Skip to main content
  • This website sets cookies on your device. To find out more about how we use cookies please refer to our Privacy and Cookie Policy. By continuing to use the site, we’ll assume that you are content for us to set these on your device.
  • Close
Home > Prudential Regulation Authority > Management and governance

Management and governance

This pages sets out the PRA’s approach to management and governance and risk management. Further information is available in the PRA's approach to banking supervision.

Management and governance

It is the responsibility of each firm’s board and management to manage the firm prudently, consistent with its safety and soundness, thereby contributing to the continued stability of the financial system.

For a firm to be permitted to carry out regulated activities, the firm as a whole must be ‘fit and proper’. At initial authorisation, the PRA takes into consideration the record of a firm itself where appropriate and those who manage its affairs, including the existence of any record of past misconduct. 

This requirement, for a firm and those managing its affairs to be ‘fit and proper’, is in addition to the obvious need for a firm’s board and senior management, and in particular its Chair, to have regard to the need for the firm to comply with all applicable laws and regulations.  

In many cases these expectations are directly reflected in PRA rules. More generally they elaborate on the ‘prudent conduct’, ‘suitability’ and ‘effective supervision’ Threshold Conditions. The PRA rules and Threshold conditions are available in the PRA Handbook – see External Links.

The PRA’s expectations for management and governance focus on:

  • Culture and behaviour
  • Competence
  • Structures

See also:

Risk management

The PRA attaches particular importance to firms managing risk effectively, because it is the crystallisation of risk, or concerns about risks crystallising in the future, that causes problems for firms’ safety and soundness. Firms should have robust frameworks for risk management and financial and operational control, commensurate with the nature, scale and complexity of their business, and consistent with their safety and soundness. Competent and where appropriate independent control functions should oversee these frameworks.

In many cases the PRA’s expectations on a firm’s approach to risk management, its control framework, and its risk management and control functions are directly reflected in PRA rules. More generally they elaborate on the ‘prudent conduct’ and ‘effective supervision’ Threshold Conditions.

PRA publications

Readers can also find more information on Risk Management and Management and governance in the PRA Publications section of the website – see Related links. Select Banking policy publications, and click on the ‘Topic’ drop down and select ‘Management and governance’ or ‘Risk management and controls’.