Prudential Regulation Authority Rulebook

2.1

The PRA expects that the arrangements, processes and mechanisms implemented by a third country branch should be comprehensive and proportionate to the nature, scale and complexity of the risks inherent in its business and its activities and take into account the specific technical criteria described in the Remuneration Part of the PRA Rulebook.

2.2

The PRA expects third country branches to have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility. All firms subject to the SM&CR, which includes third country branches, are required, by section 60(2A) of the Financial Services and Markets Act (FSMA), to produce a Statement of Responsibilities (SoR) for each of their individuals in scope of the regime.⁷ More specifically, SoRs must:

• clearly set out the areas of the branch’s UK regulated activities for which the senior manager is responsible;
• be included in every application for pre-approval as a senior manager; and
• be updated and resubmitted if there is a significant change to the senior manager’s responsibilities.

2.3

A third country branch is also expected to produce and maintain a Management Responsibilities Map, which is a single, up-to-date document setting out the branch’s management and governance arrangements.⁸ Responsibilities Maps should be proportionate and include information about the business relationship with the head office and group.

2.3A

Firms should be aware of the expectations set out in SS34/15 ‘Guidelines for completing regulatory reports’ in relation to the following reporting requirement for branches of third-country banks:

• risk management arrangements of the branch; and
• governance arrangements, including key function holders for the activities of the branch.

2.4

The PRA expects that, taking into account the nature, scale and complexity of the business of the third country branch, and the nature and range of the financial services activities undertaken in the course of that business, the branch should establish, implement and maintain:

• decision-making procedures and an organisational structure which clearly and in a documented manner specifies reporting lines and allocates functions and responsibilities; and
• effective internal reporting and communication of information at all relevant levels of the branch.

2.5

The PRA expects a third country branch to take reasonable steps to ensure continuity and regularity in the performance of its regulated activities.

2.6

A third country branch should establish, implement and maintain an adequate business continuity policy aimed at ensuring, in the case of an interruption to its systems and procedures, that any losses are limited. The business continuity should also ensure the preservation of essential data and functions, and the maintenance of its regulated activities, or, where that is not possible, the recovery of such data and functions and the timely resumption of those activities.

2.7

The matters dealt with in a firm’s business continuity policy should include:

• resource requirements such as people, processes, systems and other assets, and arrangements for obtaining these resources;
• the recovery priorities for the firm’s and branch’s operations;
• communication arrangements for internal and external parties concerned (including regulators, clients and the press);
• escalation and invocation plans that outline the processes for implementing the business continuity plans, together with relevant contact information;
• processes to validate the integrity of information affected by the disruption; and
• regular testing of the business continuity policy in an appropriate manner in accordance with 2.8.

2.8

A third country branch should monitor and, on a regular basis,  evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with Chapter 2 of the Internal Governance of Third Country Branches Part of the PRA Rulebook, and take appropriate measures to address any deficiencies.