Category Archives: Information Update

Why Is Document Version Control So Important?

Why Is Document Version Control So Important?

london compliance specialists regulatory PRA FCA

 

Why is Version Control Important?

Version control is important when documents are being created, and for any records that undergo a
lot of revision and redrafting or annual reviews. It helps us to track changes and identify when key decisions were
made along the way. It is particularly important for electronic documents that are being reviewed
by a number of different users.

Knowing which version of a document you are looking at is important if you are trying to find out which version of a policy is currently in force, or which version of a policy was in use at a particular time. It forms good records keeping practice which is particularly important in meeting our obligations under the Freedom of Information Act.

Aim
The aim of this document is to provide best practice guidance for applying version control to
different types of document at the University of Nottingham. This guidance covers best practice use
of:
1. File Naming conventions
2. Version Numbers
3. Version Control Tables
4. Document control Tables

File Naming Conventions
At the simplest level you can use file naming conventions to identify the version of a document. Use
the file name of the document to determine both the version and status alongside the subject , for
example:

DRAFT
Records Management Policy Draft v0.1

Records Management Policy Draft v0.3

PUBLISHED

Records Management Policy v1.0

Records Management Policy v1.1 (note: first revision – minor)

Records Management Policy v2.0

Remember to update the version number on the file name as well as the header (or footer) of the
document itself. It is easy to update a document and forget to rename the version number on either
the file name or the document which can lead to confusion.

Unless you don’t need to keep previous versions of the document, always save updated versions as
‘Read-only’ tag to ensure you are forced to create a new version the next time to go to update it.

File naming conventions alone will not tell you who made the change and what the change was. If it
is important to record this information use a version control table.

Version Numbers
Version numbering helps to distinguish one version of a document from another. For some
documents, you may decide that a simple numbering system consisting of consecutive whole
numbers is sufficient to help you keep track of which version you are working on. However,
documents that go numerous stages of development before a final version is reached, and for those
that are developed through input by multiple individuals, you may decide to adopt version numbers
to keep track of both minor and major changes to that document.

Minor Revisions
Minor revisions are small changes made to a document such as spelling or grammar
corrections, and other changes that… Minor revisions to a document are reflected by making
increments to the decimal number.

Major Revisions
Major revisions are changes to a document that require the document to be re-approved
(either by an individual or a group). Major revisions are reflected by incrementing the whole
number by 1.

document control version control

compliance consultants london fca authorisations

document control version control

Remember – when electronically storing documents, it is often best practice to include the date at the front in reverse, as computers store files incrementally. So – 1st March 2021 becomes 20210301.

 

If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

0207 097 1434 or email info@complianceconsultant.org.

This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

FCA Regulatory Assessment Audit

FCA Regulatory Assessment Audit

 

 

Other Posts In This Series

The Importance of Good Management Information (MI)

The Importance of Good Management Information (MI)

good management information

The significance and requirement of excellent operational detail (volumes, speed, performance indicators, controls, tolerances etc.) are vital to successful management of business. To be able to consistently make efficient decisions, a series of records and measurements is needed, and if they ceased to be accurate or effective can significantly affect the ongoing stability, and profitability of an organisation leading to poor management decisions.

The information can be found in many different forms depending on the business, cashflow and forecasts are obvious, but sales, staff turnover, sales activity, marketing results, supplier consistency can also be performance indicators needed to demonstrate the efficacy of the business. Many firms also use  elements of worker retention numbers or consumer satisfaction rates. Ultimately though the term suggests anything that can be used to aide in the secret choices that management need to make; nevertheless, that does not imply all details captured provide value, usefulness or are “good”.

What makes the MI “great”?
When thinking about whether the details obtained is in fact of a high quality and therefore any use to the business, there are the following 5 key points to consider.
  • Significance: Take into account whether the details you have is actually pertinent to the company, however likewise to the staff member who will be using it.
  • Authentic: To be able to utilise the information to make key decisions, it should really be authentic and precise info.
  • Trigger: If it takes too long to get, or too long to be provided to individuals who need it at the right time, then it would not be of any use, for that reason it is necessary the collection of data to be utilised is set over a specific period; you can’t compare apples with pears.
  • Pursued: For it to be great, then it should have the ability to be acted upon, if not then the time spent gathering was pointless.
  • Documented: If the information gathered has not been examined or analysed, processed and recorded, it will create huge issues for the firm in the future if they try ro reference back to the measure or effectiveness/accuracy of what was provided. Poor records make future decisions impossible to make effectively and this would fail the SMCR “Reasonable Steps” test for SMFs.
Too much information and an avalanche of “performance indicators” is no use at all. Key Performance Indicators eed to be established and reviewed periodically (to ensure they maintain value). It is in combination of all these factors that comprise “good details”, however it depends on the management to choose which elements are more crucial that others, if there is an urgent requirement for information, then the weighting on the significance of it might eclipse the requirement for it to be documented, however this constantly depends on the environment, both from a business and regulatory perspective.
Why is good management details crucial to a service?
When the information utilised is of a high standard, it can allow a business to recognise areas for enhancement, or fine tuning keep track of the quality of operations, boost profits and evaluate strengths and weak points to enable time to be spent on doing what the company does best, and raise the bar on areas or processes where it might be failing.
In making essential choices, you need supporting evidence to be able to prevent making an ill-informed choice, and evidence that you had the best source of data, external regulatory or legal advice, for business success as well as SMCR reasonable steps. Bad or incomplete  information can force you into making assumptions or even just guesses and this results in planning poorly or not react is adeqaute time to changes in business or the environment. The wrong choice can hold up a business, attract regulatory censure or enable rivals to get a benefit of your company. If you do not have any robust and accurate information at all you are just arrogantly gambling on the chances of your decisions being right and increase the danger of failure within your company.

