Systems and control

FCA-authorised firms must have appropriate systems and controls in place taking into account the nature, scale, and complexity of the business. This creates numerous obligations, primarily relating to:

FCA-authorised firms must have in position at least two senior managers, a compliance officer and a money laundering reporting officer (although one person may hold multiple positions).

Any person carrying on a “controlled function” (such as those functions mentioned in the above paragraph) currently fall within the “approved persons” regime and so need the FCA to approve that they are “fit and proper” to carry out their roles. The FCA’s “fit and proper” test considers a candidate’s honesty, competence and capability and financial soundness. The approved persons regime also establishes duties for approved persons, such as ongoing training obligations.

The FCA is implementing the new “senior managers and certification regime” ("SMCR”) to replace the “approved persons” regime. SMCR requires certain senior managers to be approved by the FCA and other members of staff in significant harm functions to be “certified” by firms as having all adequate skills to fulfil their roles. The SMCR is already in force for banks and insurers, and will be extended to all other solo-regulated (i.e. not also PRA-regulated) firms as of 9 December 2019.

FCA-authorised firms are also required to have certain policies and procedures in place to govern the business of the firm. These will vary depending on the nature of the business carried out at that firm but will include:

Firms are obliged to keep records of their matters and dealings with customers and other information, such as suitability assessments, conflicts of interest, and outsourcing arrangements. Obligations vary depending on the type of business carried out by the firm, for instance, firms executing transactions on behalf of clients must keep records of execution orders. There are also time limits setting out the length of time for which each type of record must be held at a minimum.

Firms are obliged to inform the FCA of both:

The event-driven obligations require the FCA be notified when a firm discovers an issue relating to its activities or personnel that the FCA ought reasonably to be informed about, such as an event which would significantly adversely affect the reputation of a firm. The FCA has additional specific rules relating to certain events, such as the hiring of a new “approved person” or a change to a person who “controls” the firm.

The FCA’s reporting system, “GABRIEL”, requires firms to update the FCA about their business by providing information including (but not limited to) product sales data, capital adequacy, and other financial information.

As published in Butterworths Journal of International Banking & Financial Law, June 2019.