Resources Compliance
  
Occasional Papers
2008
2007
2006

Other Links

Knowledge Base Home
Resource Compliance
Bulletin Archive (login)

MiFID AND CRD
Organisational Systems and Controls: A "Common Platform"

June 2006

The FSA has issued a consultation paper which sets out proposed FSA rules and guidance to implement the organisational requirements in both the European Union's (EU) Market in Financial Instrument Directive (MiFID) and in the related, but separate, Capital Requirements Directive (CRD). It proposes a unified set of requirements applying to firms subject to either or both directives, the "common platform".

Important Note: The EU has not yet finalised the "level 2" implementing measures. The Commission expects to adopt Level 2 in mid-September with publication in the Official Journal in the fourth quarter of 2006. If the MiFID implementing directive differs significantly from the current draft (6th February 2006), which has been used in the production of this Consultation Paper (CP), there may be a further consultation and the eventual rules could differ from those contained in the consultation document.

1. Introductions and Overview

MiFID replaces the existing Investment Services Directive (ISD). MiFID will significantly alter how firms carrying on investment business organise their internal systems and controls and how they interact with their customers. Thus, in the UK, several key FSA sourcebooks will need to be amended to take account of the provisions of the directive. Because of this, firms which might otherwise be outwith the directive (such as financial advisers who have a potential exemption under Article 3) will be affected by the changes to the detailed rules that will affect all regulated firms in the UK to a greater or lesser extent.

The CRD recasts two existing EU directives: the Banking Consolidation Directive (BCD) and the Capital Adequacy Directive (CAD). It will introduce a supervisory framework in the EU reflecting the rules on capital measurement and capital standards set out in the Revised Basel Framework (Basel 2) agreed in June 2004 at Group of Ten (G10) level, with appropriate adjustments to take account of EU specifics.

1.1. THE CONSULTATIONS

Consultation Paper CP 06/9 (May 2006) is entitled "Organisational Systems and Controls - Common platform for firms". It contains proposals for a "common platform" - a unified set of requirements applying to firms subject to either or both of MiFID or the CRD. It also includes transitional provisions to deal with the different implementation dates for CRD and MiFID.

CP 06/10 (May 2006) is a separate consultation paper on the restructuring of the FSA Handbook as a result of the implementation of the CRD. The CP is entitled "Strengthening Capital Standards - Restructuring the Handbook". The FSA proposals involve a revision of the prudential structure of the Handbook, and the reorganisation as follows:

  • new prudential sourcebooks for insurers (INSPRU), mortgage firms and insurance intermediaries (MIPRU) and UCITS firms (UPRU) all of which are to be created from existing material; and
  • a deletion of large parts of the existing interim prudential sourcebooks for banks and building societies - shortly to be superseded by the CRD regime.

CP 06/10 also includes proposals on transitional provisions relating to the CRD and prudential changes for UCITS investment firms as a result of implementing article 66 of the MiFID.

Proposals were also set out - with a full set of draft rules and guidance for the GENPRU and BIPRU modules of the FSA Handbook - in CP 06/3 (March 2006).

This paper mainly considered the proposals for changes to SYSC, contained in CP 06/9.

1.2. THE "GAP YEAR" - TRANSITIONAL ARRANGEMENTS

CP 06/9 includes transitional provisions to deal with the different implementation dates for CRD and MiFID, which are respectively 1st January and 1st November 2007. In this year, it is proposed that firms subject to the CRD should have a choice as to whether they comply with the full common platform (which will include requirements derived from MiFID) or a regime based simply on what is necessary to implement the CRD.

Until 1st November 2007 the common platform will not be mandatory for firms that are subject solely to MiFID. Such firms will however have the option of adopting the common platform from 1st January 2007 if they wish.

2. Which firms are subject to MiFID? - Perimeter Guidance and Exemptions

MiFID will directly affect:

  • retail banks
  • investment banks
  • venture capital firms
  • stockbrokers
  • investment managers
  • proprietary trading firms
  • corporate finance firms
  • wholesale market brokers
  • providers of custody services.

The FSA has included guidance in CP 06/9 to help firms decide whether they are carrying out MiFID services and then to help determine their CRD prudential category. This guidance, the draft Perimeter Guidance, is described in Chapter 10 and set out in Annex 5. The FSA has supplied some Q&As and flow charts and tables to help firms consider whether and how their business is impacted by these Directives.