If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

0207 097 1434 or email info@complianceconsultant.org.

compliance consultants london
This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.
Other Posts In This Series

Thoughts on Organisational Charts

Some thoughts on Organisational (ORG) Charts

organisational charts image

What Can an Org Chart Show? Or, How To Read An Organisational Chart

Even the traditional waterfall Org Chart can still communicate a lot about an organisation, if we reframe what we are looking at. The layers being a representation of power and certainly that’s the first thing people think of when they think Org Chart: it shows who is who’s boss.

But in a modern organisation, layers represent a scope of focus, and lines represent channels of accountability.
Granularity of Decisions
Probably the biggest differentiator between modern organisations and old, top-down hierarchical organisations is that modern organisations recognize that to be fast, to be flexible, and to make good decisions in quickly changing environments, you have to push the decisions down through the organisation to the people who are closest to the decision point, to the people that have the most timely and accurate information about what needs to be done there.
So one of the things an Org Chart can show you in a modern organisation is the level of granularity of decisions that any person in that organisation should be making. For example, the CEO at the top is responsible for setting the vision and the direction of the company, and those are very high-level, non-granular decisions to make. Then you have your managers who are responsible for a slightly more granular and more focused towards their specific expertise areas level of decision-making around planning, setting charters for their specific teams, and defining KPIs. Finally you have the ICs on those teams who are responsible for the super granular decisions around execution: what are we actually going to do and how are we actually going to move those needles on those KPIs, which all rolls back up into the organisation’s vision.
Are you a big picture thinker or a detailed-oriented doer? Either type of person can be successful at any level, but your personal strengths on either spectrum will lend itself to being a superstar at different levels.
In this case the Org Chart is a great check and balance, because if your CEO is making decisions about how you’re executing on a single team’s contribution to the vision, that’s not something your CEO should be doing. That is at worst a misuse of power and at best a huge distraction from what the CEO should actually be doing — execution details are definitely not the most effective way for them to be contributing to the organisation!!!
And it also works the other way for ICs coming into the organisation and looking at their career path. At what level do they want to make decisions and contribute to the organisation? The Org Chart gives them an idea of where they are and where they need to get to in order to make that kind of impact and do that kind of work. And some people want to be in the granular details forever and that’s ok too, there should also be career growth paths within those IC levels. Just one more reason your level on the Org Chart shouldn’t be equated with power or seniority.
Type or Kind of Role
An Org Chart can also show who are managers and who are individual contributors within the organisation. This seems like it should be obvious, but in practice in fast growing startups, it’s harder than it seems, or at least making the right decisions based on this information is harder than it seems.
We just love that superhero CEO trope don’t we? So much easier to build a personal brand on making yourself look successful than it is to build one on making thousands of other people actually successful at their jobs.
The difference between manager and IC is important thing because those two kinds of people within the organisation should be judged very differently. Individual contributors are judged on their personal execution and how their efforts are contributing to moving the needle on certain factors within the organisation. But the manager should be judged on how well their team is able to do their jobs. A manager should never be judged, and should never judge themselves, on their personal contributions to the organisation above that of their team.
This is something that especially people first moving into management really struggle with, but that organisations moving from that everybody-wears-a-lot-of-hats phase also repeatedly drop the ball on. As people’s roles shift and change in a growing organisation you can end up with this kind of legacy issue; with people who are now managing people still judging themselves or being judge by the organisation as if they are still that lone individual contributor. People can struggle to get their manager legs back on even if they’ve managed people before and they know better.
Channels of Accountability
Finally, the Org Chart makes clear what the channels of accountability are. I want to be really clear about this because in old-school Org Charts the line between you meant that your boss was in charge of you. They got to tell you what to do, and you were accountable directly to your boss. That is not true in modern organisations, especially data-driven organisations (or data-informed, if you prefer). The idea now is that every individual is accountable to the organisation and for how their contributions move the organisation’s metrics.
Individual Contributors are accountable to the organisation, first and foremost, but managers are highly accountable to their reports for communicating the organisation’s vision down to them and contextualizing it for their specific scope within the organisation. This is reflected in what managers are first and foremost accountable to their reports for: for communicating a team charter; for communicating clear KPIs that affect the company’s vision; for enabling them with a healthy team structure, tools, resources and information they need to make good decisions regarding the KPIs; and for unblocking them and helping them work across the organisation when necessary to affect those KPIs.
Those are all things that the manager is accountable to their reports for. In comparison, the manager acts only as a channel of accountability on behalf of the organisation — reviewing performance, granting raises and promotions, and executing hiring/firing decisions — all based on whether or not people are contributing to the organisation’s goals and working with the team as expected.
Where do we go from here?
So we’ve redefined what you are seeing in Org Charts, what that means in a modern organisation and how you should be using it to communicate. Hopefully seeing what these can contribute even in modern, fast-changing organisations has convinced you that you do need one.
But even I’ll admit that maybe the traditional Org Chart just has cultural bias that’s built into it, and even reconfiguring our communication around WHAT the Org Chart is meant to show doesn’t solve all the problems I mentioned originally.
The “flat” organisation is a great example, because the thing is, I don’t think an Org Chart CAN represent this. It has almost nothing to do with your structure, and everything to do with your culture — with what informs your decisions, how you structure the conversations around decisions, and how you communicate those decisions. You could have an organisation with 20 layers, and if it does those things well, it will be more “flat” and fair and open to everyone’s ideas than an organisation with zero layers that only listens to 3 or 4 people all the time and can’t communicate the structure for how it makes decisions. As any of us that have worked at so many of those supposedly “flat” organisations can attest to.
But saying that being “flat” and inclusive has to do with the number of layers is confusing correlation with causation. Older organisations are more likely to have more layers, because they are bigger and have more people. And older organisations, for the time being, are also likely to be more top-down hierarchical, because we’ve only started playing with new models in the last 40 years~ish and only really succeeding and scaling with them in the last 20. And yeah, smaller organisations are likely to have less layers and feel more inclusive because consensus-based decision making can still work at sub-25 people. But I don’t know how a traditional waterfall Org Chart is ever going to capture that kind of political or cultural information.
Another thing that old-school Org Charts have lost when applied to modern organisations is the map of how communication works within the organisation. Waterfall Org Charts did used to represent how communication worked in old hierarchical organisations, because teams didn’t laterally talk to each. But we do that all the time now in modern organisations because it would be too inefficient to ask your manager to talk to their fellow manager to talk to their people to go all the way back through that chain with the information. There’s just a ton more lateral communication happening across teams, and we’ve just totally lost that mapping of how does communication work at this company? I think it’s one of the reasons good communication seems to be one of the first things that breaks down for startups as they grow. It seems almost unavoidable.

