CP9/25 – Markets in Financial Instruments Directive Organisational Regulation

Privacy statement

By responding to this consultation, you provide personal data to the Bank of England (the Bank, which includes the Prudential Regulation Authority (PRA)). This may include your name, contact details (including, if provided, details of the organisation you work for), and opinions or details offered in the response itself.

The response will be assessed to inform our work as a regulator and central bank, both in the public interest and in the exercise of our official authority. We may use your details to contact you to clarify any aspects of your response.

The consultation paper will explain if responses will be shared with other organisations (for example, the Financial Conduct Authority). If this is the case, the other organisation will also review the responses and may also contact you to clarify aspects of your response. We will retain all responses for the period that is relevant to supporting ongoing regulatory policy developments and reviews. However, all personal data will be redacted from the responses within five years of receipt. To find out more about how we deal with your personal data, your rights, or to get in touch please visit Privacy and the Bank of England.

Information provided in response to this consultation, including personal information, may be subject to publication or disclosure to other parties in accordance with access to information regimes including under the Freedom of Information Act 2000 or data protection legislation, or as otherwise required by law or in discharge of the Bank’s functions.

Please indicate if you regard all, or some of, the information you provide as confidential. If the Bank receives a request for disclosure of this information, we will take your indication(s) into account but cannot give an assurance that confidentiality can be maintained in all circumstances. An automatic confidentiality disclaimer generated by your IT system on emails will not, of itself, be regarded as binding on the Bank.

Responses are requested by Monday 23 June 2025

Consent to publication

In the policy statement for this consultation, the PRA will publish an account, in general terms, of the representations made as part of this consultation and its response to them.  In the policy statement, the PRA is also required to publish a list of respondents to its consultations, where respondents have consented to such publication.

When you respond to this consultation paper, please tell us in your response if you agree to the publication of your name, or the name of the organisation you are responding on behalf of, in the PRA’s feedback response to this consultation.

Please make it clear if you are responding as an individual or on behalf of an organisation.

Where your name comprises ‘personal data’ within the meaning of data protection law, please see the Bank’s Privacy Notice above, about how your personal data will be processed.

Please note that you do not have to give your consent to the publication of your name. If you do not give consent to your name being published in the PRA’s feedback response to this consultation, please make this clear with your response.

If you do not give consent, the PRA may still collect, record and store it in accordance with the information provided above.

You have the right to withdraw, amend or revoke your consent at any time. If you would like to do this, please contact the PRA using the contact details set out below: Responses can be sent by email to: CP9_25@bankofengland.co.uk.

Alternatively, please address any comments or enquiries to:

Governance, Remuneration and Controls Team

Prudential Policy Directorate
Prudential Regulation Authority
20 Moorgate
London
EC2R 6DA

1: Overview

1.1 The Markets in Financial Instruments Directive Organisational Regulation ('MiFID Org Reg') sets out detailed organisational requirements, which in the UK are applied to both investment firms and Capital Requirement Regulation (CRR) firms. The relevant requirements to the Prudential Regulation Authority (PRA), as the prudential regulator, are outsourcing, record keeping, control procedures, risk, compliance and internal audit functions and governance.

1.2 The MiFID Org Reg (referred to in the PRA Rulebook Glossary as the MODR)^{footnote [1]} is currently assimilated law and is cross-referenced in PRA rules. In November 2024 HM Treasury (HMT) announced several changes to the Markets Financial Instruments Directive (MiFID II) framework as part of ‘the government’s commitment to reinvigorate …capital markets so that they deliver for investors, for firms, and to support growth across the UK’. ^{footnote [2]} As part of these wider changes, HMT is proposing to revoke MiFID Org Reg assimilated law in the expectation that the rules will be included in the PRA’s Rulebook (‘the Rulebook’). The PRA needs to restate the existing firm-facing requirements contained in MiFID Org Reg into the Rulebook before HMT’s commencement of the revocation of the MiFID Org Reg under the Financial Services and Markets Act 2023 (FSMA 2023) , otherwise risks could arise from gaps in the PRA’s ability to enforce key components of its systems and controls requirements.

