PS16/25 – Markets in Financial Instruments Directive Organisational Regulation (MiFID Org Reg)

1: Overview

1.1 This Prudential Regulation Authority (PRA) policy statement (PS) provides feedback to responses the PRA received to consultation paper (CP) 9/25 – Markets in Financial Instruments Directive Organisational Regulation (MiFID Org Reg).

1.2 It also contains the PRA’s final policy. This is a restatement of existing organisational requirements for firms contained in MiFID Org Reg into the PRA Rulebook, with no material changes. These changes come into effect with HM Treasury’s (HMT) commencement of the revocation of the MiFID Org Reg under the Financial Services and Markets Act 2023 (FSMA 2023).

1.3 This PS is relevant to PRA-authorised UK banks, building societies and designated UK investment firms (referred to as ‘firms’).

Background

1.4 In CP9/25, the PRA explained that the MiFID Org Reg sets out detailed organisational requirements of which, the requirements relevant to the PRA, as the prudential regulator, were outsourcing, record keeping, control procedures, risk management, compliance and internal audit functions and governance. The Financial Conduct Authority (FCA) and PRA CPs were published on the same date and the FCA has also published its PS, with its final rules, in relation to the MiFID Org Reg simultaneously with this PS.

1.5 The PRA also outlined that in November 2024 HMT announced several changes to the Markets Financial Instruments Directive (MiFID II) framework as part of ‘the government’s commitment to reinvigorate capital markets so that they deliver for investors, for firms, and to support growth across the UK’. As part of these wider changes, HMT intends to revoke MiFID Org Reg assimilated law under FSMA 2023 in the expectation that the rules will be included in the PRA’s Rulebook (the Rulebook).

1.6 Unless the requirements are restated in the PRA Rulebook there could be gaps in the PRA’s ability to enforce key components of its systems and controls requirements. In CP9/25 the PRA therefore proposed to restate various Articles of the MiFID Org Reg in relation to the following areas:

• General Organisational Requirements: restatement of Articles 21 and Article 25 of the MiFID Org Reg in the Rulebook, with no material changes. These provisions outline the responsibilities of senior managers, and where applicable, the governing body, for the organisational framework within firms.
• Outsourcing: restatement of Articles 30 and Article 31 of the MiFID Org Reg in the Rulebook, with no material changes. These provisions cover firm requirements and responsibilities when outsourcing MiFID business.
• Record keeping: restatement of Article 72 of the MiFID Org Reg in the Rulebook, with no material changes. This provision covers Retention of Records. Rule 2.5 of the Record Keeping Part of the Rulebook would be amended to reference the UK regulatory system rather than referring to EU regulations.
• Compliance and Internal Audit: restatement of Articles 22 and 24 of the MiFID Org Reg in the Rulebook, with no material changes. These provisions cover Compliance and Internal Audit, except matters related to complaints handling which are covered in CP24/24 – The MiFID Organisational Regulation by the FCA as conduct regulator.
• Risk Management: restatement of Article 23 of the MiFID Org Reg in the Rulebook, with no material changes. These provisions cover Risk Management.

In addition, the PRA consulted on:

• Technical standards regulation: a technical standards instrument that would make a minor consequential amendment to the existing technical standards for investment firms engaged in algorithmic trading. The PRA proposed removing three references to Article 23(2) of the MiFiD Org Reg, which is being revoked and replacing them with references to rule 2.2D of the Risk Control Part of the PRA Rulebook, which will now contain the restated relevant provisions of the MiFID Org Reg.

1.7 In line with CP9/25 the PRA is restating the existing firm-facing requirements contained in the MiFID Org Reg into the Rulebook as set out in this PS. In determining its final policy, the PRA considered representations received in response to consultation, and in this PS is publishing an account of them and the PRA’s response (‘feedback’).

Summary of responses

1.8 The PRA received one response to the CP, who consented to its name being published (Appendix 1). The respondent generally welcomed the PRA’s proposals and made a number of representations which are set out in Chapter 2.

Changes to draft policy

1.9 This PS takes account of how the policy advances the PRA objectives and of significant matters to which the decision maker had regard. Where the final rules or Technical Standards differ from the draft in the CP in a way which is, in the opinion of the PRA, significant, the Financial Services and Markets Act 2000 (FSMA)^{footnote [1]} requires the PRA to publish:

• details of the differences together with an updated cost benefit analysis (CBA) if required; and
• a statement setting out in the PRA’s opinion whether or not the impact of the final rules on mutuals is significantly different from: the impact that the draft rule would have had on mutuals; or the impact that the final rule will have on other PRA-authorised firms.

1.10 Following the consultation, the PRA has decided to make a change to the draft rules which is set out in detail in Chapter 2 of this PS. The PRA does not consider that this change is significant. There have been no other changes made to the draft rules or Technical Standard. Therefore, the PRA considers that the change does not justify a change in its approach to the CBA.

1.11 The PRA considers the impact on mutuals in relation to the final rules is no different compared to the impact on other firms to which it applies.

1.12 When making rules, the PRA is required to comply with several legal obligations. In CP9/25, the PRA published its explanation of why the proposed rules were compatible with its objectives and with its duty to have regard to the regulatory principles.^{footnote [2]}

1.13 The PRA considers that the change to the final rules clarifying terms does not change the explanations outlined within the CP.