The scope of MiFID differs from that of the Investment Services Directive (ISD), which previously covered this area, in several ways. The main impact is that investment advice becomes an investment service in its own right under MiFID. In addition, EU regulation will be extended to a wider range of derivative products than the ISD.

For MiFID purposes, an investment firm is any legal person whose regular occupation or business is:

  • the provision of one or more investment services to third parties; and/or
  • the performance of one or more investment activities on a professional basis.

Article 2 of MiFID incorporates various exemptions, including amongst others:

  • members of professions providing incidental investment services
  • professional investors who invest only for themselves
  • company pension schemes
  • collective investment undertakings and their operators
  • commodity producers
  • commodity traders
  • certain local organisations especially in Denmark and Italy.

If a firm is subject to an exemption, then although the requirements of MiFID do not apply, neither do the privileges, such as being able to acquire passporting rights under the Directive.

However, although a firm may be exempt under MiFID, it does not necessarily follow that it will be excluded from the scope of the HM Treasury Regulatory Activities Order (RAO). Each firm will still need to consider the RAO to determine whether it requires FSA authorisation and the appropriate Permissions. In each case, it will be for firms and individuals to consider their own situation and whether MiFID applies to them.

In addition to the exemptions in article 2 above, article 3 allows an optional exemption for certain receivers, transmitters and advisers who do not hold client money or securities and comply with other prescribed conditions (this includes UK IFAs / financial advisers). The exemption is similar to the existing (non-optional) exemption for these firms in the ISD. The UK authorities propose that this optional exemption is exercised for UK firms. In the event that firms wish to opt out of the relevant exemption, usually because they wish or need to acquire passporting rights, then they will need to notify the FSA that they no longer wish to be treated as exempt. The full MiFID requirements will then apply.

3. The Common Platform and Changes to SYSC

A common platform firm (i.e. a firm subject to CRD or MiFID or both) in the FSA draft rules is defined by reference to the terms introduced in recent CRD CPs - a "BIPRU firm" or an "exempt CAD firm" or a local firm as defined in the Banking Consolidation Directive (BCD). A "BIPRU firm" is covered by the Prudential Sourcebook applying specifically to banks, building societies and investment firms. The change will take place in January 2007, when the current interim prudential sourcebooks (IPRUs) for banks and building societies will be replaced with BIPRU as part of the general simplification of the Handbook framework on prudential supervision.

CP 6/09 proposes a unified set of requirements applying to firms subject to either or both directives, the "common platform".

This unified approach is in line with the FSA's move to a more principles-based approach to regulation that emphasises senior management responsibility. Including the systems and controls requirements at a high level is in line with the regulator's over-arching objective that a firm's senior management takes responsibility to comply effectively with financial services regulation. CP 6/09 demonstrates the FSA belief that a key element of that is determining what processes and internal organisation are appropriate for their business.

Chapter 3 of the Senior Management Arrangements, Systems and Controls (SYSC), within the High Level Standards section (Block 1) of the FSA Handbook will be replaced with seven new chapters for common platform firms. Each new chapter covers a particular subject and these new chapters are collectively known as the Common Platform. SYSC Chapter 3 will be disapplied to all common platform firms on 1st November 2007 and replaced by the new chapters. SYSC Chapter 3 will remain in force for firms not subject to either Directive.

Common platform firms may choose to comply with the common platform instead of SYSC Chapter 3 at any time in the 10 months prior to 1st November 2007 if they wish. However, from 1st January 2007, a firm that is subject to the CRD must comply with the systems and controls requirements contained in the CRD. In order to make certain that these requirements are implemented by 1st January 2007, the provisions have been copied across into SYSC Chapter 3 where they will remain for the 10 months to 1st November 2007. During the "gap year", a firm subject only to MiFID will also remain subject to SYSC Chapter 3 (although it will not have to comply with the new CRD related provisions) unless it opts to comply with the common platform requirements before 1st November 2007, in which case SYSC 3 will cease to apply to it and it will be subject to SYSC Chapters 4 to 10 instead.

