Internal governance. Supervisory Statement SS21/15. April 2015

Similar documents
Supervisory Statement SS21/15 Internal governance. April (Updating October 2014)

Senior Management Arrangements, Systems and Contro. Chapter 21. Risk control: additional guidance

Supervisory Statement SS1/17 Supervising international banks: the PRA s approach to branch supervision liquidity reporting.

Compliance Guide to the FCA Handbook. Issue 4 Senior Management Arrangements, Systems and Controls (SYSC)

Supervisory Statement SS12/15 Solvency II: Lloyd s. March Appendix 2.12

Credit risk mitigation

Supervisory Statement SS5/16 Corporate governance: Board responsibilities. July 2018 (Updating March 2016)

Policy Statement PS28/15 The PRA Rulebook: Part 4 and response to Chapter 1 of CP41/15. December 2015

Supervisory Statement SS8/16 Ring-fenced bodies (RFBs) December (Updating February 2017)

Supervisory Statement SS7/14 Reports by skilled persons. June 2014 (Updated September 2015)

Policy Statement PS16/16 Implementing audit committee requirements under the revised Statutory Audit Directive. May 2016

Supervisory Statement SS11/15 Solvency II: regulatory reporting and exemptions. March Appendix 2.11

PILLAR 3 DISCLOSURES MERCER UK AUGUST 2016

Pillar 3 Disclosure November 2016

Pillar 3 Disclosures Year ended 31 st December 2017

Supervisory Statement SS1/16 Written reports by external auditors to the PRA. January 2016

Supervisory Statement SS28/15 Strengthening individual accountability in banking. September 2016 (Updating January 2016)

Neptune Investment Management Limited ( Neptune or the Company ) Pillar 3 Disclosures 2017

Supervisory Statement SS7/13. CRD IV and capital. December 2013

Supervisory Statement SS15/16 Solvency II: Monitoring model drift and standard formula SCR reporting for firms with an approved internal model

Supervisory Statement SS8/16 Ring-fenced bodies (RFBs)

Policy Statement PS7/18 Model risk management principles for stress testing. April 2018

Strengthening individual accountability in banking

CAPTIVE BEST PRACTICE GUIDELINES

Policy Statement PS10/17 Ensuring operational continuity in resolution: reporting requirements. April 2017

Policy Statement PS12/18 Algorithmic trading. June 2018

The use of PRA powers to address serious failings in the culture of firms

Supervisory Statement SS7/15 Solvency II: supervision of firms in difficulty or run-off. March Appendix 2.7

PRA expectations regarding the application of malus to variable remuneration

Supervisory Statement SS6/16 Recalculation of the transitional measure on technical provisions under Solvency II

Consultation Paper CP9/18 Solvency II: Internal models modelling of the volatility adjustment

Neptune Investment Management Limited ( Neptune or the Company ) Pillar 3 Disclosures 2013

Group Solvency and Financial Condition Report

Group Solvency and Financial Condition Report

Policy Statement PS9/19 Solvency II: Group own fund availability. March 2019

Recovery planning. Supervisory Statement SS18/13. December 2013

DARLINGTON BUILDING SOCIETY CAPITAL REQUIREMENTS DIRECTIVE

ICAAP Pillar 3 Disclosure

Managed Pension Funds Limited

Pillar 3 Disclosures. Invesco UK Limited

Virgin Money Holdings (UK) plc (the Company ) Board Risk Committee Terms of Reference

Policy Statement PS1/18 Strengthening individual accountability in insurance: optimisations to the SIMR. February 2018

Solvency II: ORSA and the ultimate time horizon non-life firms

PRA RULEBOOK: CRR FIRMS, NON CRR FIRMS: INDIVIDUAL ACCOUNTABILITY INSTRUMENT (No. 4) 2015

Revising the principles for the supervision of financial conglomerates

Solvency and Financial Condition Report 20I7

Supervisory Statement SS4/15 Solvency II: the solvency and minimum capital requirements. March Appendix 2.4