1.14 The PRA is not making any changes to the Technical Standards instrument.

Implementation

1.15 It is anticipated that the new rules and technical standard will come into force on 23 October 2025, subject to the revocation of the MiFID Org Reg. It is anticipated that both the PRA and FCA MiFID Org Reg rules will take effect on the same day.

1.16 The commencement order has not yet been made to revoke the MiFID Org Reg. HMT anticipates making this commencement order prior to the new rules and technical standards taking effect. The PRA will delay or revoke these rules if the commencement order is not made.

2: Feedback to responses

2.1 Before making any proposed rules or Technical Standards, the PRA is required by FSMA to have regard to any representations made to it in response to the consultation, and to publish an account, in general terms, of those representations and its feedback to them.^{footnote [3]}

2.2 The PRA has considered the representation received in response to the CP. This chapter sets out the PRA’s feedback to that response, and its final decisions.

2.3 The sections below have been structured to address the observations received from the respondent. Their comments have been grouped as follows:

• Future changes
• Recitals
• Transposition table
• Changes relating to the supervisory function

Future changes to the MiFID Org Reg

2.4 The respondent noted that the FCA’s MiFID Org Reg consultation (CP24/24) included a chapter that highlighted a few areas where, in the future, the FCA may make more significant changes, and that the PRA has not done the same in its own consultation (CP9/25). The respondent thought that it may be beneficial if the PRA could take a similar approach to the FCA and highlight areas where it might make more significant changes in the future.

2.5 Having considered this feedback, the PRA confirms that it takes a different approach to the FCA in that it does not, as a matter of course, mention future possible changes within CPs. The PRA would consult on any future changes in the standard way via a CP.

Recitals

2.6 The respondent noted that the FCA Handbook has retained considerable language from the recitals to the MiFID Org Reg and other MiFID regulations and directives and that this language provides useful guidance regarding certain provisions. In contrast the PRA has not retained this language from the recitals. The respondent is concerned that, once the regulation is revoked and the recitals are no longer available, the relevant guidance will be in the FCA Handbook but not the PRA Rulebook.

2.7 Having considered this feedback, the PRA can confirm that it is not PRA policy to include guidance in the PRA Rulebook. The FCA Handbook has a different structure to the PRA Rulebook, as it contains guidance as well as rules. If the PRA considers that firms would benefit from the publication of a supervisory statement in relation to the articles from the MiFID Org Reg retained in PRA rules (which would outline PRA expectations in relation to the MiFID Org Reg) it will consider doing so in the future.

Destination table

2.8 The respondent noted that it can be difficult to track the PRA’s proposals for restating the MiFID Org Reg in the PRA Rulebook and requested that the PRA provide a transposition table to improve clarity for in-scope firms. They also stated that transposition table could also be used to explain why certain words were omitted or amended in a restated provision.

2.9 Having considered this feedback, and while the substantive structure of the relevant Parts of the Rulebook is unchanged, the PRA has now decided to include a transposition table (a destination table) in order to assist firms. The table illustrates that the scope of the restatement exercise in the PRA Rulebook is limited to a small number of provisions from the MiFID Org Reg, with some drafting adaptations to accommodate the change from EU text to PRA Rulebook style. The table gives the destination of where the relevant articles can be found within the Rulebook.

Changes related to the supervisory function

2.10 The respondent noted that, under proposal 2 in CP9/25 (Chapter 2 paragraph 2.8), the PRA proposed not to restate provisions from Article 25 of the MiFID Org Reg relating to the ‘supervisory function’ into the PRA Rulebook. This was on the basis that UK firm governance structures do not typically include a separate supervisory function, as is common in many EU jurisdictions. The respondent is concerned that this approach could unintentionally limit the oversight of PRA regulated firms.

2.11 The PRA agrees that such a removal could result in a perceived reduction of accountability for oversight by regulated firms, with the risk that simply removing the reference could create a compliance gap. Having considered this feedback, the PRA has amended its final rules (General Organisational Part 4.3, 4.4 and 4.8) to reinstate the reference to supervisory oversight but considers that the term ‘governing body’ should replace ‘supervisory function’. ‘Governing body’ is a UK term, defined in the PRA Rulebook as ‘the board of directors, committee of management or other governing body of an unincorporated association or body corporate’ which encompasses the board and allows for alternative governance structures as well.

2.12 This change is intended to maintain, rather than create new, obligations on firms’ governance structures. It is not intended to change or expand obligations imposed on the Board. The PRA does not consider that it is introducing a new regulatory obligation by this amendment. Omitting the reference to supervisory function without such a substitution would not deliver the intent of the original MiFID legislation, which is an element of independent oversight, and could lessen governance standards.

2.13 EU legislation already recognised that some jurisdictions have a one-tier structure, that is a single Board that performs both executive and supervisory tasks (See paragraph (56) of the introductory text – MiFID Directive 2013/36/EU). In the UK, the performance of this supervisory oversight function would generally sit with the governing body.

2.14 The PRA would also note the wider regulatory framework already gives the Board collective responsibility for the oversight of senior management in relation to the activities outlined in the General Organisational Requirements.

2.15 The term ‘governing body’ is defined in the Glossary Part of the Rulebook.

2.16 It should be noted that the PRA Rulebook: Governance and Requirements Instrument 2025 refers to both the management body and the governing body. These terms are used synonymously to refer to the body or bodies responsible for setting strategy, and direction, oversight of decision making and directing the business of the firm.

2.17 No comments were received in relation to the technical standard which will therefore be made without change.