The new chapters are as follows:

  • Chapter 4: General organisational requirements (including business continuity)
  • Chapter 5: Employees, agents and other relevant persons (including senior management requirements)
  • Chapter 6: Compliance (including internal audit)
  • Chapter 7: Risk controls (including certain CRD risk-specific material)
  • Chapter 8: Outsourcing
  • Chapter 9: Record keeping
  • Chapter 10: Conflicts of interest.

The requirements on record keeping are mainly located in the existing COB Sourcebook and a later CP (due in October 2006) will consider the impact of the MiFID on COB. That paper will contain proposals for high-level record-keeping requirements, which will form SYSC Chapter 9. 3.1 GENERAL ORGANISATIONAL REQUIREMENTS - UNIFIED AND PARALLEL RULES AS PROPOSED The new SYSC Chapter 4 contains the proposed rules and guidance on the general organisation of a firm and covers:

  • governance, internal controls and organisation
  • accounting procedures
  • audit committee
  • business continuity
  • the persons controlling a firm (the 'four eyes requirement')
  • senior management responsibility.

It is proposed that there will be unified standards applying as follows:

  • on governance, internal controls and organisation by extension of the qualification contained within the Draft Implementing Measures that a firm's systems and controls should take into account the nature, scale and complexity of its business - to common platform firms not subject to MiFID (CRD-only firms) to CRD-only firms
  • on accounting systems and controls, where the MiFID requirement that a firm must be able to produce financial statements which give a true and fair view of its financial position and comply with all applicable accounting standards and rules is to be extended to CRD-only firms
  • on on-going monitoring, where the MiFID requirement that a firm monitors, and regularly evaluates, the adequacy of its systems, internal control mechanisms and arrangements and takes appropriate measures to address any deficiencies, is to be extended to CRD-only firms
  • on audit committees, where the guidance in SYSC are carried across to the common platform, although they are not covered in MiFID

There will be parallel sets of rules applying as follows:

  • on the security, integrity and confidentiality of information, where the costs to CRD-only firms of applying the MiFID requirements have been rejected as an option on cost grounds,
  • on business continuity where the proposal is to "copy-out" the separate requirements in both the CRD and MiFID, adding a rule making clear that a firm within the scope of both MiFID and CRD should comply with the MiFID rules on business continuity for its investment services and activities (i.e. its MiFID business), and the CRD rule for all of its other business.

The FSA is asking for views on the following areas, before deciding on its approach to commonality:

Verification of compliance, where the CAD requirements on firms' internal control and administrative and accounting procedures permit the verification of its compliance with CAD at all times, may be expanded to refer to compliance with the 'regulatory system'. 3.2 EMPLOYEES AND AGENTS - UNIFIED AND PARALLEL RULES AS PROPOSED The new SYSC Chapter 5 contains proposals for the employees and agents of a firm which cover:

  • awareness of procedures;
  • segregation of duties;
  • employees' competence, skills, knowledge and expertise; and
  • ongoing monitoring.

The general requirements are that firms have a responsibility to ensure that the staff they employ (and agents) do their jobs properly, follow internal procedures, are competent to perform the tasks they are given, and are not given multiple duties that might compromise their ability to act properly. Both MiFID and the CRD cover this area and the common platform proposal is a unified standard.

There is one exception, as an application of the MiFID requirement that firms' relevant persons are aware of the procedures to be followed to do their jobs properly to CRD-only firms is super-equivalent. There are therefore two standards proposed in this area with the MiFID requirement for firms subject to MiFID, but no such requirement for CRD-only firms.

In addition, it is proposed that some material currently contained within SYSC chapter 3 should be retained and included in the new SYSC chapter 5.

3.3 COMPLIANCE (INCLUDING INTERNAL AUDIT) - UNIFIED AND PARALLEL RULES AS PROPOSED

The new SYSC Chapter 6 contains proposals for compliance and internal audit. The CRD does not contain definite requirements on either function, but the MiFID requirements are broadly in line with existing requirements - which are that firms need to establish effective systems and procedures to help them meet their regulatory requirements.

3.3.1 Compliance

The new requirements for the common platform take into account the FSA's belief that all firms should be subject to the same standards in this area, although acknowledging that the standards should be applied in a way that is proportionate to the nature, scale and complexity of a firm's business. There will be a unified set of requirements, to apply to common platform firms, broadly in line with existing Handbook provisions.

