FG24/5: Prudential assessment of acquisitions and increases in control

Finalised Guidance Financial Conduct Authority Page 1 of 40 Contents Chapter Title Page 1 Introduction 3 2 Controller concepts and identification 5 Decision to acquire 5 Significant influence 6 Aggregation of holdings (including acting in concert) 7 Indirect controllers 9 3 Notices of proposed acquisitions and increases in control 12 Submitting the notification (including pre-notification engagement) 12 Information requirements – varying and waiving 14 Prudential Assessment of Acquisitions and Increases in Control FG24/5 1 November 2024

Financial Conduct Authority Page 2 of 40 Forms to be submitted for multiple entities controlled by the same person 15 Completeness of the notification 15 4 Assessment of the proposed acquisition 17 Our approach 17 The reputation of the proposed controller 18 The reputation, knowledge, skills and experience of those who will direct the business of the UK authorised person as a result of the proposed acquisition 23 The financial soundness of the proposed controller 24 Whether the UK authorised person will be able to comply with its prudential requirements (including the threshold conditions 25 Whether there are reasonable grounds to suspect that in connection with the proposed acquisition— (i) money laundering or terrorist financing is being or has been committed or attempted; or (ii) the risk of such activity could increase 27 5 Our approach to the use of conditional approvals to advance its objectives 30 Annex 1 Practical examples of the determination of controllers 31 Annex 2 Further guidance on acting in concert 37

Financial Conduct Authority Page 3 of 40 1 Introduction 1.1 This guidance note sets out our expectations in relation to: 1.1.1 how to identify controllers, including the concepts of significant influence, aggregated holdings and indirect controllers (chapter 2); 1.1.2 submitting the change in control notification (in accordance with s178 of the Financial Services and Markets Act 2000 (“FSMA”)), the additional information we may require and the approach to completeness (chapter 3); 1.1.3 the assessment criteria (in accordance with s186 of FSMA) used to assess notifications to acquire or increase control in a UK authorised person (chapter 4); and 1.1.4 how we will use its statutory power to impose conditions on an approval when it advances its objectives (chapter 5). 1.2 This guidance, including the illustrative diagrams in Annex 1, provide some indication of how we may expect firms and those acquiring or increasing control in UK authorised persons to identify ‘controllers’ for the purposes of FSMA. The illustrative guidance offered is not exhaustive, particularly in relation to broad concepts such as ‘acting in concert’. There may be cases where it is necessary for us to take an approach that is not described in this guidance. 1.3 This guidance is relevant to all FCA authorised persons and, in particular, to persons to which the change in control requirements apply. 1.4 It does not apply to cryptoasset firms registered with us solely under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. It does however apply to hybrid UK authorised persons who are also registered or authorised by us for other activities. 1.5 It applies to Directive, Non-Directive and Limited Permission Consumer Credit Firms except where specific examples are given for Directive Firms which are for illustrative purposes only. 1.6 This guidance replaces the Joint Committee Guidelines on Acquisitions and Increases of Qualifying Holdings published by the Joint European Supervisory Authorities that came into force in the financial sector on 1

Financial Conduct Authority Page 4 of 40 October 2017. It should be read in conjunction with the legislative requirements set out in: 1.6.1. FSMA, Part XII Control Over Authorised Persons; 1.6.2. FSMA, Part XXIX Interpretation, specifically s420 and s422; 1.6.3. The Financial Services and Markets Act 2000 (Controllers) (Exemption) Order 2009 (referred to in this document as the Exemption Order); 1.6.4. Companies Act 2006, s1162 and schedule 7; and 1.6.5. FCA Handbook, SUP 11 Controllers and Close Links.

Financial Conduct Authority Page 5 of 40 2 Controller concepts and identification Introduction 2.1 This section sets out our expectations as to how the following concepts should be interpreted: 2.1.1 decision to acquire or increase control1; 2.1.2 significant influence2; 2.1.3 aggregation of holdings3; and 2.1.4 acting in concert4 . 2.2 All the above concepts have an impact on whether a person would be deemed to be a controller as part of a proposed acquisition (and in some cases, increases in control). Decision to acquire 2.3 S178(1) of FSMA requires a person who decides to acquire or increase control over a UK authorised person to give the appropriate regulator notice in writing before making the acquisition. 2.4 We expect to take the following non-exhaustive list of elements into account in order to assess whether or not a decision to acquire the UK authorised person has been made: 2.4.1. whether the proposed controller was aware of or, considering information it could have had access to, should have been aware of the acquisition/increase of control and the transaction giving rise to it; and 2.4.2. whether the proposed controller had the ability to influence, object to or prevent the proposed acquisition or increase in control. 2.5 We expect there to be a finding of a decision to acquire in most circumstances, as almost always the controller would have taken, or omitted to take, certain actions which would have contributed to the circumstances leading to an acquisition5 or a control threshold being crossed6 . 1 S178(1) of FSMA. 2 S422(2)(c) and s181(2)(c), and s4(3)(c) and s6A(2)(c) of the Exemption Order. 3 S422(5) of FSMA. 4 S178(2) and S422(3) of FSMA. 5 Thresholds are set out in s181 of FSMA, and s4 and s6A of the Exemption Order. 6 Thresholds are set out in s182 of FSMA.

Financial Conduct Authority Page 6 of 40 2.6 In circumstances where a person may not be aware in advance of the change in control, nor have the ability to influence, object to or prevent the proposed acquisition or increase in control, our expectation is that information regarding these controllers will be provided proactively by the notice giver at the point of submission. We may request further information regarding the persons as part of its assessment of the suitability of the proposed controllers. 2.7 Should a person cross a controller threshold7 involuntarily they should notify us immediately upon becoming aware of such an event, even if they intend to reduce their level of holding so that it once again falls below the threshold level. 2.8 An example of a scenario in which persons may cross a threshold involuntarily includes the repurchase of shares held by other persons which leads directly to such threshold being exceeded. Significant influence 2.9 There are several factors relevant to any assessment of whether a person would be considered to be a controller via significant influence, including the ownership structure (current and proposed) of the UK authorised person and the actual level of involvement of the proposed controller in the management of the UK authorised person. 2.10 We expect the following non-exhaustive list of factors to be relevant to any determination of whether significant influence over the management of the UK authorised person may be exercised: 2.10.1. the ability to direct or influence decisions made by the board, which could be via a shareholder board appointment (to the UK authorised person or its parent) or other arrangement, as set out in 2.10.2 to 2.10.6 below; 2.10.2. making recommendations to the board of the UK authorised person which are almost always followed, as demonstrated by board minutes; 2.10.3. the ability to appoint or remove a member of the board of the UK authorised person; 2.10.4. material and regular transactions exist between a person and the UK authorised person e.g. the proposed controller’s ownership of intellectual property or a material outsourcing vehicle utilised by the UK authorised person which may influence how its business is run; 7 Thresholds are set out in s181 and s182 of FSMA and should be read in conjunction with the Exemption Order.

