Rules Navigator

MiFID onshoring continued: PRA Consultation Paper CP9/25

Two red London buses pass as Tower 42 (NatWest Tower), 22 Bishopsgate (also known as Horizon 22), 8 Bishopsgate (sometimes referred to as 'the Jenga') and 1 Leadenhall Street commercial skyscrapers are seen behind the Royal Exchange by the Bank of England at Bank on January 09, 2025 in London, England.
Photo: John Keeble/Getty Images

Tom Callaby | CMS, Ben Maconick | CMS, Ash Saluja | CMS+1

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

The consultation is relevant to PRA-authorized banks, building societies and designated UK investment firms.

On April 23, 2025, the Prudential Regulation Authority (PRA) published Consultation Paper CP9/25 on proposals to transfer the existing firm-facing requirements of the MiFID Org Regulation (the Markets in  Financial Instruments Directive Organisational Regulation) into the PRA Rulebook. The MiFID Org Regulation was assimilated into UK law post-Brexit and is cross-referenced in the PRA rules.

HM Treasury plans to revoke this UK version of the MiFID Org Regulation in the expectation that its provisions will be included in the PRA Rulebook and FCA Handbook instead.  

The MiFID Org Regulation sets out detailed organizational requirements, which in the UK are applied to investment firms and Capital Requirements Regulation (CRR) firms (certain provisions are applied to other types of firms and business). The relevant requirements for the PRA, as prudential regulator, are outsourcing, record-keeping, control procedures, risk, compliance and internal audit functions and governance.

CP9/25 is relevant to PRA-authorized banks, building societies and designated UK investment firms.

What are the PRA’s proposals?

The PRA plans to make no material changes to the rules and is not proposing any new requirements on firms. The PRA has restated the relevant requirements making only necessary changes, for example, to reflect PRA Rulebook drafting style and remove cross-references to the MiFID Org Regulation.

The PRA’s approach will provide continuity to firms and will give the PRA flexibility to update the rules in the future in response to emerging market trends and risks. 

Which parts of the PRA Rulebook are changing?

The main proposals set out in the draft rules instrument are as follows:

  • General organizational requirements: Articles 21 and 25 MiFID Org Regulation on the responsibilities of board and senior management will be integrated into the General Organisational Requirements Part of the Rulebook. The PRA is not copying over provisions relating to “the supervisory function” because UK institutional firm governance structures do not typically include a separate supervisory function and the PRA therefore considers the provisions to be irrelevant.
  • Outsourcing: Articles 30 and 31 MiFID Org Regulation will be restated in the Outsourcing Part of the Rulebook. The PRA proposes to insert a definition of “critical or important operational function” which is taken directly from Article 30 with no material amendments.
  • Recordkeeping: Article 72 MiFID Org Regulation covering the retention of records will be set out in the Record Keeping Part of the Rulebook. A definition of “organisational records” will be added.
  • Compliance and internal audit: Provisions in the MiFID Org Regulation which require firms to have an effective compliance function (Article 22) and internal audit function (Article 24) will appear in the Compliance and Internal Audit Part of the Rulebook.
  • Risk control: Article 23 MiFID Org Regulation covering risk control and maintaining risk management policies will be restated in the Risk Control Part of the Rulebook. The definitions of “listed activities” and “relevant services and activities” are now used in this Part, where they were previously restricted to the Outsourcing Part, and will therefore be added to the Rulebook glossary.
  • Notifications part: The PRA has identified a few references in the Notifications Part which refer to legislation which was replaced as part of the MiFID II reforms. The PRA therefore proposes to make the necessary amendments. 
  • Technical standards regulation: There are currently references to the MiFID Org Regulation in technical standards regulations for which the PRA has responsibility post-Brexit. These standards relate to the organizational requirements of investment firms engaged in algorithmic trading. The PRA will update these cross-references via the standards instrument in Appendix 2 to CP9/25.

What happens next?

Firms have until 23 June 2025 to respond to the PRA’s consultation. The FCA has already consulted separately on replicating the MiFID Org Regulation rules in the FCA Handbook. The FCA’s consultation is now closed.

The PRA and FCA plan to publish final rules in separate policy statements on the same date in H2 2025. The timing of the implementation of any changes will be in line with the Government’s timetable to repeal the firm-facing requirements in the MiFID Org Regulation which is currently planned for H2 2025.

The revocation and restatement of the MiFID Org Regulation represents an important step in the UK Government’s programme to repeal EU law and the adaption of the UK’s regime into a framework consistent with the UK’s approach to financial services regulation.

The PRA and FCA will consider in due course, in consultation with each other, whether and how to replicate the Markets in Financial Instruments Regulation (MIFIR) into the PRA Rulebook and FCA Handbook.

Tom Callaby and Ben Maconick are partners in the Financial Services team and Ash Saluja is head of Financial Services & Products, CMS London.

Co-authored by Sam Sykes, Trainee Solicitor

, , , , , , , , , ,

You may also like