1.3. The PRA is not proposing any new requirements on firms as part of the changes. This should ensure that the rules continue to have an unchanged effect, and that the PRA can continue to supervise and enforce against them. As noted by HMT in its announcement of its plans on MiFID II these changes will give the PRA flexibility to easily update the rules in future in response to emerging market trends and risks. It will also ensure that firms can locate the entirety of the applicable requirements in a single location, making the Rulebook more accessible.

1.4 Revocation and restatement of the MiFID Org Reg in the Rulebook, represents an important step in the adaptation of the UK’s prudential regime for CRR firms inherited from the European Union (EU) into a framework consistent with the UK’s approach to financial services regulation.

1.5 The PRA considers the proposals in this consultation paper (CP) would advance its primary and secondary statutory objectives by restating the revoked measures within the Rulebook and providing clarity and coherence as to the organisational requirements for firms.

The PRA’s proposals

1.6 The PRA’s proposals cover the following Articles of the MiFID Org Reg:

• General Organisational Requirements: These provisions (in Article 21, ‘Organisational Requirements’, and Article 25 ‘Senior Management Requirements’) outline the responsibilities of the board and senior managers for the organisational framework within firms. These provisions relate to the board having overall responsibility for ensuring that a firm is managed properly and in a way that promotes the integrity of markets and the interests of clients. They outline that a firm’s senior managers are required to oversee the firm’s organisational requirements, and that this responsibility should be effectively allocated amongst those senior managers.
• Outsourcing: These provisions (in Articles 30, and 31) cover firm requirements and responsibilities when outsourcing MiFID business.
• Record keeping: This provision (Article 72) covers retention of records.
• Compliance and Internal Audit: These provisions cover the firm having an independent compliance function (Article 22) and an independent internal audit function (Article 24) where appropriate and proportionate in view of the nature, scale and complexity of its business and the nature and range of relevant services and activities undertaken.
• Risk Management: This provision (Article 23) covers risk control and maintaining risk management policies. It outlines that the firm should establish and maintain a risk management function where appropriate and proportionate in view of the nature, scale and complexity of its business and the nature and range of relevant services and activities undertaken.
• Technical standards regulation: There are several cross-references to the MiFID Org Reg in the PRA technical standards. Following the revocation of MiFID Org Reg these cross-references will be out of date. As such, the PRA is proposing to make a standards instrument to update these references.

Background

1.7 The MiFID Org Reg is currently assimilated law , which is then cross-referenced in PRA rules. In November 2024, HMT announced several changes to the MiFID II framework including plans to revoke MiFID Org Reg assimilated law with the expectation that the rules would be restated in the PRA’s Rulebook.

1.8 The FCA has consulted separately on replacing relevant provisions in the MiFID Org Reg with Handbook rules. In addition, HMT published a policy paper on 18 March 2025 which includes the MiFID Org Reg draft Statutory Instrument (SI) and Policy Note. This is a near-final version of a SI to reform the MiFID Org Reg which restates the sections of the MiFID Org Reg that are being maintained in legislation. Once the PRA consultation has completed, the PRA and FCA will publish final rules in separate policy statements in 2025. The PRA will continue to work closely with the Government and the FCA to implement the proposals laid out in this CP.

1.9 This CP is relevant to PRA-authorised UK banks, building societies, and designated UK investment firms (referred to as ‘firms’).

Legislative dependencies

1.10 The proposals in this CP are dependent on anticipated legislation (commencement regulations) to bring into force the provisions of FSMA 2023 to revoke:

• Commission Delegated Regulation (EU) 2017/565 of 25 April 2016 supplementing Directive 2014/65/EU of the European Parliament and of the Council as regards organisational requirements and operating conditions for investment firms and defined terms for the purposes of that Directive. ^{footnote [3]}

Restatement of elements of assimilated law

1.11 The PRA has considered all elements of the onshored Commission Delegated Regulation (EU) 2017/565. The PRA is proposing to restate this assimilated law as far as is relevant to PRA authorised firms into the PRA Rulebook without material changes to the policy substance. The intention of these proposals is to maintain the requirements on firms and the PRA’s approach as they currently operate.