Financial Conduct Authority Page 7 of 40 2.10.5. additional rights in the UK authorised person by virtue of a contract entered into or of a provision contained in UK authorised person’s articles of association, other constitutional documents or shareholder agreements; 2.10.6. the existence of veto rights over material matters in relation to the running of the UK authorised person such as changes to the business plan or strategy. Aggregation of holdings (including acting in concert) 2.11 This section sets out our expectations in relation to how one person’s holding of shares or voting power should be aggregated with that of another person for the purposes of determining whether those persons have decided to acquire or increase control over a UK authorised person, such that notice is required to be given to us in accordance with s178 of FSMA. Aggregation of holdings 2.12 We expects there to be no more than two situations which would require the holdings of two or more persons to be aggregated for the purposes of determining whether they are a controller of a UK authorised person. 2.13 These situations are where: 2.13.1. shares or voting power are held, or to be held, by persons acting in concert; and 2.13.2. where one person’s holding of voting power is attributed to another person (deemed voting power) in addition to any other voting power held. 2.14 These situations may apply concurrently, for example, where a person, A, could be acting in concert pursuant to s178(2) of FSMA and have deemed voting power under s422(5)(a)(i) of FSMA where A has concluded an agreement that obliges them and a third-party shareholder of the UK authorised person to adopt, by concerted exercise of the voting power they hold, a lasting common policy towards the management of the UK authorised person. Acting in concert 2.15 There is no definition of the phrase ‘acting in concert’ in FSMA. We view persons as ‘acting in concert’ when each of them decides to exercise their rights linked to the shares they acquire in accordance with an explicit or implicit agreement made between them.

Financial Conduct Authority Page 8 of 40 2.16 We expect that the relevant persons would therefore: 2.16.1. hold shares and/or voting power in the UK authorised person or a parent undertaking of the UK authorised person; and 2.16.2. each take a decision to exercise the rights linked to those shares in accordance with an agreement (in writing or otherwise) between them. 2.17 We expect that while the rights ‘linked to’ shares for these purposes are most likely going to be voting rights, persons may be acting in concert where they decide to exercise other share-related rights, either in addition to, or instead of, voting rights, in accordance with an agreement made between them. 2.18 Persons will begin acting in concert when they take the decision to exercise their rights in accordance with an agreement between them. This decision may be taken before or after the time the relevant persons decide to purchase shares in the UK authorised person. 2.19 We do not expect such agreements to require persons to always exercise the rights attached to a person’s respective shares in the same way. We will consider persons to be acting in concert when they take the decision to exercise their rights in accordance with any agreement between them. In most circumstances this will include family members, those with close relationships, or those controlled by a common parent undertaking. 2.20 Once this decision has been taken, shares or voting power must be aggregated to determine whether control has been, or will be, acquired. The same analysis applies to increases in control and reductions in control, as set out in s182 and 183 of FSMA, respectively. The requirement to aggregate the holdings of shares and/or voting power under s178(2) of FSMA may apply to existing holdings, as well as to new purchases of shares and/or voting power. 2.21 Although the term ‘acting in concert’ has a potentially wide meaning, not all common actions taken by persons in relation to shares or voting power will require the aggregation of holdings of shares or voting power for the purposes of s178 of FSMA. 2.22 In particular, there may be circumstances in which persons (who between them hold the percentage level or more of the shares or voting power in a UK authorised person or its parent undertaking prompting notification) may engage in a concerted exercise of voting power, without this amounting to acting in concert in a manner requiring aggregation of their holdings.

Financial Conduct Authority Page 9 of 40 2.23 The indicative approach is that voting power of persons acting in concert will not be aggregated for the purposes of deeming them to be a parent of an undertaking and/or the undertaking to be a controlled undertaking for the purposes of s422(5)(a)(v) of FSMA. 2.24 This is illustrated below: 2.24.1. Shareholder A – 20% or more but less than 30% controller via its 20% shareholding in the UK authorised person. 2.24.2. Shareholder B – (acting in concert) 50% or more controller via acting in concert with Shareholder D to have an 80% combined shareholding in the UK authorised person. 2.24.3. Shareholder C - 30% or more but less than 50% controller via its 100% shareholding in Shareholder B. 2.24.4. Shareholder D – (acting in concert) 50% or more controller via acting in concert with Shareholder B to have an 80% combined shareholding in the UK authorised person. 2.24.5. Shareholders E, F and G - are not controllers as Shareholder D is not a controlled undertaking and therefore s422(5)(a)(v) of FSMA will not apply. 2.25 Further information in relation to our expectations of acting in concert are provided in Annex 2 and covers ‘deemed voting power’, passive shareholder agreements, conditional agreements, pre-emption rights, drag along rights and tag along rights, and takeover code definition of acting in concert. Indirect controllers 2.26 In accordance with s422 of FSMA, a controller can include persons with a direct or indirect holding in a UK authorised person which: 2.26.1. represents 10% or more of the shares or voting power; or 2.26.2. make it possible to exercise significant influence over the management of the UK authorised person.