Solvency & Financial Condition Report. Surestone Insurance dac March

Valu-Trac Investment Management Limited Pillar 3 Disclosure

Aggregation of holdings for the purpose of prudential assessment of controllers

Statement of Policy The implementation of ring-fencing: the PRA s approach to ring-fencing transfer schemes. March 2016

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

Consultation Paper CP35/16 Whistleblowing in UK branches

Form E Internal transfer of an approved person (for Solvency II firms only 1 )

Solvency and Financial Condition Report. The United Kingdom Mutual Steam Ship Assurance Association (Europe) Limited

Supervisory Statement SS35/15 Strengthening individual accountability in insurance. July 2018 (Updating February 2018)

China International Capital Corporation (UK) Limited Pillar 3 Disclosure In respect of Financial Year Ended 31 December 2016

TD BANK INTERNATIONAL S.A.

Legal and General Assurance (Pensions Management) Limited. Solvency and Financial Condition Report 31 DECEMBER 2018

STATUTORY INSTRUMENTS. S.I. No. 604 of 2017 CENTRAL BANK (SUPERVISION AND ENFORCEMENT) ACT 2013 (SECTION 48(1)) (INVESTMENT FIRMS) REGULATIONS 2017

Appendix 3 relating to Part 1: Draft BTS EU Exit Instruments

Policy Statement PS36/16 Financial statements - responses to Chapter 3 of CP17/16. December 2016

BAILLIE GIFFORD. Governance, Risk Management and Capital Disclosures ( Pillar 3 ) June 2017

CAPITAL REQUIREMENTS DIRECTIVE PILLAR 3 DISCLOSURE DOCUMENT 31 ST MARCH P a g e

M&G Group Pillar 3 Disclosures

THE CO-OPERATIVE BANK PLC RISK COMMITTEE. Terms of Reference

BAILLIE GIFFORD. Governance, Risk Management and Capital Disclosures ( Pillar 3 ) June 2018

Policy Statement PS12/16 Financial Services Compensation Scheme management expenses levy limit 2016/17. March 2016

CORPORATE GOVERNANCE CODE FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS

Corporate Governance Guideline

Pillar 3 Disclosures. 31 December 2013

Tungsten Corporation plc Tungsten Bank plc. Pillar 3 Disclosures. 8 July / 20

Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers

CAPITAL REQUIREMENTS DIRECTIVE PILLAR 3 DISCLOSURE DOCUMENT

Board Risk & Compliance Committee Charter

Policy Statement PS21/17 UK leverage ratio: treatment of claims on central banks. October 2017

SOLVENCY AND FINANCIAL CONDITION REPORT EUROLIFE LTD

Pillar 3 Disclosures. Sterling ISA Managers Limited Year Ending 31 st December 2017

EC Insurance Company Ltd.

Pillar 3 Disclosure. for the year ended 31st December 2016

Corporate Governance Code for Credit Institutions and Insurance - Undertakings

Legal and General Assurance (Pensions Management) Limited. Solvency and Financial Condition Report 31 DECEMBER 2017

SOLVENCY AND FINANCIAL CONDITION REPORT EUROLIFE LTD

Covéa Life Limited Solvency and Financial Condition Report. 31 st December Prepared by: Covéa Life Limited Norman Place Reading RG1 8DA.

Managed Pension Funds Limited

Senior Managers Regime: Statement of Responsibilities

Ingenious Capital Management Limited: Pillar III Disclosure

Consultation Paper CP29/17 International banks: the Prudential Regulation Authority s approach to branch authorisation and supervision

Supervisory Statement SS7/17 Solvency II: Data collection of market risk sensitivities. October 2017

The financial stability information power

Statement of Policy The PRA s approach to identifying other systemically important institutions (O-SIIs) February 2016

Schroder Pension Management Limited. Solvency and Financial Condition Report as at 31 December 2017

Capital Requirements Directive. Pillar 3 Disclosures

COLUMBIA THREADNEEDLE INVESTMENTS Threadneedle Pensions Limited

RISK COMMITTEE CHARTER THE CHARLES SCHWAB CORPORATION

Mutuality and with-profits funds: a way forward

Consultation Paper CP25/17 Pillar 2: Update to reporting requirements

Policy Statement PS11/18 Resolution planning: MREL reporting. June 2018

The PRA Rulebook: Part 3

BANKUNITED, INC. CHARTER OF THE RISK COMMITTEE

Transcription:

