Information technology systems
In assessing the adequacy of the information technology used by a Recognised Body to perform or support its Regulatory Functions, the Regulator may have regard to:(a) the organisation, management and resources of the information technology department within the Recognised Body;(b) the arrangements for controlling and documenting the design, development, implementation and use of information technology systems; and(c) the performance, capacity and reliability of information technology systems.
The Regulator may also have regard to the arrangements for maintaining, recording and enforcing technical and operational standards and specifications for information technology systems, including:(a) the procedures for the evaluation, selection and testing of information technology systems;(b) the procedures for problem management and system change;(c) the arrangements to monitor and report system performance, availability and integrity;(d) the arrangements (including spare capacity and access to back-up facilities) made to ensure information technology systems are resilient and not prone to failure;(e) the arrangements made to ensure business continuity in the event that an information technology system does fail;(f) the arrangements made to protect information technology systems from damage, tampering, misuse or unauthorised access; and(g) the arrangements made to ensure the integrity of data forming part of, or being processed through, information technology systems.
The Regulator may have regard to the arrangements made to keep clear and complete audit trails of all uses of information technology systems and to reconcile (where appropriate) the audit trails with equivalent information held by system users and other interested parties.
In assessing a Recognised Body’s systems and controls for the effecting and monitoring of transactions, and for the operation of settlement arrangements, the Regulator may have regard to the totality of the arrangements and processes through which the Recognised Body’s transactions are effected, cleared and settled, including:(a) a Recognised Body’s arrangements under which orders are received and matched, its arrangements for trade and transaction reporting, and (if relevant) its arrangements with another Person under which any rights or liabilities arising from transactions are discharged including arrangements for transmission to a settlement system or Recognised Clearing House;(b) (if relevant), a Recognised Body’s arrangements under which instructions relating to a transaction to be cleared by another person by means of a Clearing Service are entered into its systems by the relevant person providing the Clearing Service and transmitted to the Recognised Body; and(c) the arrangements made by the Recognised Body for monitoring and reviewing the operation of these systems and controls.
Safeguarding and administration of assets
In assessing a Recognised Body’s systems and controls for the safeguarding and administration of assets belonging to users of its facilities, the Regulator may have regard to the totality of the arrangements and processes by which the Recognised Body:(a) records the assets held and the identity of the owners of (and other persons with relevant rights over) those assets;(b) records any instructions given in relation to those assets;(c) records the carrying out of those instructions;(d) records any movement in those assets (or any corporate actions or other events in relation to those assets); and(e) reconciles its records of assets held with the records of any custodian or sub‐ custodian (or Person Acting as a Central Securities Depository) used to hold these assets, and with the records of beneficial or legal ownership of those assets.
Performance of Regulatory Functions
A Recognised Body must take all reasonable steps to ensure that the performance of its Regulatory Functions is not adversely affected by its commercial interests.
For the purposes of Rule 2.5.23, a Recognised Body must have adequate systems and controls, including policies and procedures, to ensure that the pursuit of its commercial interests (including its profitability) does not adversely impact on the performance of its Regulatory Functions.
A Recognised Body should have systems for identifying, and drawing to the attention of its Senior Management and Governing Body, situations where its commercial interests conflict, or may potentially conflict, with the proper performance of its Regulatory Functions. This would enable the Recognised Body to take appropriate steps to ensure that such conflicts do not adversely affect the proper performance by the Recognised Body of its Regulatory Functions. In particular, the Recognised Body should ensure that adequate human, financial and other resources (both in terms of quantity and quality) are provided for risk management, regulatory, compliance and other similar functions.