Financial Conduct Authority Page 10 of 40 2.27 When determining whether an indirect holding is a controller, it is important to note that s422(5) of FSMA includes, in the definition of voting power, indirect holdings of “voting power” in the UK authorised person. Annex 1 sets out for the sake of clarity a number of examples of how the criteria in s422(5) of FSMA applies in practice (also refer to Annex 2 for deemed voting power). Limited partnership structures 2.28 The majority of private equity and fund manager transactions are typically executed through Limited Partnership (“Fund”) structures with one or more General Partners (“GP”) with unlimited liability and one or more Limited Partners (“LPs”) with limited liability. GPs typically have the power to exercise the voting rights associated with the Fund’s interest in an undertaking or exercise dominant influence over the Fund. There may also be circumstances in which the Fund has arrangements with an Investment Manager to manage its portfolio. In these situations, it should be considered, dependent upon the specific arrangements, whether this person(s) would be a controller. 2.29 Where there are different funds which individually have a holding below the 10% threshold, but share a common GP, consideration should be given to whether the aggregation of voting rights of the Funds are attributable to the GP meaning that the GP is an indirect controller. The Fund may have several LPs investing, who may have no role in its management. However, in certain cases, some LPs may be considered a controller depending on their proportional interest. 2.30 Given that private equity structures and similar types of fund structures can vary in size, nature and complexity, we would look to determine these on a case-by-case basis. We would encourage firms to seek legal advice for these types of complex ownership structures to determine how s422 FSMA applies. Minority controllers and their parents 2.31 The extended definition of voting power in s422(5)(a)(v) of FSMA provides that voting power includes in relation to a person, H, voting power held by a controlled undertaking8 , such as a subsidiary of H. 2.32 Therefore, all parent undertakings in the ownership chain of a minority controller (i.e. non-parent controllers with voting power in the UK authorised person) are captured as controllers of the UK authorised person. Each parent undertaking of the minority controller will be assigned the same level of control that the minority controller holds in the UK authorised person. 8 The four limbs of what is considered to be a controlled undertaking are set out in s89J(4) of FSMA.

Financial Conduct Authority Page 11 of 40 2.33 For example, in the below structure the following would apply9: 2.33.1. B - 50% or more (parent) controller via it being the parent of the UK authorised person. 2.33.2. X - 10% or more but less than 20% controller via their 10% holding in a parent (i.e. B) of the UK authorised person. 2.33.3. H1 - 10% or more but less than 20% controller via X being a controlled undertaking of H1. 2.33.4. H2 - 10% or more but less than 20% controller via H1, and therefore also X, being a controlled undertaking of H2. 2.33.5. T - is not a controller as H2 is not a controlled undertaking of T as it is not a parent undertaking of H2. 2.34 Note that this example exclusively looks at voting power. It assumes that T is not a parent undertaking of H2 for any other reason and also does not have significant influence over the management of A. Diagram A 9 This example does not include any disregarded holdings. When identifying controllers, you should also consider s422(A) of FSMA.

Financial Conduct Authority Page 12 of 40 3 Notices of proposed acquisitions and increases in control Submitting the notification (including pre-notification engagement) 3.1 We have published, on our change in control webpage, the controller form (and supporting documentation) which proposed controllers are expected to submit as part of their notification. However, we may impose additional information requirements in certain cases (based on the post-acquisition impact on the UK authorised person). The information required will vary depending on the proposals. Controllers are encouraged to engage with us prior to submitting their notification to discuss what additional information may be required. 3.2 The focus of the early engagement will be on the information we require to start our assessment of an acquisition or increase in control. Engaging with us prior to the submission of the notification will increase the chances of the notification meeting our expectations, being deemed as complete on receipt and allowing us to commence our assessment of the substance of the notification. For some cases we may request to see draft documentation prior to submission of the notification. 3.3 Please refer to our change in control webpage for further information and details of how to contact us. Where the UK authorised person or proposed controller is already engaging with other areas of the FCA, it is encouraged that they discuss the proposed acquisition or increase in control with these points of contact to ascertain any additional information that may be required from those areas to support the discussion and assessment of their proposals. 3.4 If the proposed controller or UK authorised persons are PRA authorised, you should also contact the PRA. 3.5 We welcome prior engagement for particular transactions due to their complexity and/or high-risk nature. Examples of these and where additional information might be required are: 3.5.1. Transformative change in control - this scenario refers to proposed acquisitions that indicate a material change in the UK authorised person’s: i) business plan (e.g. changes to strategy or rapid growth), ii) governance arrangements, or iii) capital/liquidity position at the time of acquisition or in the

Financial Conduct Authority Page 13 of 40 foreseeable future (usually three years). We may require additional information on the cost-benefit analysis undertaken by the proposed controller in order to understand the rationale for the acquisition vs another regulatory application route. 3.5.2. Complex groups - transactions where the proposed controller or the UK authorised person has a complex group structure may require additional information to assist us in our assessment of the supervisibility of the UK authorised person and group. This includes where the proposed transaction is likely to create a larger firm/group with significant market share. 3.5.3. Cross-border transactions – additional information on the timings and progress of linked transactions happening in other jurisdictions will likely be necessary. 3.5.4. Transactions involving the use of substantial debt financing – we may request further information, and have further questions, when the acquisition involves substantial debt financing in order to be satisfied as to the financial soundness of the acquisition and the potential impact on the UK authorised person. Examples of the type of information we may require includes: copies of external and internal debt/loan agreements, evidence to support ability to repay the debt/loan including any dividend upstreaming, debt/loan repayment profile, and liquidation ratios/projections. 3.5.5. Private equity or hedge fund ownership at 20% or more – the additional information likely to be requested in these cases are: 3.5.5.1. a detailed description of the performance of previous acquisitions by the proposed controller (or any person in their ownership structure that would be deemed to be a controller) of the UK authorised person in financial institutions; 3.5.5.2. details of the proposed controller’s investment policy and any restrictions on investment, including details on investment monitoring, factors serving the proposed controller as a basis for investment decisions related to the UK authorised person and factors that would trigger changes to the proposed controller’s exit strategy;

Financial Conduct Authority Page 14 of 40 3.5.5.3. the proposed controller’s decision-making framework for investment decisions, including the name and position of the individuals responsible for making such decisions; and 3.5.5.4. where the private equity or hedge fund is not authorised by us, a detailed description of the proposed controller’s anti￾money laundering procedures and of the anti-money laundering legal framework applicable to it. 3.5.6. Sovereign Wealth fund ownership at 20% or more – the additional information likely to be requested in these cases are: 3.5.6.1. the name of the ministry or government department in charge of defining the investment policy of the fund; 3.5.6.2. details of the investment policy and any restrictions on investment; 3.5.6.3. the name and position of the individuals responsible for making the investment decisions for the fund; and 3.5.6.4. details of any influence exerted by the identified ministry or government body/department/ministry on the day-to-day operations of the fund and the UK authorised person. 3.5.7. Linked FCA or PRA granted waivers – if a UK authorised person has been granted any waivers by us or the PRA, we may require information on the post-acquisition impact on these waivers. 3.5.8. Transactions involving firms falling under newer regimes or high-risk business models – for example acquisitions of FCA-registered cryptoasset firms/UK authorised firms with cryptoasset permissions; or the Investment Firms Prudential Regime. Prior engagement can help us liaise with the relevant stakeholders and identify any further information needed to assist with the assessment. Firms falling under prudential regimes may require longer ranging group forecasts or management accounts, as well as evidence of being able to meet the higher capital and liquidity requirements. Information requirements – varying or waiving 3.6 We may set out, on our website, reductions in the information required as part of the notification (e.g. specific forms for intragroup changes in control or for fund managers with holdings of less than 20%). We may