If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

0207 097 1434 or email info@complianceconsultant.org.

compliance consultants london
This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

Company Organizational Chart, Organisational Chart Advantages, Organisational Chart Importance, Organisational Chart Online, Organisational Chart Uk

£275M Fines For Two International Business By ICO

The UK Information Commissioner’s Office (“ICO”), has flexed its muscles and announced its intention to issue fines rising above ₤ 275 million against two international businesses for losing the personal data they hold guarded from cyber-attacks under the European General Data Protection Regulation (“GDPR”).

On 8 July 2019, the ICO made known its intention to fine British Airways (“BA”) ₤ 183.39 million under the GDPR for a personal data breach it suffered in August 2018. The breach, called a “sophisticated, malicious criminal attack”, was initially disclosed by BA on 6 September 2018. Details of around 500,000 BA customers were endangered during the breach, which consisted of the diversion of user traffic from the BA website to a fraudulent website. The personal information compromised featured names, email addresses and payment card details used during the booking process. The ICO indicated that BA worked together with the ICO investigation and has made security improvements following the incident.

The penalty is reported to amount to about 1.5% of the global annual turnover of BA in 2017 and is the highest fine issued until now by a European Union data protection supervisory authority for a personal data breach under the GDPR.
On 9 July 2019, the ICO declared its intention to fine Marriott International, Inc. (“Marriott”) ₤ 99.2 million under the GDPR for a personal data breach that occurred in relation to the Starwood guest reservation database system. The breach is believed to have started when Starwood hotels systems were affected by a cyber-attack in 2014. The breach was discovered and notified to the ICO in November 2018, two years after Starwood’s acquisition by Marriott. Personal data contained in over 330 million guest records were exposed due to the occurrence. About 30 million records of individuals from over 30 countries in the European Economic Area (EEA). Roughly 7 million records related to individuals located in the UK. The ICO determined that Marriott should have taken extra steps to review and secure the IT infrastructure used by Starwood. The ICO noted that Marriott had worked together with the investigation conducted by the ICO and had improved its security practices since the incident.
The GDPR established two tiers of penalties that could be issued by European data protection supervisory authorities; the standard maximum and the higher maximum. The standard maximum allows for a fine equivalent to the greater of 10 million Euros or 2% of total annual worldwide turnover in the preceding fiscal year of the relevant undertaking for a violation of certain provisions, whereas the higher maximum permits the greater of 20 million Euros or 4% of the total annual worldwide turnover in the preceding financial year of the relevant undertaking for a violation of more serious provisions, including data protection principles or data subjects’ rights.
The penalties issued to BA and Marriott fall beneath both of these thresholds, which may reflect BA and Marriott’s cooperation with the ICO investigation and also those organisations have made enhancements to its security practices since the incidents were found. Both organisations have 28 days to make further representations to the ICO about the calculation of the fine before the ICO makes its final decision. The ICO has said that it will carefully consider any representations made by them and the other European data protection authorities before it takes its final determination.
In both cases, the focus of the ICO’s statements of intent seems to be on the security failures that led to the breach occurring, instead of necessarily going on the types and sensitivity of personal data impacted. The ICO also concentrated on the responsibility to conduct an appropriate due diligence process into the IT security and data protection practices of a future target of any M&A activity where that target is subject to the GDPR. No matter how breaches happen, it is clear that the ICO is taking security breaches very seriously and these events should provide a strong reminder to companies to get their house in order to follow the security and other obligations under the GDPR, which involves businesses both in Europe and away from Europe. Being the first two fines it has issued under GDPR for a personal data breach, the ICO in particular may possibly be approaching these episodes as an opportunity to “set out its stall” regarding future enforcement action, with its eye on setting the standard of compliance in the UK in a post-Brexit environment.