The unified approach goes beyond the minimum requirements of both directives, as the unified standard will apply to CRD-only firms (which goes beyond the CRD's minimum requirements) and to all of a firm's regulated activities (which is super-equivalent for a MiFID-only firm). The requirement of compliance with requirements and standards under the regulatory system is broader than MiFID as it includes requirements under the CRD and FSMA.

3.3.2 Internal Audit

It is proposed that a firm, where appropriate and proportionate, must establish and maintain an internal audit function which is separate and independent from its other functions and activities. There is no difference in substance between this proposal and the current Handbook requirements, but it should be noted that these requirements will be a rule while the material it replaces consists of guidance and evidential provisions.

Again, this proposal is super-equivalent as the common platform will extend MiFID requirements, which apply to all of a firm's business, to CRD-only firms.

3.3.3. Financial Crime

In addition to the above, the new SYSC Chapter 6 has a sub-section that retains the existing requirements in SYSC Chapter 3 for countering financial crime. These proposals are outside the scope of MiFID and CRD.

3.4 RISK CONTROL - UNIFIED AND PARALLEL RULES AS PROPOSED

The new SYSC Chapter 7 contains proposals for implementing CRD and MiFID risk control and certain CRD risk-specific requirements. There are also proposals on group risk, which are in SYSC Chapter 12. The approach here is to propose a unified high-level standard clarifying FSA expectations, but no unified standard for certain specific risk requirements.

The proposals do not differ substantially from the current Handbook material except that high level rules will replace what is currently primarily detailed guidance. It is proposed that common platform firms must establish, implement and maintain adequate risk management policies and procedures which identify and set the tolerable level of risk relating to a firm's activities including employees' compliance with them. A firm must also have a separate risk control function, where this is proportionate, depending on the nature, scale and complexity of its business. This function will be responsible for assessing the risks that the firm faces and for advising the firm's governing body and senior managers on those risks.

This approach goes beyond the Directive requirements by extending the MiFID requirements on risk management to CRD-only firms and also by extending them to cover all employees, regardless of seniority and whether or not they are involved in MiFID or non-MiFID business.

In addition, it is proposed to extend to MiFID-only firms the CRD requirement to document the organisation and responsibilities of the risk assessment function to ensure that firms can show that they have properly established and maintained it.

There are certain additional CRD-based risk-specific proposals which it is not proposed should be extended to MiFID-only firms. A CRD firm's risk management strategy will also be required to cover credit and counterparty risk; residual risk; market risk and operational risk, including low frequency high-severity events.

In addition to the above, SYSC Chapter 7 copies out the specific CRD liquidity risk requirements, which will only apply to a firm subject to the CRD. Ultimately, these will appear in SYSC Chapter 11, but they are included in SYSC Chapter 7 at present, for timetabling reasons.

3.5 OUTSOURCING - UNIFIED RULES AS PROPOSED

The new SYSC Chapter 8 contains proposals on outsourcing - but not including any proposals on the outsourcing of retail portfolio management services to non-EEA service providers. There is a belief that the relevant Article may change before adoption by the European Parliament (EP). Any proposals will be in the Reforming COB Regulation CP - due in October 2006.

The proposals extend the detailed MiFID requirements on a unified basis for all of a common platform firm's material outsourcing in relation to:

  • regulated activities whether MiFID business or not (e.g. deposit taking activities and the safeguarding and administration of investments as well as MiFID investment services and activities)
  • listed activities under the BCD (e.g. lending activities)
  • ancillary services under MiFID (e.g. the provision of investment research).

There is also guidance to the effect that application of outsourcing provisions is limited by the wider application provisions of SYSC. There is no proposal to apply the material outsourcing requirements as rules for non-material outsourcing. Guidance is proposed that a firm should take the material outsourcing rules into account, as appropriate and proportionate, for its non-material outsourcing.

The proposals go beyond the Directive's minimum requirements for a CRD-only firm, and, to the extent that the unified standard applies to material outsourcing generally, it is super-equivalent for a MiFID firm that also does non-MiFID business because it is not limited to just MiFID business.

3.6 RECORD KEEPING

Proposals to implement the MiFID record-keeping requirements are not contained in detail in this consultation as they will be included in the 'Reforming COB Regulation' CP (due October 2006). This is because some elements are liable to change before the Draft Implementing Measures are finally adopted and because they mainly affect the Conduct of Business (COB) Sourcebook.