Financial Conduct Authority Page 15 of 40 also vary or waive some of our information requirements on a case-by￾case basis. 3.7 Prior engagement will allow us to consider the level of information required as part of the notification. 3.8 Under certain circumstances, such as in the case of acquisitions by means of a public offer, it is recognised that the proposed controller may encounter difficulties in obtaining information which is usually required. In these cases, the proposed controller should bring such difficulties to our attention. 3.9 We recognise that where the proposed controller is a government, or government body/department/ministry, providing the information set out in the controller forms may not be relevant and/or difficult to obtain. In these circumstances we may vary or waive notification requirements, but this should be discussed with us in advance. Forms to be submitted for multiple entities controlled by the same person 3.10 We may accept one controller notification form covering multiple controllers where they are part of the same group or controlled by the same legal or natural person. In particular, groups who make several acquisitions over a 12-month period are encouraged to discuss information requirements with us prior to formal submission. 3.11 The controller form should explicitly state the controllers are being captured under the single form and be signed by an authorised signatory on behalf of those controllers. 3.12 This approach is particularly applicable to intragroup changes in control but can also apply to other types of acquisitions or increases in control and therefore should be discussed with us in advance. Completeness of the notification 3.13 We will deem a notification as complete (as per s180(1) of FSMA this commences the assessment period) when it includes all the required information (see previous section on information requirements) to a satisfactory level for the purposes of commencing the assessment. This acknowledgement does not prejudice our entitlement to request further information, nor is it an indication as to the outcome of our assessment. 3.14 The information provided as part of the notification may still subsequently be assessed to be incomplete, especially if any new

Financial Conduct Authority Page 16 of 40 information comes to light or there are amendments to the specifics of the proposed acquisition. 3.15 Receipt of the notification will be deemed as being received the following working day if received after 16:00. The day of receipt is considered to be day zero. 3.16 For complete notifications, FSMA states that the regulator must inform the notice giver within two working days. 3.17 For incomplete notifications, FSMA states that the regulator must inform the notice giver as soon as reasonably practicable. We endeavour to acknowledge the incomplete notification in writing before the end of the second working day and to confirm the missing information in writing within 10 working days.

Financial Conduct Authority Page 17 of 40 4 Assessment of the proposed acquisition Our approach 4.1 Notifications for a change in control are assessed in accordance with the procedure set out in s189 of FSMA and the criteria set out in s185 (Assessment: general) and s186 (Assessment Criteria) of FSMA. 4.2 When carrying out its assessment, we, as per s185(2)(b) of FSMA, will have regard to the likely influence that the s178 notice-giver will have on the UK authorised person. 4.3 In addition, we may vary the intensity of the assessment and composition of the required information based on the nature, size and complexity of the transaction, as well as taking into account the UK regulatory history of the controller and whether or not the proposed controller (or its group) is supervised in a third country deemed equivalent. 4.4 Non-exhaustive examples of where we may take the approach mentioned in the above paragraph includes: 4.4.1. Intragroup transactions – firms should use the ‘Intragroup transactions form’ which contains reduced information requirements. Our assessment may only be focussed on the impact of the change in group structure. 4.4.2. Investment/Fund managers below 20% - controllers can usually benefit from using the ‘Fund manager’ form which contains a declaration, rather than information requirements. 4.4.3. Where the proposed controller is known to us and we are in possession of up-to-date information – we may deem it sufficient to only assess the corporate controller at the top of the control chain. 4.4.4. Where there is a change in the nature of the controller (i.e. moving up a control band) we may limit our assessment to the changes having occurred since the date of the last assessment and/or any proposed changes that may impact the UK authorised person.

Financial Conduct Authority Page 18 of 40 4.5. We will assess all matters on a case-by-case basis. There may be circumstances where we may require further information in order to conduct our assessment and this may depend on factors such as the nature of the changes being proposed, the length of time since the last assessment, and the materiality of information provided. We will communicate any changes in approach to the proposed controller. 4.6. There may be circumstances where we will contact other UK authorities or non-UK regulators. This will usually happen when approvals are required from those authorities/regulators for the acquisition to proceed. Our contact with these regulators is with a view to understanding the timelines of their process. We may also, where appropriate, request information relevant to our assessment against the s186 FSMA criteria. Any contact with other authorities or regulators will be in accordance with our legal obligations of confidentiality. 4.7. Under certain circumstances, such as in the case of acquisitions by means of a public offer, the proposed controller may encounter difficulties in obtaining information which is needed to establish a full business plan or provide other information that we would usually expect. In these cases, the proposed controller should bring such difficulties to our attention and point out the aspects of its business plan that may be impacted and/or modified in the near future. 4.8. We encourage early engagement from proposed controllers (or those seeking to increase control) to discuss notification requirements. The reputation of the proposed controller 4.9. Our assessment of the reputation of the proposed controller covers two elements: (a) integrity, and (b) professional competence. 4.10. In carrying out this assessment, we expect to consider the UK authorised person and the proposed controller’s influence/role in the UK authorised person. Integrity 4.11. The integrity assessment will be applied to all acquisitions and increases in control. We expect the assessment to extend to cover the legal and beneficial owners of the proposed controller. If the proposed controller is a legal person, the assessment of integrity will also cover the persons who effectively direct the business of the proposed controller. 4.12. We will always carry out an integrity assessment in respect of the proposed controller(s), even when the proposed controller has previously been assessed, as there may have been further