If you need your systems and controls checked with  view to GDPR and FCA Compliance, Contact us now!

0207 097 1434

[ninja_form id=1]

Active Search Results

Online Senior Managers & Certification Regime Compliance Course Available For Core-Limited Firms

Why This Course?

Running Your Own SMCR Preparation Project?

This course will equip you with everything you need to know and everything you need to do.

The extension of the Senior Managers and Certification Regime (SM&CR) to investment firms in December 2019 represents a major overhaul of the way in which individuals working within financial services are regulated.

The new rules increase the number of employees who are subject to regulatory obligations, whilst significantly enhancing the accountability of those in senior management positions. They also impose potentially onerous obligations on firms, from the documentation of management responsibilities to the training of employees on the application of the Conduct Rules.

We have extensive experience in training senior managers and other staff who are subject to the SM&CR and we have developed a range of training solutions to suit a wide variety of requirements. You will also gain access to a 50% discount in our special offer promotion for a valuable aid to your implementation planning.

Run by Lee Werrell Chartered Fellow of the CISI and someone with years of experience in implementing the SMCR in the banking and insurance world, you will benefit from;

  • Leveraging the trainers experience with the banking roll-out; we look to unpick the lessons to be learnt for the SMCR extension to all regulated firms
  • Packed with practical exercises to focus on the identification of key employees and what you need to do in the lead in to SMCR
  • Conduct rules; what are they, what do they mean & why do they matter?
  • Walk away with a clear plan of your next steps for your SMCR implementation
  • Includes a Special Offer on Our Popular & Practical Project Plan

The Course Objectives

  • Review and understand the history to the SMCR and where it came from
  • To know and understand the key employee categorisations within your firm, SMFs, CR, non-approved and ancillary
  • Be able to evaluate your SMFs; who are they and what they need to know
  • Analyse your CPs and define who will be in this category
  • Apply the conduct rules to your firm and your organisation
  • Review the breach process and how to apply within your firm, as well as when and why
  • Know who to train and what
  • Understand the need for accurate regulatory referencing under SMCR
  • Appreciate the need for accurate, effective and reflective governance and how you run your business.
  • Gives You A Unique DIscount Opportunity by a Special Offer on Our Popular & Practical Project Plan

In Summary

Originally rolled out to the banking sector in 2016, the Senior Managers and Certification Regime (SMCR) is about to be extended to around 47,000 additional firms.

Beginning with insurance companies, from December 2018, and reaching asset managers and other regulated firms in December 2019.

The Financial Conduct Authority (FCA) is tightening up its rules, replacing the current Approved Persons Regime with the Senior Managers and Certification Regime (SMCR). The regime has already been operating in the banking sector for some time and will this year extend to all within the financial services sector.

This change will affect all FCA regulated firms including non-UK firms with permission to carry out regulated activities in the UK, and it will focus on three key areas:

  1. The Senior Managers Regime
  2. The Certification Regime
  3. Conduct Rules

SIGN UP NOW AT UDEMY.com

 

The implementation date has been set for the 9th December 2019

Target group

  • All staff within authorised firms will be in scope

  • Senior Manager Functions (SMFs)

  • Certified Persons (CPs)

  • Non-approved

  • Also strongly recommended for those who will be directly involved in the implementation; Compliance & HR.