1.12 Under the PRA’s policy framework, requirements on firms are set out in PRA rules. Accordingly, where the assimilated law sets out provisions that firms are required to comply with, the PRA proposes to restate these requirements into the relevant part of the Rulebook.

1.13 One of the aims of this CP is to reflect the Government’s overall plans announced on 14 November 2024 to commence the provisions of FSMA 2023 revoking the MiFID Org Reg assimilated law. The changes being made include deleting existing cross references across the PRA Rulebook to reflect the expected restatement of MiFID Org Reg assimilated law.

Structure of the CP

1.14 The proposals in this CP are structured into the following chapters. The draft rules are included in the relevant appendices.

2: General Organisational Requirements

3: Outsourcing

4: Record Keeping

5: Compliance and Internal Audit

6: Risk Management

7: Technical Standards Regulation

8: Notifications Part – consequential amendments

9: Objectives analysis, Cost Benefit Analysis (CBA), Have regards, and Impact on Mutuals

Implementation

1.15 The PRA proposes that the implementation date for the changes resulting from this CP would be H2 2025. The PRA is not planning to change any of the substance of these rules and as such the consultation period is 8 weeks. Responses are therefore requested by Monday 23 June 2025.

2: General Organisational Requirements

2.1 This chapter sets out the PRA’s proposals to restate Articles 21 and Article 25 of the MiFID Org Reg in the Rulebook, with no material changes. These provisions outline the responsibilities of the board and senior managers for the organisational framework within firms.

2.2 The proposals in this chapter would:

• amend the Rulebook to include the substance of Article 21 requirements within the General Organisational Requirements (GOR) Part of the Rulebook; and
• amend the Rulebook to include the substance of Article 25 requirements within the GOR Part of the Rulebook in relation to Responsibility of Senior Personnel.

Proposal 1: General Requirements

2.3 The PRA proposes to restate the provisions from Article 21 of the MiFID Org Reg in its Rulebook with no material changes. These provisions relate to the board having overall responsibility for ensuring that a firm is managed properly and in a way that promotes the integrity of markets and the interests of clients. The main requirements that a firm needs to maintain are:

• robust governance arrangements and decision-making procedures;
• effective processes to identify, manage, monitor and report the risks it is, or to which it might, be exposed;
• adequate internal control mechanisms designed to secure compliance with decisions and procedures at all levels of the firm;
• confidentiality of information;
• adequate business continuity and accounting policies which reflect a true and fair view of their financial position; and,
• adequate and orderly records of business and internal organisation.

2.4 When complying with the requirements set out above, firms shall consider the nature, scale and complexity of the business of the firm, and the nature and range of investment services and activities undertaken in the course of that business.

Proposal 2: Responsibility of Senior Personnel

2.5 The PRA proposes to restate the provisions from Article 25 of the MiFID Org Reg in its Rulebook (Chapter 4) with no material changes. These provisions outline that a firm’s senior managers are required to oversee the firm’s organisational requirements, and that this responsibility should be effectively allocated amongst those senior managers.

2.6 Senior management are also required to assess and periodically review the effectiveness of the policies, arrangements and procedures put in place to comply with this requirement and records outlining the allocation of responsibility must be kept up to date.

2.7 In addition, firms must ensure that its senior management receive on a frequent basis, and at least annually, written reports on the matters covered by compliance and internal audit and risk control. Such written reports must indicate whether the appropriate remedial measures have been taken in the event of any deficiencies.

2.8 It should be noted that the PRA considers that the provisions in the MiFID Org Reg relating to ‘the supervisory function’ do not need to be restated in the Rulebook because in the UK institutional firm governance structures do not typically include a separate ‘supervisory function’, and therefore, these provisions are irrelevant. The PRA considers that the reference to ‘supervisory function’ was originally included in the EU Regulation to accommodate the governance structures of certain EU member states where the managerial and supervisory functions are assigned to different bodies.