Financial Conduct Authority Page 19 of 40 developments since the date of the previous assessment. However, we may draw on the outcome of previous relevant integrity assessment when deciding on the level and extent of new information sought. 4.13. All relevant information available for the assessment will be taken into account, without prejudice to any limitations imposed by national law and regardless of the country where any relevant events occurred. The proposed controller will be considered to be of good repute if there is no reliable evidence to suggest otherwise and we have no reasonable grounds to doubt the proposed controller’s good repute. 4.14. Any criminal or relevant administrative records will be taken into account. As part of our assessment we may consider the type of conviction or indictment or other administrative action, the level of appeal, the sanction received, the phase of the judicial process reached and the effect of any rehabilitation measures. 4.15. Other matters which we may consider include the surrounding (including mitigating) circumstances and the seriousness of any relevant offence or administrative or supervisory action, the time period elapsed and the proposed controller’s conduct since the offence, as well as the relevance of the offence or administrative or supervisory action to the proposed controller’s status as a current controller of a UK authorised person. We may judge the relevance of criminal records differently according to the type of conviction or decision, whether it is still possible to appeal against the sanction (definitive vs. non-definitive convictions), the type of punishment (imprisonment vs. less severe sanctions), the length of the sentence (more vs. less than a specified period), the phase of the judicial process reached (conviction, trial, indictment) and the effect of rehabilitation. 4.16. The cumulative effects of more minor incidents, which individually do not impinge on the reputation of a proposed controller but might collectively have a material impact, may also be considered. 4.17. We may take particular account of the following factors, which may call into question the integrity of a proposed controller: 4.17.1. any conviction or prosecution of a criminal offence, in particular: i) any offences under the laws governing banking, financial, securities and insurance activity, or concerning securities markets or securities or payment instruments; ii) any offences of dishonesty, fraud or financial crime, including money laundering and terrorist financing, market manipulation, insider trading, usury and corruption; iii) any tax

Financial Conduct Authority Page 20 of 40 offences; iv) any other offences under legislation relating to companies, bankruptcy, insolvency or consumer protection; 4.17.2. any relevant findings from onsite and off-site controls or inspections, from investigations or enforcement actions, to the extent that they relate to the proposed controller either directly or indirectly, by way of its ownership or control, and the imposition of any administrative sanctions for non-compliance with provisions governing banking, financial, securities or insurance activities or those concerning securities markets, securities or payment instruments, or any financial services legislation and regulation or other matters contemplated in 4.17.1 above; 4.17.3. any relevant enforcement actions by any other regulatory or professional bodies for non-compliance with any relevant provisions; and 4.17.4. any other information from credible and reliable sources that is relevant in this context. When considering whether information from other sources is credible and reliable, we will consider both the extent to which the source is public and trustworthy, as well as the extent to which the information is provided by several independent and reputable sources, is consistent over a period of time and that there are no reasonable grounds to suspect that it is false. 4.18. Amongst other things, we will consider the impact of allegations, their nature and re-occurrence and pending criminal, administrative or enforcement investigations and may seek to mitigate risks by imposing conditions on an approval, where appropriate to do so. However in some circumstances the proposed controller may wish to consider whether contemplating the proposed transaction at this time remains appropriate. Proposed controllers should also familiarise themselves with our duty as to publication in respect of decisions that result in statutory notices. 4.19. We consider that the absence of a criminal conviction or prosecution, administrative or enforcement action may not constitute in and of itself sufficient evidence of a proposed controller’s integrity. 4.20. Attention will be paid to the following factors regarding the propriety of the proposed controller in respect of past business dealings:

Financial Conduct Authority Page 21 of 40 4.20.1. any evidence that the proposed controller has not been transparent, open and cooperative in its dealings with supervisory or regulatory authorities; 4.20.2. any refusal of any registration, authorisation, membership or licence to carry out a trade, business or profession, any revocation, withdrawal or termination of such registration, authorisation, membership or licence and any expulsion or suspension from a professional body or association; 4.20.3. the reasons for any dismissal or suspension from employment or any position of trust, fiduciary relationship or other similar situation, as well as any request to resign from such a position; 4.20.4. any disqualification by us or the PRA (or non-UK regulators) from acting as a person who directs a business; and 4.20.5. a history of insolvencies resulting in significant unpaid customer liabilities where the proposed controller was a director, or involved within one year of its dissolution. 4.21. We will assess the relevance of such situations on a case-by-case basis, recognising that the characteristics of each situation may be more or less severe and that the aggregation of some situations may be significant when considered together, even though each of them in isolation may not be significant. 4.22. In cases involving the person becoming a controller, the information requirements on which the assessment of integrity is based may vary according to the nature of the controller (natural vs. legal person, regulated or supervised entity vs. unregulated entity). 4.23. We will take risk-sensitive measures to verify the existence of adverse events relating to the proposed controller, including by asking the proposed controller, to the extent not already provided, to supply documents evidencing that no such events have occurred (for instance, recent extracts from the criminal register, if the relevant authority issues such extracts) and, if appropriate, by requesting confirmation from other authorities (including judicial authorities or other regulators), regardless of whether such authorities are domestic or foreign. We may also consider, to the extent they are relevant, and with due regard to the reliability of the source, other indications of wrongdoing, such as adverse media reports and allegations. 4.24. Failure by the proposed controller to provide the extracts contemplated in the aforementioned paragraphs, or the delayed submission thereof or

Financial Conduct Authority Page 22 of 40 the submission of an incomplete declaration may impact our integrity assessment. 4.25. When assessing the integrity of the proposed controller, we may take into consideration (to the extent it considers it relevant) the integrity of any person linked to the proposed controller, including any person who has, or appears to have, a close family or business relationship with the proposed controller. Professional competence 4.26. In its assessment of professional competence, we expect to take into account the influence that the proposed controller will have over the UK authorised person. Therefore, we may reduce the competence requirements for proposed controllers who are not in a position to exercise, or undertake not to exercise, significant influence over the UK authorised person. In such circumstances, the evidence of adequate management competence may be sufficient. 4.27. If the proposed controller is a legal person, we expect to assess both the legal person and all of the persons who effectively direct its business. 4.28. The professional competence of the proposed controller covers competence in management (the ‘management competence’) and in the area of the financial activities carried out by the UK authorised person (the ‘technical competence’). 4.29. The management competence may be based on the proposed controller’s previous experience in acquiring and managing holdings in companies. We consider that such experiences should demonstrate due skill, care, diligence and compliance with the relevant standards. 4.30. We may base its assessment of technical competence on the proposed controller’s previous experience in operating and managing financial institutions as a controlling shareholder or as a person who effectively directs the business of a financial firm. We would expect such experience to demonstrate due skill, care, diligence and compliance with the relevant standards. We may, in particular, consider any historic or pending insolvencies and the circumstances that led to those events. 4.31. In the case of an increase in control, and to the extent that the professional competence of the proposed controller has been assessed previously by us, we expect the relevant information to be updated as appropriate. 4.32. Persons may acquire significant holdings in financial companies with the aim of diversifying their portfolio and/or obtaining dividends or capital

