CTRL 3.3.18 What if authorised firm is parent company of corporate group?

(1) If a category A or category B firm is the parent company of a corporate group, the firm’s board must ensure that it is aware of the material risks and issues that affect both the firm and its subsidiaries. The board must exercise adequate oversight over the subsidiaries while respecting the subsidiaries’ legal and governance responsibilities.
(2) In particular, the board must ensure that it understands the purpose, structure, governance and unique risks of the firm’s subsidiaries.
(3) The board:
(a) must establish a group structure (including the legal entity and business structure) and a corporate governance framework with clearly defined roles and responsibilities, at the parent company level and at the subsidiary level, as appropriate, based on the complexity and significance of each subsidiary;
(b) must define an appropriate subsidiary board and management structure that takes into account the material risks to which the group, its businesses and its subsidiaries are exposed;
(c) must assess whether the group’s corporate governance framework:
(i) includes adequate policies, processes and controls; and
(ii) addresses risk management across the businesses and legal entity structures;
(d) must ensure that the group’s corporate governance framework includes appropriate processes and controls to identify and address potential intragroup conflicts of interest (such as those arising from intragroup transactions);
(e) must approve policies and clear strategies for establishing new structures and legal entities, and must ensure that the policies and strategies are consistent with the policies and interests of the group;
(f) must assess whether there are effective systems to exchange information among the various entities, to manage the risks of the subsidiaries and of the group as a whole, and to ensure that the group is effectively supervised;
(g) must allocate sufficient resources to monitor the compliance of the subsidiaries with all applicable legal, regulatory and governance requirements;
(h) must maintain an effective relationship with the Regulatory Authority and, through the subsidiaries’ boards or direct contact, with the regulators of all the subsidiaries; and
(i) must establish an effective internal audit function that ensures that audits are performed within or for all the subsidiaries and parts of the group and the group as a whole.


Derived from QFCRA RM/2020-4 (as from 1st July 2021)