3: Outsourcing

3.1 This chapter sets out the PRA’s proposals to restate Articles 30 and Article 31 of the MiFID Org Reg in the Rulebook, with no material changes. These provisions cover firm requirements and responsibilities when outsourcing MiFID business.

3.2 The proposals in this chapter would:

• amend the Application and Definition part of Chapter 1, of the Outsourcing Part of the Rulebook, to insert the definition of ‘critical or important operational function’ within the Outsourcing Part of the Rulebook. (Please note that this definition only applies to the rules in this Part).
• amend the Rulebook to include the Article 30 requirements within the Outsourcing Part which states the scope of critical and important operational functions.
• amend the Rulebook to include Article 31 requirements within the Outsourcing Part which states the responsibilities of firms that outsource critical or important operational functions.

Proposal 1: Scope of critical and important operational functions

3.3 The PRA proposes to amend the Application and Definitions part of Chapter 1, of the Outsourcing Part of the Rulebook, to insert a definition of ‘critical or important operational function’ within the Outsourcing Part of the Rulebook. A critical or important operational function means an operational function where a defect or failure in its performance would materially impair the compliance of a firm on a continuous and satisfactory basis with: (a) the conditions and obligations of its permission; (b) any of its other obligations under the regulatory system;^{footnote [4]} (c) its financial performance; or (d) the performance, soundness or the continuity of its relevant services and activities. This definition is taken directly from Article 30 of MiFID Org Reg with no material amendments.

Proposal 2: Outsourcing critical or important operational functions

3.4 The PRA proposes to restate the provisions from Article 31 of the MiFID Org Reg in its Rulebook with no material changes. The provisions state firms’ responsibilities when outsourcing critical or important operational functions. In general, a firm needs to ensure that it takes reasonable steps to avoid undue additional operational risk. It needs to retain the necessary resources and expertise to effectively oversee the third-party service provider and must be able to ensure continuity in the event of termination, of the third party, by either taking on the functions itself or appointing another third party. In addition, a firm outsourcing critical or important operational functions will remain fully responsible for discharging all its obligations as currently under the MiFID Org Reg and must ensure that the outsourcing does not result in the delegation by senior management of its responsibility.

3.5 The Article also includes content requirements for the written agreement which must be put in place between the firm and the service provider, which will also be restated with no material changes, including provisions relating to:

• instructions; termination; right to information, inspection and access to records; and consent to further outsourcing;
• the firm ensuring that the service provider cooperates with the PRA in connection with the outsourced functions; and
• a firm being able to, upon request, make available to the PRA all information necessary to enable the PRA to supervise the compliance of the performance of the outsourced function, service or activity with the requirements of the regulatory system.

4: Record Keeping

4.1 This chapter sets out the PRA’s proposals to restate Article 72 of the MiFID Org Reg in the Rulebook, with no material changes. This provision covers Retention of Records. Rule 2.5 of the Record Keeping Part of the Rulebook would be amended to reference the UK regulatory system rather than referring to EU regulations.

4.2 The proposals in this chapter would:

• amend the Rulebook to include the Article 72 requirements within the Record Keeping Part of the Rulebook; and
• define the meaning of organisational records.

Proposal 1: Retention of Records

4.3 The provisions cover retention of records in relation to MiFID business for a period of at least five years so that they can be accessible by the PRA. It also provides a description of the organisational records^{footnote [5]} that should be kept, which includes documents in relation to the firm's business and internal organisation; compliance reports; risk management reports and internal audit reports. In addition, a firm must keep written records of any policies and procedures related to the requirements of the regulatory system relating to MiFID business.

4.4 These provisions will be added to the Record Keeping Part of the Rulebook.

5: Compliance and Internal Audit

5.1 This chapter sets out the PRA’s proposals to restate Articles 22 and 24 of the MiFID Org Reg in the Rulebook, with no material changes. These provisions cover Compliance and Internal Audit, except matters related to complaints handling which are covered in CP24/24: The MiFID Organisational Regulation by the FCA as conduct regulator.