Financial Conduct Authority Page 23 of 40 gains, rather than with the aim of becoming involved in the management of the UK authorised person concerned. We expect to consider the likely influence of the proposed controller over the UK authorised person, and may reduce the professional competence requirements for this type of controller. 4.33. Similarly, when the acquisition of control or of a shareholding allows the proposed controller to exercise a strong influence, we consider that the need for technical competence will be greater, considering that the controlling shareholders will be able to define and/or approve the business plan and strategies of the UK authorised person concerned. We expect to consider the nature and complexity of activities envisaged when assessing the degree of technical competence needed. 4.34. We may also consider the following situations regarding past and present business performance and financial soundness of a proposed controller with regards to their potential impact on the person’s professional competence: 4.34.1. any inclusion on any list of unreliable debtors or any similar negative records with a credit bureau, if available; 4.34.2. the financial and business performance of any entities owned or directed by the proposed controller or in which the proposed controller had or has a significant share with special consideration to any rehabilitation, bankruptcy and winding-up proceedings and whether and how the proposed controller has contributed to the situation that led to the events giving rise to the proceedings; 4.34.3. any declaration of personal bankruptcy; and 4.34.4. any civil lawsuits, administrative or criminal proceedings, large investments or exposures and loans taken out, in so far as they can have a significant impact on the financial soundness. The reputation, knowledge, skills and experience of those who will direct the business of the UK authorised person as a result of the proposed acquisition 4.35. Where the proposed controller is in a position to appoint new persons to direct the business of the UK authorised person as a result of the proposed acquisition and proposes to do so, such persons will likely be captured by the Senior Managers and Certification Regime, or equivalent, where an assessment of their reputation, knowledge, skills and experience will be carried out.

Financial Conduct Authority Page 24 of 40 4.36. Where the individual is to be appointed in a non-executive capacity, we will carry out a similar assessment of reputation, knowledge, skills and experience. 4.37. Where possible, the appropriate Senior Management Function (“SMF”) application should be submitted by the UK authorised person being acquired at the same time, or shortly after, the change in control notification is submitted. 4.38. It may not always be possible to submit the SMF application in advance, as the application must be submitted by the UK authorised person at which the role will be performed, and such UK authorised person may not be prepared to do so at the time the change in control notification is submitted. Under these circumstances, we are likely to request draft SMF applications to assist our assessment under this criterion. However, any consideration of the draft application is without prejudice to the subsequent assessment that will be conducted when the formal application is submitted. 4.39. Where the proposed controller intends to appoint an individual to direct the business of the UK authorised person and we are not satisfied that the person is fit and proper to perform the proposed role, we may oppose the proposed acquisition. The financial soundness of the proposed controller 4.40. In assessing the financial soundness of the proposed controller, we expect to consider the capacity of the proposed controller to finance the proposed acquisition and to maintain, for the foreseeable future (usually three years), a sound financial structure in respect of the proposed controller and of the UK authorised person. This capacity should be reflected in the overall aim of the acquisition and the policy of the proposed controller regarding the acquisition, but also - if the proposed acquisition would result in control of 50% or more in the UK authorised person, or the UK authorised person otherwise becoming a subsidiary of the proposed controller – in the forecasted financial objectives, consistent with the strategy identified in the business plan. 4.41. We will determine whether the proposed controller is sufficiently sound from a financial point of view to ensure the sound and prudent management of the UK authorised person for the foreseeable future, considering the nature of the proposed controller and of the acquisition. 4.42. We may object to the acquisition if we consider, based on our analysis of the information received, that the proposed controller is likely to face financial difficulties during the acquisition process or in the foreseeable

Financial Conduct Authority Page 25 of 40 future. In doing so, we will take into account all asset types (including intangibles) and liabilities held and to be held by the proposed controller. 4.43. We may also analyse whether the financial mechanisms put in place by the proposed controller to finance the acquisition, or existing financial relationships between the proposed controller and the UK authorised person, could give rise to conflicts of interest that could affect the UK authorised person. 4.44. In determining the necessary depth of the assessment of the financial soundness of the proposed controller, we may consider the likely influence of the proposed controller, the nature of the proposed controller (for instance, whether the proposed controller is a strategic or a financial investor, including whether it is a private equity fund or a hedge fund) and the nature of the acquisition (for instance, whether the transaction is significant or complex). We expect that differences in the characteristics of the acquisition may justify differences in the depth and methods of the analysis. 4.45. The information required for the assessment of the financial soundness of the proposed controller may depend on the status of the proposed controller, for example, whether it is: (a) already supervised by us and the PRA or (b) a natural person. 4.46. Whilst the use of borrowed funds to finance the acquisition should not, in and of itself, lead to the conclusion that the proposed controller is unsuitable, we may assess if such indebtedness negatively affects the financial soundness of the proposed controller or the UK authorised person’s capacity to comply with prudential requirements (including, where relevant, the commitments provided by the proposed controller to meet prudential requirements). 4.47. Our assessment may also cover, where relevant, the capacity of the proposed controller to provide further capital to the UK authorised person in the short to medium term, and if necessary, its stated intentions in respect of whether it would provide such capital. Whether the UK authorised person will be able to comply with its prudential requirements (including the threshold conditions) 4.48. The proposed acquisition should not adversely affect the UK authorised person’s compliance with prudential requirements, including the threshold conditions. The specific assessment of the proposed controller’s plan at the time of the acquisition is complementary to our responsibilities for the ongoing supervision of the UK authorised person.

