Operational risk requirements for insurers
Operational risk requirements for insurers

The following Financial Services guidance note provides comprehensive and up to date legal information covering:

  • Operational risk requirements for insurers
  • Purpose of SYSC 13
  • Application of SYSC 13
  • The requirement to notify the FCA of operational risk matters
  • Operational risk employees
  • Operational risk processes and systems
  • Operational risk and business continuity
  • Outsourcing of functions by an insurer

This Practice Note looks at the requirements of chapter 13 of the Financial Conduct Authority (FCA)'s Senior Management Arrangements, Systems and Controls sourcebook (SYSC 13) and provides guidance to insurers when establishing and maintaining systems and controls in relation to the management of operational risk. This Practice Note should be read in conjunction with Practice Note: Prudential requirements for UK insurers—Pillar 2 and Pillar 3 requirements which describes operational risk requirements under Solvency II and the Prudential Regulation Authority's (PRA) implementation of Solvency II. For further information on Solvency II and the prudential requirements for UK insurers, see Practice Notes: Prudential requirements for UK insurers—introduction, Prudential requirements for UK insurers—Pillar 1 requirements and Solvency II—essentials.

Purpose of SYSC 13

The purpose of SYSC 13 is to provide guidance on how to interpret SYSC 3.1.1 R and SYSC 3.2.6 R, which deal with establishment and maintenance of systems and controls in relation to the management of operational risk. The chapter covers systems and controls for managing risks concerning any of a firm's operations. It does not cover systems and controls for managing credit, market, liquidity and insurance risk.

Firms should also consider the requirements for operational risk contained in the FCA Conduct of Business sourcebook (COBS) and SYSC 14.

Application of SYSC 13

SYSC 13 applies to an insurer