Supervisory Statement SS21/15 Internal governance April 2015 (Updated August 2015)

Prudential Regulation Authority 20 Moorgate London EC2R 6DA Prudential Regulation Authority, registered office: 8 Lothbury, London EC2R 7HH. Registered in England and Wales No: 07854923

Supervisory Statement SS21/15 Internal governance April 2015 (Updated August 2015) Prudential Regulation Authority 2015

Internal governance April 2015 5 1 Introduction 1.1 This supervisory statement is relevant to banks, building societies and Prudential Regulation Authority (PRA) designated investment firms. It sets out the expectations of the PRA in relation to how firms should comply with the rules in the General Organisational Requirements, Skills, Knowledge and Expertise, Compliance and Internal Audit, Risk Control, Outsourcing and Record Keeping Parts of the PRA Rulebook. 2 Internal governance Business continuity 2.1 The PRA expects the matters dealt with in a business firm s continuity policy to include the following: (a) resource requirements such as people, systems and other assets, and arrangements for obtaining these resources; (b) the recovery priorities for the firm s operations; (c) communication arrangements for internal and external concerned parties (including the appropriate regulator, clients and the media); (d) escalation and invocation plans that outline the processes for implementing the business continuity plans, together with relevant contact information; (e) processes to validate the integrity of information affected by the disruption; and (f) regular testing of the business continuity policy in an appropriate and proportionate manner in accordance with Rule 2.8 in the General Organisational Requirements Part. Audit committee 2.2 Depending on the nature, scale and complexity of its business, the PRA expects it may be appropriate for a firm to form an Audit Committee. An Audit Committee would typically examine management s process for ensuring the appropriateness and effectiveness of systems and controls. 2.3 The Audit Committee would also examine the arrangements made by management to ensure compliance with requirements and standards under the regulatory system, oversee the operations of the internal audit function (if applicable) and provide an interface between management and external auditors. It should have an appropriate number of non-executive directors and it should have formal terms of reference. Persons who effectively direct the business 2.4 In the case of a body corporate, the PRA expects that the persons referred to in Rule 2.3 of the General Organisational Requirements Part of the PRA Rulebook should either be executive directors or persons granted executive powers by, and reporting immediately to, the governing body. In the case of a partnership, they should be active partners. 2.5 The PRA expects at least two independent minds should be applied to the formulation and implementation of the policies of a firm. Where a firm nominates two individuals to direct its business, the PRA will not regard them as both effectively directing the business where one of them makes some, albeit significant, decisions relating to only a few aspects of the business. 2.6 The two independent minds should be involved in the decision-making process on all significant decisions. Both should demonstrate the qualities and application to influence strategy, day-to-day policy and its implementation. This does not require their day-to-day involvement in the execution and implementation of policy. It does, however, require involvement in strategy and general direction, as well as knowledge of, and influence on, the way in which strategy is being implemented through day-to-day policy. 2.7 Where there are more than two individuals directing the business of a firm, the PRA does not regard it as necessary for all of these individuals to be involved in all decisions relating to the determination of strategy and general direction. However, at least two individuals should be involved in all such decisions. Both individuals judgement should be engaged so that major errors leading to difficulties for the firm are less likely to occur. 2.8 Similarly, each individual should have sufficient experience and knowledge of the business, and the necessary personal qualities and skills, to detect and resist any imprudence, dishonesty or other irregularities by the other individual. Where a single individual, whether a chief executive, managing director or otherwise, is particularly dominant in such a firm, this will raise doubts about whether Rule 3.2 in the General Organisational Requirements Part of the PRA Rulebook is met. Responsibility of senior personnel 2.9 In the PRA s view, the supervisory function does not include a general meeting of the shareholders of a firm, or equivalent bodies, but could involve, for example, a separate supervisory board within a two-tier board structure or the establishment of a non-executive committee of a single-tier board structure. An individual s suitability 2.10 In the PRA s view, a firm s systems and controls should enable it to determine the suitability of anyone who acts for it. This includes assessing an individual s honesty and competence. This assessment should normally be made at the point of recruitment.