Financial Conduct Authority Page 26 of 40 4.49. We may take into consideration the proposed controller’s declared intentions towards the UK authorised person expressed in its strategy (including as reflected in the business plan). We expect this to be backed up by appropriate commitments and evidence from the proposed controller, where appropriate, to support the UK authorised person to meet its prudential requirements. These commitments may include, for example, financial support in case of liquidity or solvency problems, corporate governance issues, the proposed controller’s future target share in the UK authorised person and directions and goals for development. 4.50. We will assess the ability of the UK authorised person to comply at the time of the proposed acquisition, and to continue to comply after the acquisition, with all prudential requirements, including capital requirements, liquidity requirements and large exposures limits, as well as with requirements related to governance arrangements, regulatory reporting, internal control, risk management and compliance. 4.51. If the UK authorised person will be part of a group as a result of the proposed acquisition, we will need to be satisfied it will not be prevented from exercising effective supervision, from effectively exchanging information with other relevant supervisors within the group, or from determining the allocation of responsibilities among the relevant subsidiary supervisors by the close links of the new group of the UK authorised person to other natural or legal persons. In addition, we will need to be satisfied that we will not be prevented from fulfilling our monitoring duties by the laws, regulations or administrative provisions of another country governing a natural or legal person with close links to the UK authorised person, or by difficulties in the enforcement of those laws, regulations or administrative provisions. 4.52. We will also consider the proposed controller’s capacity to support adequate organisation of the UK authorised person within its new group. We expect both the UK authorised person and the group to have clear and transparent corporate governance arrangements and adequate organisation. 4.53. The group of which the UK authorised person will become a part should be adequately capitalised. Under certain circumstances, the group may itself become subject to prudential requirements on a consolidated basis. 4.54. We expect to consider whether the proposed controller will be able to provide the UK authorised person with the financial support it may need for the type of business pursued by and/or envisaged for it, to provide

Financial Conduct Authority Page 27 of 40 any new capital that the UK authorised person may require for future growth in its activities and to implement any other appropriate solution to accommodate the UK authorised person’s needs for additional own funds. 4.55. If the proposed acquisition would result in control of 50% or more, or the UK authorised person becoming a subsidiary of the proposed controller, this criterion may be assessed as part of the assessment process as at the time of acquisition and on a continuous basis for the foreseeable future (three to five years). Therefore, the business plan provided by the proposed controller to us should cover at least this period. 4.56. The business plan should clarify the plans of the proposed controller concerning the future activities and organisation of the UK authorised person. This should include a description of its proposed group structure. The plan should also evaluate the financial consequences of the proposed acquisition and include a medium-term forecast. Whether there are reasonable grounds to suspect that in connection with the proposed acquisition— (i) money laundering or terrorist financing is being or has been committed or attempted; or (ii) the risk of such activity could increase 4.57. We will object to the proposed acquisition/increase in control if: 4.57.1. we know or suspect, or have reasonable grounds for knowing or suspecting, that the proposed controller or any connected party is or was involved in money laundering operations or attempts, irrespective of whether it is directly or indirectly linked to the proposed acquisition; 4.57.2. we know or suspect, or have reasonable grounds for knowing or suspecting, that the proposed controller or any connected party has carried out terrorist activities or terrorist financing; or 4.57.3. the proposed acquisition increases the risk of money laundering or terrorist financing. 4.58. This assessment criterion may also cover (to the extent it considers relevant) persons with close personal or business links (including through any family member or persons known to be close associates) to the proposed controller, including the legal and beneficial owners of the proposed controller.

Financial Conduct Authority Page 28 of 40 4.59. In order to assess the above, we will consider the information available such as evaluations, assessments or reports drawn up by international organisations and standard setters such as Transparency International, the Organization for Economic Co-operation and Development, the World Bank and the Financial Action Task Force (“FATF”), as well as open media searches and such other sources as may be available to us. 4.60. We will consider in relation to all available information: 4.60.1. if the proposed controller or a connected party is subject to a financial sanctions regime; 4.60.2. if the proposed controller or a connected party is a politically exposed person as defined by the UK’s Politically Exposed Persons Regime; 4.60.3. the source of the funds that will be used for the proposed acquisition. We will verify the activity which gave rise to the funds and that the source can be traced back to its origin by an uninterrupted trail. The funds should be channelled through institutions subject to effective anti-money laundering and terrorist financing supervision; 4.60.4. whether there is information that is considered incomplete, insufficient or which gives rise to suspicion – for example, capital movements not accounted for, cross-border relocations of headquarters, reshuffles in management or legal person owners, earlier associations of the owners, or the management of the company by criminals; 4.60.5. whether the proposed controller’s business itself has insufficient anti-money laundering and terrorist financing controls as determined by us; 4.60.6. if the UK authorised person has failed to register with the relevant competent authority for anti-money laundering and terrorist financing supervision; 4.60.7. if the proposed controller has valued the UK authorised person significantly higher than its market value considering its status as either a trading or dormant firm; 4.60.8. whether the proposed controller is established in or has relevant personal or business links itself (or through any family member or persons known to be close associates) with a country or territory on FATF Black and Grey lists;

Financial Conduct Authority Page 29 of 40 4.60.9. whether the proposed controller is established in or has relevant personal or business links itself (or through any family member or persons known to be close associates) with a country or territory where the legislation does not allow for the application of anti-money laundering and terrorist financing combating measures as that of the UK. 4.61. In the absence of specific evidence such as no criminal records, or where there are currently no reasonable grounds to suspect that money laundering is being committed or attempted, if the proposed acquisition nevertheless gives rise to reasonable grounds to suspect an increased risk of money laundering or terrorist financing, we will consider objecting.

Financial Conduct Authority Page 30 of 40 5 Our approach to the use of conditional approvals to advance its objectives 5.1 We may impose conditions (subject to the statutory process) when approving a change in control where it advances any of its objectives. 5.2 By way of illustration, we may impose conditions on an approval where there are unresolved matters, such as outstanding proceedings against a proposed controller.

FCA Official Financial Conduct Authority Page 31 of 40 – practical examples of the determination of controllers These illustrations are used to demonstrate how the controller test applies. It does not aim to conclude all control chains to where control, as per FSMA, ends (i.e. the red boxes). This example emphasises the impact of voting power in any determination as to whether there is a controlled undertaking (and thus deemed voting). To note that shareholding and voting power are separate calculations.