What you’ll learn

  • Overview & journey to the SMCR
  • FCA SMCR Key Features
  • Senior Managers Regime – Explained
  • FCA Certification Regime
  • Conduct Rules – COCON
  • And More….

Are there any course requirements or prerequisites?

  • UK FCA Registered Individual or Firm

Who this course is for:

  • UK FCA Sole Regulated Financial Services Firms
  • UK FCA Sole Regulated Financial Services Individuals
  • UK FCA Firm Compliance Directors
  • UK FCA Firm Risk Directors
  • UK FCA Firm Directors
  • UK FCA Firm Compliance Managers

SIGN UP NOW AT UDEMY.com

 

33 Cryptocurrencies Described In Four Words Or Less

Bitcoin is the first blockchain based cryptocurrency and is the popular and most valuable one. The popularity of Bitcoin has given birth to hundreds of alternate crypto-currenies designed with various specifications and functions.

Some of these cryptocurrencies are clones of Bitcoins and few are forks. With so many cryptocurrencies out in the market, where new ones come out almost daily and old ones disappear seemingly.

In order to make a place and be considered as successful coin in the crypto market, these cryptocurrencies are ranked based on few criteria or values such as the market cap value, price, circulating supply of cryptocoins and maximum supply of crytocurrencies.

For more info please see https://mrbtc.org/about-33-cryptocurrencies/

 

KYC and AML – Suitable for all firms with AML responsibilities

The UK is one of the world’s largest and most open economies, whose strength is based on substantial and productive relationships around the world. Government Ministers have the responsibility for national security and financial services, so they want the UK to remain to be an appealing country for legitimate business and a leading global financial centre. But they also recognise that the UK’s openness and position as a global financial centre exposes it to the risk of illicit financial flows.

Money laundering and terrorist financing are important threats. Recent terrorist attacks in London, Manchester and elsewhere highlight the value of the fight to deprive terrorists of the resources they need. Serious and organised crime has been estimated to cost the UK tens of billions of pounds yearly. That is why we must continue to squeeze out dirty money, strengthening the UK’s security and prosperity as well as that of our partners overseas.

What makes Our Course Different?

  • We have been delivering KYC training for over 12 years and are proud to have been chosen by some of the world’s leading banks.
  • Your course director is an expert on the subject, has over 30years’ experience in the industry and has delivered highly successful programmes to financial services firms at all levels; from small partnerships, to medium sized firms and global giants
  • The course is packed full of interesting points and actual case studies making it highly engaging and very relevant
  • Our feedback from past delegates has always been excellent

Objectivesaml template fca mlr2017

  • Understand fully the requirements of MLR2017
  • Understand that good enough, seldom is
  • Appreciate that this is mandatory, not optional
  • Recognise the importance of a risk assessment
  • Recognise the critical role of a risk based approach
  • Be able to put in place a framework meet the regulatory requirements fully
  • Recognise that AML is a holistic process and needs to be embedded into culture and form part of doing business as usual
  • Recognise and be able to deal with the challenges of implementing an effective system

Content

  • Introduction – What is Money Laundering
  • Placement, Layering, Integration
  • How does this work in practice
  • The scale of the problem

Establishing a KYC framework

  • What should instittions have in place
  • Money Laundering Regulations 2017
  • Changes
  • General risk assessment
  • Risk mitigation policies
  • Level of due diligence
  • Reliance on third parties
  • PEPs
  • New Criminal Offence
  • Office for Professional Body Anti-Money Laundering Supervision (OPBAS)

What is KYC & CDD

  • Initial Risk Assessmnet
  • Risk based approach & Methodology
  • Risk driven controls
  • Material triggers
  • The customer lifecycle

The CDD process smcr project plan regulation buy now how do

  • KYC – getting to know the customer
  • IDV – checking what they say
  • SDD? Is it really viable?
  • EDD – more comprehensive client knowlede and due diligence
  • Ultimate Beneficial Ownership
  • Source of Wealth
  • Source of Funds
  • Regular review process

Remediation process – introducing new rules and requirements for the first time

  • How  Should CDD or EDD be applied
  • Using a risk based approach onlyl
  • How do we allocate the risk category
  • A typical Risk Assessment Methodology
  • Using the RAM in practice
  • The three plus two lines of defence model

Who needs to be subjected to KYC?

