2

Group Systems and Controls

2.1

A firm must:

  1. (1) have adequate, sound and appropriate risk management processes and internal control mechanisms for the purpose of assessing and managing its own exposure to group risk, including sound administrative and accounting procedures; and
  2. (2) ensure that its group has adequate, sound and appropriate risk management processes and internal control mechanisms at the level of the group, including sound administrative and accounting procedures.

2.2

The internal control mechanisms referred to in 2.1 must include:

  1. (1) mechanisms that are adequate for the purpose of producing any data and information which would be relevant for the purpose of monitoring compliance with any prudential requirements (including any reporting requirements and any requirements relating to capital adequacy, solvency, systems and controls and large exposures):
    1. (a) to which the firm is subject with respect to its membership of a group; or
    2. (b) that apply to or with respect to that group or part of it; and
  2. (2) mechanisms that are adequate to monitor funding within the group.

2.3

A firm must comply with 2.1(2) in relation to any UK consolidation group or non-EEA sub-group of which it is a member, as well as in relation to its group.

[Note: Art 109(2) of the CRD]

2.4

A CRR firm that is a subsidiary of a mixed-activity holding company must ensure that the risk management processes and internal control mechanisms referred to in 2.1 include sound reporting and accounting procedures and other mechanisms that are adequate to identify, measure, monitor and control transactions between the firm’s parent undertaking mixed-activity holding company and any of the subsidiary of the mixed-activity holding company.

[Note: Art 123 of the CRD]