Category: Compliance & AML · Reviewed by Taylor Watts, Broker · New Business · Last reviewed June 2026
The FCA Handbook sourcebook setting governance, accountability, internal-control, record-keeping, conflicts-of-interest, outsourcing, remuneration and whistleblowing standards for authorised firms.
SYSC stands for Senior Management Arrangements, Systems and Controls. It is the backbone governance and operational risk sourcebook for FCA-authorised firms. It sets minimum standards for the way a firm is organised, the way decisions are made and recorded, how senior individuals are held to account, how risks are identified and managed, and how regulated activities are supervised.
SYSC sits in the FCA Handbook, made under FSMA sections 137A and 138. It incorporates the systems-and-controls articles of the Insurance Distribution Directive (Articles 10 and 17 IDD), the MiFID II organisational requirements (Article 16 and Commission Delegated Regulation (EU) 2017/565) and the Senior Managers and Certification Regime under sections 59ZA, 60A and Part V of FSMA. It also includes the Whistleblowing rules implementing the Whistleblowing Directive (Directive (EU) 2019/1937) where relevant.
SYSC is split into 28 chapters. SYSC 1–4 set general organisation, governance, apportionment of responsibilities, and the four-eyes principle. SYSC 5 covers competence and training. SYSC 6 covers compliance, internal audit and financial crime. SYSC 7 covers risk management. SYSC 8 covers outsourcing. SYSC 9 covers record-keeping. SYSC 10 covers conflicts of interest. SYSC 18 covers whistleblowing. SYSC 19F covers remuneration codes for IDD intermediaries. SYSC 22 covers regulatory references. SYSC 23–28 contain the SMCR-specific provisions for solo-regulated firms, including Conduct Rules.
The application table at the front of each SYSC chapter divides firms into categories such as Common Platform Firms, Limited Scope Firms, Core Firms and Enhanced Firms under the SM&CR. Apex sits in the Core regime for SM&CR purposes given size and permissions. Outsourcing rules apply with proportionate intensity depending on whether the outsourced function is “critical or important”.
The SYSC 6.1.1R compliance function requirement, the SYSC 6.3 financial crime rule, the SYSC 19F.2 IDD remuneration rule, the SYSC 22 regulatory references rule, and the SYSC 27 Conduct Rules each apply to Apex. Records of governance decisions must be kept for five years (SYSC 9 — three years for non-MiFID firms, five for MiFID, with longer periods under other rules).
FCA Handbook, Senior Management Arrangements, Systems and Controls (SYSC). Financial Services and Markets Act 2000, sections 59ZA, 60A, 64A, 137A and 138. UK retained Insurance Distribution Directive (Directive (EU) 2016/97), Articles 10 and 17. UK retained MiFID II (Directive 2014/65/EU) and Commission Delegated Regulation (EU) 2017/565. Directive (EU) 2019/1937 on the protection of whistleblowers.
By Matt Bartlett, Director, on 2026-06-11.
This entry is part of the Apex Insurance Wiki. Last reviewed by Matt Bartlett on 2026-06-11. Apex Insurance Brokers Limited, FCA FRN 724952, Companies House 07014570. Not regulated advice — consult your broker on your specific position.
Apex Insurance Brokers serves UK professional services firms and commercial businesses. Call 0117 325 0027, email hello@apexinsurancebrokers.co.uk, or request a quotation.
Get a quote