  • Onboarding and Review procedures
  • Using technology – a must for large volumes
  • Swim lines
  • Expetion report and alerts
  • The role of the second line of defence
  • The role of internal audit

Essential Elements of KYC Standards

  • Clear and user friendly procedures and guidelines
  • Customer acceptance policy
  • Customer identification policy
  • Guidelines for opening accounts
  • KYC for existing accounts – called “remediation” and needs to be managed well

Politically Exposed Persons

  • Definition – formal
  • Definition in practice
  • Why are they a special case
  • Mandatory high risk
  • UBO issues
  • Source of Wealth issues
  • Annual Review issues

Specific Identification & Verification Issues

  • Trust nominee and fiduciary accounts
  • Corporate vehicles
  • Complex Structures
  • Introduced business
  • Client accounts opened by professional intermediaries
  • Non face to face customers
  • Offshore accounts

Constructing the KYC Framework

  • Policies
  • Roles and Responsibilities
  • Senior Management and M.I. requirements
  • The MLRO (or equivalent) challenge!
  • Risk Assessments and Procedures

Implementing and Managing the Total KYC

  • Escalation
  • SAR’s & Whistleblowing
  • Due diligence (on-going)
  • Record keeping
  • Training
  • Monitoring
  • Reporting

Challenges with KYC & How To Control It

  • Staff & Client resistance
  • Embedding as part of the culture
  • Prevention & detection
  • Early warning systems
  • Controls, KPI & KRI

Course Summary, Open Forum, Close

Background of the Trainer

Course Director

Lee has worked with a range of organisations from smal start-ups through to FTSE100 companies, including foreign banks and institutions, many that have had difficulties identifying and managing compliance risk, and helped them develop effective, robust systems. He has adapted his experience to develop this course and supporting materials with the practical skills based focus. Lee’s skills, qualifications and experience make him ideal for supporting anyone wishing to develop top-class knowledge in the management of Anti-Money Laundering and Counter Terrorist Financing.

Course Summary

This is a highly interactive, user friendly and comprehensive workshop for both banks and other regulated institutions and practitioners alike. It covers the KYC procedures and systems that all regulated institutions must have in place and deals with the full range of clients from straightforward retail, to higher risk clients (including PEPs) and clients who use complex structures.

Who Should Attend

  1. Financial Institutions regulated by the FCA including those falling under EMI, PSD and MIFID.
  2. Anyone who onboards new clients for financial transactions as described under the MLR 2017.
  3. Anyone with an interest in the subject especially “Relevant persons” under the UK MLR 2017, i.e. Estate Agents etc, as below
  • Where previously only holders of a casino operating licence were covered by the regulations, they now pertain to all gambling providers
  • Trustees now have greater obligations in relation to revealing the beneficiaries of trusts
  • Those engaging in financial activity on ‘an occasional or very limited basis’ are not covered by the regulations. ‘Occasional or very limited’ is defined as:
    • annual turnover from financial activity of less than £100,000 (this figure was previously £64,000)
    • activity limited to transactions not exceeding EUR 1000 per customer
    • financial activity ancillary to a larger business
    • financial activity not more than 5% of the total turnover of the larger business
    • financial activity only offered to customers of the main business
Knowledge Pre-requisites
None required
from £250 pp – Minimum 5 persons

Format

  • Duration is as a full day classroom workshop – Your Venue or we can arrange local venue at additional cost.
  • Attendees can also purchase our AML & CTF Policy & Procedures Document at 50% discount

Call us on 0207 097 1434

Or complete the form below

[ninja_form id=7]

Senior Managers Regime Explained

Senior Managers & Certification Regime – A Practical Guide & Workshop

A ½ Day Course

SMCR has to embedded by 9th December 2019 – will yours be ready?

 

What Makes This Course Different?

  • Need a kick start to your SMCR project? well this workshop will equip you with everything you need to know and everything you need to do
  • Leveraging the trainers experience with the banking rollout we look to unpick the lessons to be learnt for the SMCR extension to all regulated firms
  • Packed with practical exercises to focus on the identification of key employees and what you need to do in the lead in to SMCR
  • Conduct rules; what are they, what do they mean & why do they matter?
  • Walk away with a clear plan of your next steps for your SMCR implementation

 

Objectives

  • Review and understand the backstory to SMCR and where it came from
  • To know and understand the key employee categorisations within your firm, SMFs, CP, non-approved and ancillary
  • Be able to evaluate your SMFs; who are they and what they need to know
  • Analyse your CPs and define who will be in this category
  • Apply the conduct rules to your firm and your organisation
  • Review the breach process and how to apply within your firm

 

Content

Overview and journey to the SMCR regime – briefly!

