that maintains a website must explain on the website how it complies with the requirements of this Chapter.

[Note: Art. 96 of the CRD]

7.1

Where an Article 109 undertaking is a member of a consolidation group or a sub-consolidation group, the Article 109 undertaking must ensure that the governance arrangements, risk management processes and internal control mechanisms at the level of the consolidation group or sub-consolidation group of which it is a member comply with the obligations set out in 2.1, 2.1A, 2.2, 2.6, 2.6A, Chapter 5 and Chapter 6 of this Part and 2.3 to 2.5 in the Related Party Transaction Risk Part on a consolidated basis or a sub-consolidated basis.

7.1A

If this Part applies to an Article 109 undertaking on a consolidated basis or on a sub-consolidated basis, the Article 109 undertaking must carry out consolidation to the same extent and in the same manner as it is required to comply with the obligations laid down in Parts Two to Eight of the CRR on a consolidated basis or sub-consolidated basis.

7.2

Compliance with the obligations referred to in 7.1 must enable the consolidation group to have arrangements, processes and mechanisms that are consistent and well integrated and that any data relevant to the purpose of supervision can be produced.

[Note: Art 109(2) of the CRD]