5.2 The proposals in this chapter would:

• amend the Rulebook to include Article 22 requirements which state the responsibilities of the firm to maintain an effective compliance function. The Rulebook would also include Article 24 requirements which state the responsibilities of a firm in relation to maintaining an effective internal audit function. Both Article 22 and 24 will be restated within the Compliance and Internal Audit Part of the Rulebook.

Proposal 1: Compliance

5.3 The provisions of Article 22 require firms to establish an effective, independent compliance function. The main provisions are that the compliance function is required to:

• report regularly to the firm’s management body on the implementation and effectiveness of the overall control environment for investment services and activities, on the risks that have been identified and on complaints handling reporting as well as any remedies undertaken or to be undertaken; and
• report directly to the management body where it detects a significant risk of failure by the firm to comply with its obligations under MiFID II.

5.4 A firm need not comply with the above requirements where in view of the nature, scale and complexity of its business, compliance with the requirements is not proportionate. A firm must be able to demonstrate to the PRA upon request that its compliance function continues to be effective.

Proposal 2: Internal Audit

5.5 The provisions of Article 24 state that a firm must, where appropriate and proportionate in view of the nature, scale and complexity of its business and the nature and range of relevant services and activities undertaken, establish an independent internal audit function. This function must:

• maintain an audit plan to examine and evaluate the adequacy and effectiveness of the firm's systems, internal control mechanisms and arrangements;
• issue recommendations based on the result of work carried out in accordance with that audit plan and verify compliance with those recommendations; and
• report in relation to internal audit matters in accordance with General Organisational Requirements.

6: Risk Control

6.1 This chapter sets out the PRA’s proposals to restate Article 23 of the MiFID Org Reg in the Rulebook, with no material changes. These provisions cover Risk Management.

Proposal 1: Risk Management

6.2 Generally, in relation to its risk management, a firm must put in place and maintain adequate risk management policies and procedures which identify the risks relating to the firm's activities, processes and systems, and where appropriate, set the level of risk tolerated by the firm. Firms must also adopt effective arrangements to manage the risks relating to the firm's activities in relation to that level of risk tolerance and monitor the adequacy and effectiveness of these arrangements.

6.3 These provisions will be added to the Risk Control Part of the Rulebook.

Proposal 2: Maintaining a risk management function

6.4 The Risk Control Part requires that a firm must, where appropriate and proportionate in view of the nature, scale and complexity of its business and the nature and range of the relevant services and activities undertaken, establish and maintain a risk management function.

6.5 For reasons of proportionality, the Risk Control Part clarifies that a firm need not comply and establish a risk management function where it is able to demonstrate to the PRA that it is not appropriate and proportionate in view of the nature, scale and complexity of its business. In addition, that it is not proportionate in view of the nature and range of the relevant services and activities undertaken by that business. Where a firm does not establish a risk management function, on the basis of the above, the firm must be able to provide assurance to the PRA that the policies and procedures which it is has adopted, in relation to its risk management, satisfy the Risk Control requirements.

Other changes

6.7 Definitions:

• listed activities - means an activity listed in Annex 1 to the Capital Requirements Directive; and
• relevant services and activities – means, regulated activities, listed activities or ancillary services.

6.8 These definitions, which are currently specific to the Outsourcing Part, have been used in the restated text in other Parts, for consistency of interpretation. Accordingly, they would be added to the Rulebook glossary.

7: Technical Standards Regulation

7.1 There are currently references to the MiFID Org Reg in technical standards regulations for which the PRA has responsibility following the UK’s withdrawal from the EU. These technical standards relate to the organisational requirements of investment firms engaged in algorithmic trading. The cross references in Commission Delegated Regulation (EU) 2017/589, as it forms part of assimilated law, will be out of date once provision in the FSMA 2023 revoking the assimilated law MiFID Org Regulation is commenced by HM Treasury. The PRA therefore proposes to make a standards instrument updating these references as a consequential amendment. References to the corresponding new PRA rule will replace the existing reference to an article of the revoked assimilated law. A draft of the proposed standards instrument can be found in Appendix 2.