The high level record-keeping requirements will form the new SYSC Chapter 9. Consideration is currently being given to a possible amendment of the transitional provision so that the record-keeping requirements in SYSC Chapter 3 remain in force until 1st November 2007 for firms that adopt the common platform early. Such firms would therefore only need to make one set of changes on record-keeping and be allowed a full ten months (to 1st November 2007) to implement any changes they need to make.

Firms that do not adopt the common platform before 1st November 2007 will remain subject to the SYSC Chapter 3 record-keeping requirements.

The existing rules and guidance on financial information and record-keeping are being retained for investment firms in the relevant chapters of IPRU(INV) until 1st November 2007. They will therefore remain in force for BIPRU firms when the rest of IPRU(INV) is turned off on 1st January 2007 as part of the Handbook restructure. The future of the existing SYSC and IPRU(INV) record-keeping material will be included as part of the record-keeping proposals in the COB CP due in October 2006.

3.7 CONFLICTS OF INTEREST - UNIFIED AND PARALLEL RULES AS PROPOSED

The MiFID and CRD requirements on the management of conflicts of interest will be covered in rules and guidance in the new Chapter 10 of SYSC. This will replace current material in COB Chapter 7.1, 5.10 and 2.4 for common platform firms.

Provisions in both the directives mean that a firm is required to establish and maintain an effective policy to manage conflicts of interest between the firm and its clients and between clients of the firm, appropriate to the size and organisation of the firm and to the nature, scale and complexity of its business. The common platform proposal contains a unified requirement along these lines to oblige firms to manage conflicts of interest wherever they arise in the regulated activities and ancillary activities they carry on.

The common platform proposals require disclosure of an actual or potential conflict of interest as a method of managing a conflict, but only where the firm is not reasonably confident that its procedures and measures for managing the conflict or potential conflict will prevent the risk of damage to the interests of its clients.

It is proposed to retain existing Handbook material not in MiFID or the CRD, including guidance on the management of conflicts of interest in corporate finance business. In addition, provisions for the legal effect of information barriers will be retained in SYSC 10.2, as provided in current COB 2.4.4R and COB 2.4.6R. Firms will continue to be able to rely on effective "Chinese walls" for rules that apply to a firm acting with knowledge. The common platform will mean changes to COB for common platform firms. A further Annex will be published containing proposal for consequential changes to COB and (as necessary) to any other Handbook modules, in due course.

The MiFID requirements on conflicts of interest in investment research and inducement will be consulted on in the 'Reforming COB Regulation' CP (due October 2006).

4. Next Steps

Consultation closes on 19th August 2006. A feedback statement will be published in the fourth quarter of 2006. In addition, a further Annex to this CP will be published, to cover the consequential amendments required to other parts of the Handbook as a result of the creation of the common platform. The FSA must implement CRD by 1st January 2007 and MiFID by 1st November 2007.

5. Important Note: EU "level 2" implementing measures

The EU has not yet finalised the "level 2" implementing measures. The Commission expects to adopt Level 2 in mid-September with publication in the Official Journal in the fourth quarter of 2006. However, in order to allow adequate time for firms to prepare for the introduction of the new directive, the FSA has had to issue detailed consultation proposals in the absence of these measures. This means that firms should be aware that the proposals in this paper may differ from the eventual requirements laid down by the EU measures. The implication is that the eventual rules could differ from those contained in the consultation documents in these areas.

6. FSA Documents

MiFID/CRD Implementation Plan - Joint Treasury/FSA Document
http://www.fsa.gov.uk/pubs/international/joint_mifid.pdf

CP06/3: Strengthening Capital Standards 2
http://www.fsa.gov.uk/pages/Library/Policy/CP/2006/06_03.shtml

CP06/9: Organisational systems and controls - Common platform for firms
http://www.fsa.gov.uk/pages/Library/Policy/CP/2006/06_09.shtml

CP06/10: Strengthening Capital Standards - Restructuring the Handbook
http://www.fsa.gov.uk/pages/Library/Policy/CP/2006/06_10.shtml

 

©2008,  Resources Compliance (UK) Limited | Registered Office: 117 Houndsditch London EC3A 7BT | Registered in England No: 2487404