Prudential Regulation Authority Rulebook

6.1

Depending on the nature, scale and complexity of its business, it may be appropriate for a third country branch to have a separate compliance function. Where a third country branch has a separate compliance function, it should be permanent, effective, operate independently and should have the following responsibilities:

• to monitor and, on a regular basis, to assess the adequacy and effectiveness of the measures and procedures put in place in accordance with Internal Governance of Third Country Branches 6.2, and the actions taken to address any deficiencies in the third country branch’s compliance with its obligations; and
• to advise and assist the relevant persons responsible for carrying out regulated activities to comply with the third country branch’s obligations under the regulatory system.

6.2

In order to enable the third country branch compliance function to discharge its responsibilities properly and independently the PRA expects that the third country branch should ensure the compliance function has the necessary authority, resources, expertise and access to all relevant information.

6.3

In addition, where appropriate and proportionate in view of the nature, scale and complexity of its business, and the nature and range of its financial services and activities, undertaken in the course of that business the PRA expects the third country branch to ensure the following conditions are met:

• the relevant persons involved in the third country branch’s compliance team should not be involved in the performance of services or activities they monitor; and
• the method of determining the remuneration of the relevant persons involved in the third country branch’s compliance function do not compromise their objectivity.

6.4

In setting the method of determining the remuneration of persons involved in the third country branch’s compliance team, the PRA expects a third country branch to comply with the Remuneration Part of the PRA Rulebook.

6.5

The PRA expects that a third country branch should, where appropriate and proportionate in view of the nature, scale and complexity of its business and the nature and range of its financial services activities, undertaken in the course of that business, establish an independent internal audit function. The internal audit function should have the following responsibilities:

• to establish, implement and maintain an audit plan to examine and evaluate the adequacy and effectiveness of the third country branch’s governance, systems, internal control mechanisms and arrangements (or alternatively, to assess the extent to which the firm’s or group’s audit plan meet local regulatory requirements and make any modifications that may be necessary);
• to issue recommendations based on the result of work carried out in accordance with the audit plan;
• to verify compliance with those recommendations; and
• to report in relation to internal audit matters in accordance with 4.1.

6.6

The term ‘internal audit function’ above refers to the generally understood concept of internal audit within a third country branch, that is, the function of assessing adherence to and the effectiveness of internal systems and controls, procedures and policies.

6.7

Where a third country branch has an individual performing the role of head of internal audit, he or she will need to be pre-approved as the Head of Internal Audit function (SMF5). This can include individuals performing this role across a range of UK legal entities, such as a regional head of internal audit responsible for this area in the firm’s UK subsidiaries as well as the branch.