8: Notification Part – consequential amendments

8.1The PRA has identified a small number of references in the Notifications Part which refer to legislation which has been replaced as part of the MiFID II reforms. The PRA therefore proposes to make consequential amendments to: (i) replace the outdated reference and replace it with a reference to current law; and (ii) delete a reference to the MiFID Regulation. The PRA will consider in due course, and in consultation with the FCA, whether and how to replicate Markets in Financial Instruments Regulation into the PRA Rulebook.

9: The PRA’s statutory obligations

PRA Objectives Analysis

9.1 The paragraphs below analyse the impact of the PRA’s proposals for restating assimilated law into its rules against its objectives.

The PRA’s primary objective of safety and soundness

9.2 The PRA considers that the proposals advance its primary objective of safety and soundness as the proposed restatement and inclusion of the MiFID Org Reg requirements within the Rulebook, would address the gap otherwise left by the revocation of the MiFID Org Reg. These proposed rules also support safety and soundness by requiring firms to have effective organisational frameworks in place ensuring, for example, clear and documented decision-making procedures, robust governance procedures, adequate internal controls mechanisms and effective processes to identify, manage, monitor and report risks. In addition, the MiFID Org Reg requirements are a key source of the current organisational requirements for CRR firms on outsourcing. The outsourcing provisions cover firm requirements and responsibilities when outsourcing MiFID business. In general, a firm needs to ensure that it takes reasonable steps to avoid undue additional operational risk, which supports safety and soundness.

9.3 The restatement will also enhance the clarity and coherence of the regulatory framework. The proposals in this CP would mean that all the current MiFID Org Reg requirements for firms would in future be contained within the PRA’s Rulebook, making it easier for firms to understand the requirements that will apply.

The PRA’s secondary objectives:

9.4 The PRA considers that the proposals advance the PRA’s secondary objective of facilitating effective competition, the international competitiveness of the economy and the growth of the economy in the medium to long term. A more accessible and integrated Rulebook is easier for firms to understand. This may facilitate firms’ entry into the market, which in turns promotes greater competition in the financial services market.

9.5 The proposals enable the UK to maintain its reputation as a sound place to conduct business, supporting the attractiveness of the UK as a financial centre. Ensuring that the effective governance and management of risk by relevant firms are maintained is likely to increase investment in both the financial services sector and financial markets more generally, since investors will have more confidence in firms.

9.6 Moving obligations from legislation into the PRA Rulebook also allows the PRA to be more responsive and flexible to the need to evolve the PRA Rulebook to reflect the needs and features of UK firms and the UK market in the future. This will, for example, allow the PRA to respond to innovation more efficiently.

Cost benefit analysis (CBA)

9.7 There is no change in the substance of the requirements for firms. This exercise brings the substantive relevant text of the MiFID Org Reg into the Rulebook as PRA rules. The MiFID Org Reg requirements are already in the Rulebook but incorporated by reference to the MiFID Org Reg using links. The transfer of these MiFID Org Reg Articles into the PRA Rulebook is a restatement of assimilated law.

9.8 In relation to the proposal to make a standards instrument updating the references to the MiFID Org Reg in the algorithmic trading technical standards, these consequential amendments do not result in a change in the requirements for firms.

9.9 As such, we consider that there will be no increase in costs and that the benefits will also remain the same. According to FSMA section 138L(3), the PRA is not required to publish a CBA if, in making the appropriate comparison, it considers either ‘there will be no increase in costs’ or ‘there will be an increase in costs, but that increase will be of minimal significance’.

Statutory Duty to Consult

9.10 The PRA has a statutory duty to consult when making rules (FSMA section 138J). In relation to the consequential amendments to technical standards we have also a statutory duty to consult (FSMA section 138S).

9.11 The PRA has consulted with the FCA and will continue to liaise with it as it finalises the rules. In addition, because the proposed restatement means that there are no new requirements for firms, the PRA assesses it is proportionate to apply a consultation period of 8 weeks. None of the statutory practitioner panels were consulted about the proposals in this CP.