  • The backstory to SMCR; the Parliamentary Commission for Banking Standards (PCBS)
  • The regulatory reaction
  • The Fair & Effective Markets Review
  • The road to Implementation
  • Aims and Objectives of SMCR
  • What is the SMCR, what does it mean and why does it matter

 

Key Regime Features

  • The enhanced regime
  • The core regime
  • The limited scope regime
  • Overview of new staff categorisations

 

Senior Managers Regime

  • SMF categories
  • Prescribed responsibilities
  • Statement of responsibilities
  • Management responsibility maps
  • Duty of responsibility
  • Reasonable steps

Workshop

  • Map your own company statements of responsibility
  • Map your own responsibility map (Core & Limited)

 

Certification Regime

  • Significant harm functions
  • Fitness and Competency checks
  • Annual assessments
  • Self-certification
  • When to asses Fitness & Propriety
  • Regulatory references and why they need to be accurate

 

Conduct Rules

  • Individual conduct rules, what are they and how do they apply
  • Tier 2 Conduct rules for SMFs
  • Reasonable steps for SMFs

 

Breach Reporting

  • The link between disciplinary issues and conduct rule breaches
  • Breach reporting obligations to the FCA

 

What we can learn from Phase 1 of the banking roll out

  • What we can learn from banking experience to date
  • Transitioning to the SMCR
  • Taking Action

 

Background of the Trainer

Course Director

Lee has worked with a range of organisations from small start-ups through to FTSE100 companies, many that have had difficulties identifying and managing conflicts of interests, and helped them develop effective, robust systems. He has adapted his experience to develop this course and supporting materials with the practical skills-based focus. Lee’s skills, qualifications and experience make him ideal for supporting anyone wishing to develop top-class knowledge in the management of conflicts of interests.

Having been a freelance consultant and trainer for twenty years, your course director was appointed as a skilled person in 2012 and has conducted many audits, assessments, roll-outs and change management programmes from complaints programs, conduct risk frameworks, global risk frameworks, as well as having provided regulatory interpretation to investment banks, worked on many risk mitigation programs and set up banks.

 

Course Summary

Originally rolled out to the banking sector in 2016, the Senior Managers and Certification Regime (SMCR) is about to be extended to around 47,000 additional firms.

Beginning with insurance companies, from December 2018, and reaching asset managers and other regulated firms in December 2019.

The Financial Conduct Authority (FCA) is tightening up its rules, replacing the current Approved Persons Regime with the Senior Managers and Certification Regime (SMCR). The regime has already been operating in the banking sector for some time and will this year extend to all within the financial services sector.

This change will affect all FCA regulated firms including non-UK firms with permission to carry out regulated activities in the UK, and it will focus on three key areas:

  1. The Senior Managers Regime
  2. The Certification Regime
  3. Conduct Rules

The implementation date has been set for the 9th December 2019

Target group

  • All staff within authorised firms will be in scope
  • Senior Manager Functions (SMFs)
  • Certified Persons (CPs)
  • Non-approved
  • Also strongly recommended for those who will be directly involved in the implementation; Compliance & HR.

Format

  • Duration is as a half day classroom workshop
  • You can also purchase our 90+ point project plan at 50% discount!

Call us on 0207 097 1434

Or complete the form below

[ninja_form id=7]

PSD2 Regulatory Technical Standards – A Practical Guide

psd2 regulations security measures

PSD2 Regulatory Technical Standards – A Practical Guide & Workshop

A ½ Day Course

The PSD2 Requirements for SCA from September 2019 onwards

 

What Makes This Course Different?

  • We have been delivering training for over 20 years and this is one of our core competencies. We believe we are experts on this topic and having delivered training to a wide range of firms and businesses, we are certain we know the topic as well as anyone in the market place.
  • PSD2 RTS always seems to many to be a nebulous or esoteric subject that is only for board and senior management; we will show you everyday workplace examples or situations.
  • Your course director is a highly successful, qualified and experienced executive who will pass on past experiences and “war stories” generally to enhance the workshop and help bring it to life.
  • We do not use academics. All our trainers are highly experienced professionals with relevant qualifications and vocational experience in the real world.
  • We have delivered many core governance, risk and compliance courses over recent years and have a very clear understanding of what good and bad look like and the consequences, intended or not, of poor decision making.
  • Additionally, participant feedback informs us in both a precise and timely manner what the current dilemmas and challenges are.
  • We have developed highly interactive and very enjoyable case studies to enhance the learning points. All delegates report that these are a high point.
  • We are always judged by our results which speak for themselves and the feedback received from previous delegates has always been excellent.

Course Objectives

  • To be able to identify PSD2 RTS elements effectively in a timely, professional and first-class manner
  • To appreciate the regulators approach to PSD2 RTS and why it is critically important
  • To understand the legal and regulatory framework
  • To recognise the need for potential delays between customer, card issuer, and transaction authorisation due to PSD2 RTS requirements
  • To recognise good practice
  • To avoid lost business because of “timeouts”
  • Be able to define an effective and comprehensive PSD2 RTS category of SCA
  • Learn how to create and apply the best response for the 3 categories
  • Be able to create a clear and auditable method for managing PSD2 RTS to ensure transparency
  • Think like a compliance professional

Course Content

What are “PSD2 RTS”?

