“This must be tailored to your business, and take into account the type of regulated activity your firm intends to carry out.” – FCA
As part of the authorisation process the Financial Conduct Authority (FCA) will require all firms to detail and attach a Compliance Monitoring Plan (CMP) as part of their application pack. This highlights the key areas for consideration for firms to contemplate when developing their CMP.
What is compliance monitoring?
The Three Lines of Defence model is used in larger firms. The use of this has to be proportionate to the size and complexity of the firm. Simply put: the First Line are the customer facing people. The Second Line are the Assurance functions (Compliance, Risk etc) and the Third Line are the Audit Function.
Compliance monitoring is the quality assurance testing carried out over the day to day activities of the business. The compliance monitoring team usually sits as an independent function in the second line of defence and provides assurance to the board that the firm is operating within a compliant framework.
In a traditional three lines of defence model, the FCA will expect each business line to undertake their own regular monitoring of the day to day activities as the first line of defence, with Internal Audit providing the additional third line, depending on the size of the firm.
This document is provided in a fully editable word document.
The document covers all of the areas the FCA require, including;
IT Management and security
High Risk activities;
Data management and security;
Vulnerable customers; and
Click The Button To Get Your Time Limited Discounted Offer Now! Was £350 Now £300!
Download the brochure here;
Is it Just a List?
No, Each section has a recommended list of issues for checking and you complete the frequency and link to whatever process, procedure, log required and the activity taken.
If there are any issues, you note this and provide details of the issue and where/what/how it was dealt with, or perhaps transfer it to your risk register if it is a larger issue?
For each section there is also a corresponding controls assessment which you can input the controls you identify and assess the effectiveness and design. There is also evidence provision and management oversight along with the level of control activity. Instructions are provided.
What’s The Catch?
There is no catch. Like all templates you have to edit and amend it to reflect your unique and individual business. Once you have identified each monitoring activity, it is the easiest thing in the world to revisit and reassess each frequency of your choosing.
What if a Section Doesn’t Apply To My Business?
If any part or sub part doesn’t apply, then you can substitute other areas you may want to include or remove the section. There is an example of a removed part and why it may be important to retain the placeholder, in the instructions at the front of the Compliance Monitoring Plan Template.
How Difficult Is It To Edit?
Not at all. If you can edit a word document, you need the same skills to edit this to make sure it is your own.
Suggested wording is in grey.
Other than inputting the time period each time you deploy the project document and revising the business risks annually, there should be very little further editing to do.
You may also wish to keep/save a copy for each time you conduct the activity (3m/6m/12m) and build an audit trail of actions over time, providing a demonstrable monitoring activity pathway for any 3rd party who may require you to present it.
Overall there are 16 sections that can be edited, amended and adjusted to your precise business model.
All this for just £350 Now £300!
And If You Want To Automate Your Compliance Monitoring & Risk Management