6 Internal governance April 2015 2.11 The PRA expects that any assessment of an individual s suitability takes into account the level of responsibility that the individual will assume within the firm. The nature of this assessment will generally differ depending on whether it takes place at the start of the individual s recruitment, at the end of the probationary period (if there is one) or subsequently. Segregation of functions 2.12 In the PRA s view, the effective segregation of duties is an important element in the internal controls of a firm in the prudential context. In particular, it helps to ensure that no one individual is completely free to commit a firm s assets or incur liabilities on its behalf. Segregation can also help to ensure that a firm s governing body receives objective and accurate information on financial performance, the risks faced by the firm and the adequacy of its systems. 2.13 The PRA expects a firm to ensure that no single individual has unrestricted authority to do all of the following: (a) initiate a transaction; (b) bind the firm; (c) make payments; and (d) account for it. 2.14 Where a firm is unable to ensure the complete segregation of duties (for example, because it has a limited number of staff), it should ensure that there are adequate compensating controls in place (for example, frequent review of an area by relevant senior managers). 2.15 Where a firm outsources its internal audit function, the PRA expects it to take reasonable steps to ensure that every individual involved in the performance of this service is independent from the individuals who perform its external audit. This should not prevent services from being undertaken by a firm s external auditors provided that the work is carried out under the supervision and management of the firm s own internal staff. Compliance remuneration 2.16 In setting the method of determining the remuneration of relevant persons involved in the compliance function, in the PRA s view, firms that SYSC 19A applies to will also need to comply with the Remuneration Code. Internal audit 2.17 The term internal audit function in Internal Audit 3.1 and General Organisational Requirements 2.1 in the PRA Rulebook refers to the generally understood concept of internal audit within a firm, ie, the function of assessing adherence to and the effectiveness of internal systems and controls, procedures and policies. The internal audit function is not a controlled function itself, but it is part of the systems and controls function (CF28). Risk control 2.18 The PRA considers that for a firm included within the scope of Internal Capital Adequacy Assessment 15, the strategies, policies and procedures for identifying, taking up, managing, monitoring and mitigating the risks to which the firm is, or might be, exposed include conducting reverse stress testing. A firm that falls outside the scope of Internal Capital Adequacy Assessment 15 should consider conducting reverse stress tests on its business plan as well. This would further senior personnel s understanding of the firm s vulnerabilities and would help them design measures to prevent or mitigate the risk of business failure. 2.19 In setting the method of determining the remuneration of employees involved in the risk management function, in the PRA s view, firms that SYSC 19A applies to will also need to comply with the Remuneration Code. 2.20 The PRA considers the term risk management function in Rules 2.5 and 2.6 in the Risk Control Part of the PRA Rulebook to refer to the generally understood concept of risk assessment within a firm, that is, the function of setting and controlling risk exposure. 2.21 In Rule 3.2 of the Risk Control Part of the PRA Rulebook, a CRR firm that is significant is subject to requirements regarding the establishment of nomination and risk committees and certain restrictions on the holding of certain combinations of directorships. 2.22 For the purposes of those requirements, a firm whose size, interconnectedness, complexity and business type gives it the capacity to cause some disruption to the UK financial system (and through that to economic activity more widely) by failing or by carrying on its business in an unsafe manner. 2.23 Rule 2.1 of the General Requirements Part of the PRA Rulebook requires a firm to have effective processes to identify, manage, monitor and report risks and internal control mechanisms. Except in relation to those functions described in Rule 2.1 of the Outsourcing Part of the PRA Rulebook, where a firm relies on a third party for the performance of operational functions which are not critical or important for the performance of relevant services and activities on a continuous and satisfactory basis, the firm should take into account, (in a manner that is proportionate given the nature, scale and complexity of the outsourcing), the rules in the Internal Governance Part of the PRA Rulebook complying with that requirement. 2.24 A firm should notify the PRA when it intends to rely on a third party for the performance of operational functions that