Financial Conduct Authority Page 32 of 40

Financial Conduct Authority Page 33 of 40

Financial Conduct Authority Page 34 of 40

Financial Conduct Authority Page 35 of 40

Financial Conduct Authority Page 36 of 40

FCA Official Financial Conduct Authority Page 37 of 40

• further guidance on acting in concert Deemed voting power There may be circumstances in which deemed voting power must be aggregated with other (actual or deemed) voting power for the purposes of determining whether s181(2)(b) of FSMA applies. The cases set out in s422(5)(a) of FSMA may result in the attribution of voting power to a person (H) without aggregation where H holds no other actual or deemed voting power in the relevant firm and is not acting in concert with any other person (for example, where H exercises the voting power attaching to shares deposited with him pursuant to a discretion granted to him in the absence of (1) specific instructions from the actual shareholders, and (2) any agreement with the shareholders as to how he should exercise that voting power or any other rights attached to those shares. We would not generally regard shareholders as acting in concert for the purposes of s178(2) of FSMA or as having deemed voting power requiring aggregation pursuant to s422(5)(a)(i) of FSMA simply because they have agreed to vote together on a particular issue, for example: i) rejection of a proposal for the remuneration of directors; ii) appointment or removal of a particular director; or iii) approval or rejection of an acquisition or disposal proposed by the firm’s board of directors. However, there may be circumstances in which voting together on a specific issue would amount to acting in concert for these purposes. Where, for example, shareholders who have no previous agreement in relation to the exercise of their voting rights agree to act together for the purpose of voting to enable them to obtain control of the board of a firm. This may not fall within s422(5)(a)(i) of FSMA, if those shareholders have no lasting common policy towards the firm’s

Financial Conduct Authority Page 38 of 40 management. However, those circumstances are likely to be exceptional. An agreement that does no more than require particular management actions to be put to a vote of shareholders, such as major acquisitions, disposals or new issues of shares, would not of itself trigger the requirement to notify. This is because there is no agreement as to how the shareholders will exercise their rights on, or whether the shareholders will adopt a common policy towards, those proposals. An agreement that gives certain shareholders veto rights over key decisions by the firm may bring those shareholders within the ambit of s178(1) of FSMA, regardless of whether they are acting in concert by virtue of them being able to exercise significant influence over the management of the firm. Acting in concert covers all agreements as to how to exercise voting power on future issues generally. It would, therefore, require the aggregation of holdings by the parties to the agreement, for the purposes of s178 of FSMA. It may also fall within the ambit of s422(5)(a)(i) of FSMA, but this will depend on whether the parties to the agreement have adopted a lasting common policy that relates to the management of the relevant firm. Passive shareholder agreements We consider that acting in concert may also arise as a result of passive shareholder agreements. In these, a shareholder (the passive shareholder) agrees explicitly or implicitly with another shareholder or group of shareholders (the ‘active shareholder’) that it will not exercise its voting power. For example, where the passive shareholder holds 2% of the voting power and the active shareholder holds 9% of the voting power, each would be regarded as having control (11% of the voting power) because their holdings are required to be aggregated under the acting in concert provisions. However, persons that acquire shares as part of an investment or hedging programme, and adhere consistently to a stated policy of not voting those shares, would not be regarded by us as having entered into an agreement with other shareholders, and would not be regarded as acting in concert with them. There may be circumstances where multiple purchasers of shares, who are each party to a share purchase agreement and whose combined

Financial Conduct Authority Page 39 of 40 shareholding will fall within s181(2) of FSMA, are required to give notice pursuant to s178(1) of FSMA, on the basis that the existence of the agreement means they are acting in concert. If it is clear that the only agreement between one or more persons consists in there being parties to the same share purchase agreement, and the terms which relate strictly to the purchase of shares and do not govern or seek to regulate the purchasers’ relationship with each other following completion of the share purchase, the purchasers would not be regarded by us as acting in concert for the purpose of requiring notification under s178 of FSMA. If, however, the share purchase agreement contains provisions governing or otherwise regulating the exercise of the rights linked to the shares to be acquired by the purchasers (or the purchasers have entered into, or propose to enter into, a shareholders’ or other agreement with similar effect), the proposed controllers may be regarded by us to be acting in concert as per s178 of FSMA, depending on the terms of the relevant agreement(s). Where there is evidence to suggest that the parties do in fact intend to co-operate in relation to the exercise of voting or other rights relating to the shares they are acquiring, notwithstanding that no provisions to that effect appear in the share purchase or other written agreement, this may warrant the conclusion that there is an implicit agreement between them by virtue of which they are acting in concert. Conditional agreements Where an agreement is conditional on any necessary approval by us, notice must be given under s178(1) of FSMA before control is acquired. The point in time at which this occurs may depend on a number of circumstances. In the context of a share purchase agreement that provides for our approval of the purchaser to be obtained before the acquisition is completed, the purchaser will not usually be required to give a s178(1) notice prior to entering into the agreement. However, there may be circumstances in which control is acquired at the time the agreement is entered into, for example, where the parties have agreed that the purchaser will be entitled (whether by virtue of a power of attorney contained in the agreement or otherwise) to exercise the voting rights attached to the shares being acquired in the period between signing and completion. In that case, the purchaser will need to consider whether to give notice under s178(1) of FSMA prior to entering into the agreement.

Financial Conduct Authority Page 40 of 40 Pre-emption, drag along and tag along rights ‘Pre-emption’ rights, ‘drag along’ rights and ‘tag along’ rights are unlikely to trigger the requirement to notify under s178(1). Bare pre￾emption rights will simply indicate each shareholder’s (the offeror) agreement to give fellow shareholders an option to purchase these shares, if they wish to sell. The acquisition of shares under these arrangements cannot take place until the offeror decides to sell these shares and other shareholders decide to buy them. Shareholders will not usually be regarded as acting in concert in holding or acquiring shares simply by agreeing to give each other future pre￾emption rights. The existence of 'drag along' and 'tag along' rights in a shareholders' agreement (designed to ensure equivalent treatment of shareholders of the same class in the event an offer is made, or to be made, by a non￾shareholder to purchase the shares of any single shareholder in a private company) would not result in the shareholders who have the benefit of those rights being considered as acting in concert in their holding or acquiring of shares. Takeover code definition of acting in concert The definition of acting in concert in the Takeover Code (the Code) derives from the Takeover Directive10. It has relevance in determining whether the relationship between persons with interests in shares carrying voting rights requires those rights to be aggregated for the purpose of assessing whether the threshold for the making of a mandatory offer to all other shareholders in a company, to which the Code applies, has been reached. The notes on the definition in the Code confirm that the Takeover Panel’s views in relation to acting in concert ‘...relate only to the Code and should not be taken as guidance on any other statutory or regulatory provisions’. The information in this guidance document is given for a different purpose and has no relevance to how acting in concert is to be interpreted in the context of the Code. It is relevant to considering whether the holdings of persons who have reached an agreement in relation to the shares or voting rights they do, or will, hold must be aggregated, for the purpose of determining whether they are subject to the requirements for assessment specified in FSMA. 10 2004/25/EC