Legal Obligations

9.12 In carrying out its policymaking functions the PRA is required to comply with several legal obligations. The analysis in this CP explains how the proposals have had regard to the most significant matters, including an explanation of the ways in which having regard to these matters has affected the proposals.

‘Have regards’ analysis

9.13 In developing these proposals, the PRA has had regard to the FSMA regulatory principles and the aspects of the Government’s economic policy set out in the HMT recommendation letter of November 2024. The following factors, to which the PRA is required to have regard, were considered the most material to the proposals and include:

9.14 The need to use the PRA’s resources in the most efficient and economical way (FSMA regulatory principle): The PRA considers that the proposals are in line with efficient use of PRA resources. The proposals in this CP have been limited to a restatement of assimilated law because the PRA has judged this to be the most efficient and economic approach to ensure that MiFID Org Reg can be transferred in a timely manner. Once this material is incorporated into the PRA’s rulebook the PRA would be able to update rules to implement any further policy changes at a later date should there be a need to do so.

9.15 The principle that the PRA should exercise its functions as transparently as possible (FSMA regulatory principle): A more accessible and integrated Rulebook is easier to access and understand, thereby increasing the transparency of how the PRA exercises its functions. Being responsible for all the rules increases clarity and transparency which, in turn, supports accountability. The restatement of assimilated law into the Rulebook is intended to give increased clarity to firms over the PRA’s requirements for firms, and to ensure that all relevant policy requirements affecting firms are accessible and contained within PRA policy material.

9.16 Legislative and Regulatory Reform Act 2066 principles of good regulation:

The PRA has had regard to the principles in the LRRA, and considers that the proposals are;

• transparent – the PRA is consulting on the proposals to revoke assimilated law and replacing requirements in PRA rules allowing firms to review the proposals and respond to proposed rules during the consultation period;
• proportionate – the PRA considers that the restatement of current assimilated law into PRA rules is proportionate, given that it replicates current assimilated law;
• consistent – the proposals help to consolidate assimilated law into a single location resulting in a more accessible and potentially consistent application of requirements; and
• targeted only at cases in which action is needed – the PRA considers the act of revoking assimilated law and replacing requirements in PRA rules continues to apply existing targeted requirements.

9.17 Government’s financial services sector policy, and its priority to promote growth and competitiveness [source: HMT recommendations letter to PRC – November 2024] and the government’s strategy to promote competitiveness and its priorities, including trade and inward investment into the UK, UK attractiveness for international financial services, and innovation.

• moving obligations from legislation into the Rulebook also allows the PRA to be more responsive and flexible to the need to evolve the Rulebook to reflect the needs and features of UK firms and the UK market in the future. This will, for example, allow the PRA to respond to accommodate innovation more quickly.
• generally, clearer regulatory requirements may also encourage entry to the market and may make it easier for firms to comply with the rules.

9.18 Responsibility of firms’ senior management for compliance: It is easier for senior managers to ensure compliance with requirements if those requirements are in a single integrated Rulebook, and therefore more accessible.

Equality and diversity

9.19 Section 149 of the Equality Act 2010 (EA 2010) requires the PRA to have due regard to the need to eliminate discrimination and other prohibited conduct, advance equality of opportunity and foster good relations between people who share a relevant protected characteristic and other people when carrying out their activities. We are also required to give thought to the potential impact of new proposals on relevant groups. We have considered the equality and diversity issues that may arise from the proposals in this CP. Overall, as our intention is to maintain the regulatory requirements which currently apply to firms once the relevant parts of assimilated law are revoked, we do not consider that the proposals have a particular impact any of the groups with protected characteristics under the EA 2010.

9.20 The PRA has had regard to other factors as required. Where analysis has not been provided against a ‘have regard’ for these proposals, it is because the PRA considers that ‘have regard’ to not be a significant factor in these proposals.

Impact on mutuals

9.21 The PRA considers that the impact of the proposals in this CP on mutuals, in this case, building societies, is expected not to be significantly different from the impact of the proposed rule on investment firms and banks. This is because the restatement is carried in a consistent way across all assimilated law and so will impact both building societies and other firms in scope in a similar manner.