What

  • PSD2 RTS Intended Outcome (inc PSD2 RTS Key Date)

o   give customers the freedom to utilise qualified third parties — known as Account Information Service Providers (AISPs) or Payment Initiation Service Providers (PISPs) — to manage their finances

  • Who is impacted?

o   AISPs and PISPs would allow customers to do everything from viewing their account information across multiple banks to making payments — all within one platform. Does your Account Servicing Payment Service Providers (ASPSPs) provide a testing facility and make technical specifications available.

  • Strong Customer Authentication (SCA)?

o   Many retailers, hospitality providers and other types of merchants have very little, or no, understanding of this new requirement.

  • The Requirements

o   Specific action needs to be taken rapidly if you do not already have a SCA programme underway. The deadline will not be changed, and big consequences will be seen if no action is taken.

When

  • The Transactions

o   In order to authenticate a payer securely at least two factors have to be checked and these must come from two of the three defined categories

  • The Defined Categories

o   Knowledge, Possession and Inherence. Each category has a range of valid elements.

  • Face to Face Transactions

o   These have the ‘Possession’ factor and the PIN as a ‘Knowledge’ factor and so there will be less (but not zero) impact. These will be subject to Transaction Risk Analysis.

  • ECommerce Transactions

o   Each card issuer will make their own decision on which factors to use and for their cardholders to perform, so merchants and cardholders should expect different user experiences. What unattended transactions are exempted?

How

  • Risk Solutions

o   Various exemptions will be allowed, and merchants are encouraged to discuss these with their acquirer. We discuss the practical aspects of these elements.

  • Exceptions & Exemptions

o   What exemptions apply and when to use them. Not all transactions will require additional authentication. PSD2 provides a number of exemptions to SCA, which could result in minimising friction, abandoned carts and attrition in the customer payment journey.

  • Transaction Risk Analysis

o   A Transaction Risk Analysis (TRA) exemption is perhaps the most significant and broadly used exemption; when is it best to apply this exemption and how will the analysis be defined?

  • Workshop – SCA Method options.

o   Discussions and desktop exercises to identify testing and suitability of exemptions and SCA application.

Think as a Compliance Professional

  • right information and
  • right process in-place to comply
  • Documented audit trail

Course Conclusion

  • Summary, Open Forum, Wrap up

Background of the Trainer

Course Director

Lee has worked with a range of organisations from small start-ups through to FTSE100 companies, many that have had difficulties identifying and managing changes to legislation, and helped them develop effective, robust systems. He has adapted his experience to develop this course and supporting materials with the practical skills-based focus. Lee’s skills, qualifications and experience make him ideal for supporting anyone wishing to develop top-class knowledge in the management of PSD2 RTS’s.

Having been a freelance consultant and trainer for twenty years, your course director was appointed as a skilled person in 2012 and has conducted many audits, assessments, roll-outs and change management programmes from complaints programs, conduct risk frameworks, global risk frameworks, as well as having provided regulatory interpretation to insurance intermediaries through to investment banks, worked on many risk mitigation programs and set up retail banks.

Course Summary

PSD2 regulations is a staged approach for regulators to deal with the burgeoning array of reg tech apps being developed for a wide variety of reasons. Change on this scale has always appeared as a problem for Senior Management in the past. Following the banking crisis from 2008, and numerous data privacy breaches, as well as major frauds, transparency and clear audit trails have become even more important especially where customer data and third part access is key. PSD2 RTS Management is straightforward but the key element here is time. Work should have started a year or more ago, but if it is conducted in the right way today, you can still be in line to comply by the deadline.

It is the very culture of a firm that makes PSD2 RTS manageable or not. The accurate identification and reliable assessment of the potential impact, along with defined and practical procedures to take account of the new requirements, can make PSD2 RTS management effective, fair and compliant for those who create profits for all our businesses; the customers.

Call us on 0207 097 1434

Or complete the form below


Why Not Download our FREE Brochures – No Names, No Email Address, No Telephone, Just Download!

Compliance Consultant Intro  [sdm_download id=”5851″ fancy=”0″]
Compliance Risk & Soluitions [sdm_download id=”15512″ fancy=”0″]
FCA Enforcement [sdm_download id=”15510″ fancy=”0″]
Full Benchmarking or Annual Compliance Audit Gen Examples V1.2 [sdm_download id=”15508″ fancy=”0″]
Investment Due Diligence [sdm_download id=”15506″ fancy=”0″]
S166 Assistance Service [sdm_download id=”15504″ fancy=”0″]
Your Steps to GDPR [sdm_download id=”15502″ fancy=”0″]
Vulnerable Customers [sdm_download id=”15500″ fancy=”0″]

[ninja_form id=7]
×
Current Activity
×
Another Happy Client
×
Another Happy Client
×