Internal governance April 2015 7 are critical or important for the performance of relevant services and activities on a continuous and satisfactory basis. Record keeping 2.25 Subject to any other record-keeping rule, the PRA expects records to be capable of being reproduced in the English language on paper. Where a firm is required to retain a record of a communication that was not made in the English language, it may retain it in that language. However, it should be able to provide a translation on request. If a firm s records relate to business carried on from an establishment in a country or territory outside the United Kingdom, an official language of that country or territory may be used instead of the English. 2.26 In relation to the retention of records for non-markets in Financial Instruments Directive 2004/39/EC (MiFID) business, in the PRA s view, a firm should have appropriate systems and controls in place with respect to the adequacy of, access to, and the security of its records so that the firm may fulfil its regulatory and statutory obligations. With respect to retention periods, the general principle is that records should be retained for as long as is relevant for the purposes for which they are made. Risk control on governance arrangements Paragraphs 2.27 2.35 were added to Chapter 2 on 3 August 2015 following CP17/15 The PRA Rulebook: Part 3. 2.27 The PRA expects that CRR firms should, taking account of their size, nature and complexity, consider whether their risk control arrangements should include: appointing a Chief Risk Officer; and establishing a governing body risk committee. Chief Risk Officer 2.28 The PRA expects that a Chief Risk Officer should: ensure that the data used by the firm to assess its risks are fit for purpose in terms of quality, quantity and breadth; provide oversight and challenge of the firm s systems and controls in respect of risk management; provide oversight and validation of the firm s external reporting of risk; ensure the adequacy of risk information, risk analysis and risk training provided to members of the firm s governing body; report to the firm s governing body on the firm s risk exposures relative to its risk appetite and tolerance, and the extent to which the risks inherent in any proposed business strategy and plans are consistent with the governing body s risk appetite and tolerance. The Chief Risk Officer should also alert the firm s governing body to and provide challenge on, any business strategy or plans that exceed the firm s risk appetite and tolerance; and provide risk-focused advice and information into the setting and individual application of the firm s remuneration policy. 2.29 The PRA expects that where a firm is part of a group it will structure its arrangements so that a Chief Risk Officer at an appropriate level within the group will exercise functions in 2.28 taking into account group-wide risks. 2.30 The Chief Risk Officer should be accountable to a firm s governing body. 2.31 Firms should ensure that a Chief Risk Officer s remuneration is subject to approval by the firm's governing body, or an appropriate sub-committee. Governing body risk committee 2.32 The PRA considers that while the firm s governing body is ultimately responsible for risk governance throughout the business, firms that are not significant CRR firms should consider establishing a governing body risk committee to provide focused support and advice on risk governance. 2.33 The PRA expects that a governing body risk committee s responsibilities will typically include: providing advice to the firm s governing body on risk strategy, including the oversight of current risk exposures of the firm, with particular, but not exclusive, emphasis on prudential risks; development of proposals for consideration by the governing body in respect of overall risk appetite and tolerance, as well as the metrics to be used to monitor the firm s risk management performance; oversight and challenge of the design and execution of stress and scenario testing; oversight and challenge of the day-to-day risk management and oversight arrangements of the executive; oversight and challenge of due diligence on risk issues relating to material transactions and strategic proposals that are subject to approval by the governing body; providing advice to the firm s remuneration committee on risk weightings to be applied to performance objectives incorporated in the incentive structure for the executive; and

8 Internal governance April 2015 providing advice, oversight and challenge necessary to embed and maintain a supportive risk culture throughout the firm. 2.34 Where a governing body risk committee is established, its chairman should be a non-executive director, and while its membership should predominantly be non-executive it may be appropriate to include senior executives such as the chief finance officer. 2.35 In carrying out their risk governance responsibilities, a firm s governing body and governing body risk committee should have regard to any relevant advice from its audit committee or internal audit function concerning the effectiveness of its current control framework. In addition, they should remain alert to the possible need for expert advice and support on any risk issue, taking action to ensure that they receive such advice and support as may be necessary to meet their responsibilities effectively.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback