Category Archives: Products & Services

Is the FCA creating a new category of customer with the Vulnerable Customer Guidance?

compliance specialist vulnerable conduct risk

Is the FCA creating a new category of customer with the Vulnerable Customer Guidance?

compliance consultants london vulnerable customers

One of the key elements of the FCA’s remit is ensuring consumers have an appropriate degree of protection. Specifically at this time and central to their role, includes protecting vulnerable consumers.

Protection of the most vulnerable is a sign of an advanced society, but not necessarily if it removes individual responsibility or deprecates the need for autonomous decision making in lieu of expensive and cossetting rules. What of the expense of a provider of products, who will then have to increase costs to meet the imposed procedures and standards for this “category” of consumer. Could this then exclude the most vulnerable and financially deprived even further of the services of the society it forms part of?
The Guidance (FG21/1-Guidance for firms on the fair treatment of vulnerable customers) identifies in the introduction that “When we (the FCA) consider our consumer protection objective, we have regard to the general principle that consumers should take responsibility for their choices and decisions. However, we know that there are very real factors that might limit their ability to do so.”
The FCA obviously want vulnerable consumers to experience outcomes as good as those for other consumers and receive consistently fair treatment across the firms and sectors they regulate. Does the existing Conduct Risk and Treating Customers Fairly initiative, fail to cover this already?
Further, the “vision” as stated in point 1.7 of the Guidance states “We want to see the fair treatment of vulnerable customers embedded as part of a healthy culture throughout firms, not just on the frontline but also in areas such as product development. Firms’ senior leaders should create and maintain a culture that enables and supports staff to take responsibility for reducing the potential for harm to vulnerable customers. They should ensure that firms embed the fair treatment of vulnerable customers in their policies and processes throughout the whole customer journey. We have seen some good examples where commitment comes from the top and where there is a culture of feedback and learning from the frontline.”
In FG 21/1 the FCA state We expect firms to provide their customers with a level of care that is appropriate given the characteristics of the customers themselves. The level of care that is appropriate for vulnerable consumers may be different from that for others and firms should take particular care to ensure they are treated fairly.
Does this then mean that there is a comparable category of customers (predominantly retail based) that are considered as vulnerable at various times, so they overlap with normal and embedded TCF treatment rom time to time. With recent statements that nearly one third of UK adults are “vulnerable” due to the pandemic, this then puts the onus on firms to draw up a raft of assessment tools to test the vulnerability of every consumer, customer or client they have contact with. This also lends itself to those who may not be “natural persons” and act on behalf of incorporated bodies or even associations of firms that may display signs of vulnerability. This is a “should” and cannot be ignored, thus, perhaps a seperate regimen of assessment is needed?
Throughout their document, the regulator uses terms like 
Must: where an action is required by a Principle or rule. (25 appearances)
Should: where we think a firm ought to consider a course of action (not specified in a Principle) to comply with a Principle, but that does not necessarily mean they should follow a detailed or prescribed course of action. (207 appearances)
May: where an action is only one of several ways of complying with a Principle. (203 appearances)
To be fair, the “Must” references are predominantly concerning the Data Protection applicable references. However, this makes the should, even more poignant.
In the guidance document, under customer service, it states that firms should; 
  • Set up systems and processes in a way that will support and enable vulnerable consumers to disclose their needs. Firms should be able to spot signs of vulnerability.
  • Deliver appropriate customer service that responds flexibly to the needs of vulnerable consumers.
  • Make consumers aware of support available to them, including relevant options for third party representation and specialist support services.
  • Put in place systems and processes that support the delivery of good customer service, including systems to note and retrieve information about a customer’s needs.
To ram home the point, in the TCF section the FCA state; “Under Principle 6 we expect firms to have management information (MI) or measures in place to test whether they are treating their customers fairly, including delivering the 6 TCF outcomes. The MI should demonstrate to firms and to us that they are consistently treating customers fairly and delivering the TCF consumer outcomes.” Regrettably in, in our experience as a consultancy, many firms that we have seen wildly inadequate or outdated MI, some that has not been refreshed with contemporary data!
So how much of this can be consider necessary and how much is proportionate? 
The answer to that needs to be looked at under the “Must” statement, such as the Principles for Business PRIN 1.2.1G states that the extent to which firms meet their requirements under Principles 6, 7 and 9 will depend, in part, on the characteristics of the customers concerned. The relevant interests and needs that firms must have due regard to and what is reasonable care in the relevant circumstances will depend on those characteristics. The way to establish those characteristics is then to assess them, which requires a full process to identify any vulnerability on all customers. Therefore this means that every firm must instigate the requirements without fail, whether they deal with any of the categories of customer, consumer or client.
The requirements, of course, are welcome for the treatment of vulnerable customers, and I know first hand of the abuse that firms engage in from a close relative of mine and their treatment. But the requirements do not end at the consumer. Firms are required to ensure that staff are fully GDPR trained as when handling data, it should be managed appropriately. The ICO is clear that consent is not always needed to process data.
Product design should cater for vulnerable customers, and that has been echoed through time under the TCF regime. Customer services, KYC onboarding etc are required to have available systems and processes in a way that will support and enable vulnerable consumers to disclose their needs. Firms “should” be able to spot signs of vulnerability, which means that if you don’t have the systems or procedures in place, you are not conforming to a “should”, whereby the FCA think a firm ought to consider a course of action (not specified in a Principle) to comply with a Principle. Further, to deliver appropriate customer service that responds flexibly to the needs of vulnerable consumers, another part of the “should” means you need a written process that can be switched into on identification of any area of vulnerability. Don’t forget, someone may be vulnerable under more than one area.
Every firm also needs to readdress their communications to customers and encapsulate the possibility of vulnerability, and inform them of all facilities available. With that, staff skills and capability needs to be considered and evidenced (SMCR reasonable steps as well as TCF). Firms are required to embed the fair treatment of vulnerable consumers across the workforce. All relevant staff should understand how their role affects the fair treatment of vulnerable consumers. Alongside that role responsibility, frontline staff have to be able to demonstrate the necessary skills and capability to recognise and respond to a range of characteristics of vulnerability. As a good employer, firms should also offer practical and emotional support to frontline staff dealing with vulnerable consumers. These areas are often lacking in most firms we encounter, but there is now guidance on what is required and the areas that need to be interrogated for ways to enhance your service.

Summary

Is the FCA creating a new category of customer with the Vulnerable Person Guidance? We would have to say no, but the impact of dealing with any customers, consumers or clients needs to be minutely investigated and areas for improvement identified. This would be a fairly major project for most firms, and the worst part is, if they don’t take external opinion, they will continue to choke on their own exhaust. 

info@complianceconsultant.org or call 0207 097 1434 to arrange an exploratory call.

compliance consultants london

Training & Competence – T&C

Training & Competence – T&C

Training & Competence t&c

The importance of this section cannot be under stated. Due to the changes in this area and post-Brexit potential changes, we consider it prudent to provide a link to the FCA Handbook https://www.fca.org.uk/firms/training-competence 

Additionally, you may find these points useful;

How are individual training needs identified and by whom?
Identifying the training needs for each role in the T&C scheme should start with the professional knowledge / qualifications required of that role. Professional bodies like the CII (Chartered Institute of Finance) and Chartered Institute for Securities and Investment (CISI) run both training programmes and provide qualifications. A second source of guidance is your professional trade body. Many trade bodies host interest groups on T&C that will enable networking and the opportunity to benchmark with other similar organisations. The third source of guidance should be your internal HR team. If you don’t already have the competency requirements defined for the roles in the T&C scheme, they should have the expertise to help you define what these are. HR should be a key resource for guidance on the competency requirements of each role beyond the core set of professional knowledge / qualifications. Once defined for each role, these competency frameworks form the basis for the identification of training needs that should be aligned by role. All that remains then is to organise any training needs in a logical sequence. On a final note, training needs can arise at any time and a key part to effective identification is supervisors who are trained and capable of not only spotting training needs but providing appropriate support to resolve them.
How are the learning objectives, timescales, responsibilities and measurements set defined for each training need identified?
This depends on the nature of the training needs. There is a great deal of discretion for firms to decide how they define and subsequently deliver their training. Professional bodies usually set annual standards for continuing professional development (CPD) for their members and many firms will also have their own in-house expectations too. These CPD requirements will often be split into structured versus unstructured learning. In fact, the FCA requires that retail investment advisers need to complete 35 hours of CPD each year. Successful completion of this CPD enables the individual to retain their Statement of Professional Standing (SPS). Beyond the CPD targets set by professional bodies, firms can and do set their own CPD requirements. This should be linked to the required measurements and timescales and be evidenced as part of the T&C Scheme arrangements.
In essence, any training identified should be noted via a SMART training plan that allows anyone looking at an individual’s development to be able to see when the need was identified, how will it be met and, when it is met, how will the change be measured.
What is in place to ensure training remains effective and up to date?
Training plans should be subject to regular review. There should be corporate training input that is managed by a central training team and typically will cover the provision of e-learning together with behavioural type inputs such as selling skills, handling difficult clients etc. Then you have the localised training that will tend to be managed by the T&C Supervisor. This is where small needs are identified through other T&C activities and then localised on the spot training is delivered to meet the need.  The trick here though is once again for a well-trained supervisor who can identify, manage and deliver against these needs, ensuring of course that everything is documented on the individual’s records, because if you can’t evidence it then in the eyes of the regulator it didn’t happen.
Who is responsible for ensuring training is timely, appropriate and evaluated?
At a localised level it is the T&C supervisor that needs to cater for the needs of the individual through either 1:1, group or referred training. Each training intervention should be evidenced through some type of Training Event Record that details what the training need is, what the proposed solution is and how this will be taken into the workplace. A structured approach of this nature then allows the T&C Scheme activity to be reviewed by the most senior overseer of the scheme to help ensure that training needs are either being met in the field or referred where a more formalised response is required.
How is training evaluated and by whom?
Who takes responsibility for making assessments about the competence and capabilities of individuals will vary across different organisations. However, responsibility for evaluating the effectiveness of training tends to fall to the staff member’s immediate line manager, dedicated T&C supervisors or, in some cases, a mix of both. Because whilst training is the input, the most effective way of evaluating its success is looking at the output and that means reviewing the individual whilst operational in role. The T&C scheme should define who assesses what activities and training will typically be evaluated at the point of delivery (by the training team) and at the point of use by the supervisory team.

If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on 0207 097 1434 or email info@complianceconsultant.org.

This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

Why Is Document Version Control So Important?

Why Is Document Version Control So Important?

london compliance specialists regulatory PRA FCA

 

Why is Version Control Important?

Version control is important when documents are being created, and for any records that undergo a
lot of revision and redrafting or annual reviews. It helps us to track changes and identify when key decisions were
made along the way. It is particularly important for electronic documents that are being reviewed
by a number of different users.

Knowing which version of a document you are looking at is important if you are trying to find out which version of a policy is currently in force, or which version of a policy was in use at a particular time. It forms good records keeping practice which is particularly important in meeting our obligations under the Freedom of Information Act.

Aim
The aim of this document is to provide best practice guidance for applying version control to
different types of document at the University of Nottingham. This guidance covers best practice use
of:
1. File Naming conventions
2. Version Numbers
3. Version Control Tables
4. Document control Tables

File Naming Conventions
At the simplest level you can use file naming conventions to identify the version of a document. Use
the file name of the document to determine both the version and status alongside the subject , for
example:

DRAFT
Records Management Policy Draft v0.1

Records Management Policy Draft v0.3

PUBLISHED

Records Management Policy v1.0

Records Management Policy v1.1 (note: first revision – minor)

Records Management Policy v2.0

Remember to update the version number on the file name as well as the header (or footer) of the
document itself. It is easy to update a document and forget to rename the version number on either
the file name or the document which can lead to confusion.

Unless you don’t need to keep previous versions of the document, always save updated versions as
‘Read-only’ tag to ensure you are forced to create a new version the next time to go to update it.

File naming conventions alone will not tell you who made the change and what the change was. If it
is important to record this information use a version control table.

Version Numbers
Version numbering helps to distinguish one version of a document from another. For some
documents, you may decide that a simple numbering system consisting of consecutive whole
numbers is sufficient to help you keep track of which version you are working on. However,
documents that go numerous stages of development before a final version is reached, and for those
that are developed through input by multiple individuals, you may decide to adopt version numbers
to keep track of both minor and major changes to that document.

Minor Revisions
Minor revisions are small changes made to a document such as spelling or grammar
corrections, and other changes that… Minor revisions to a document are reflected by making
increments to the decimal number.

Major Revisions
Major revisions are changes to a document that require the document to be re-approved
(either by an individual or a group). Major revisions are reflected by incrementing the whole
number by 1.

document control version control

compliance consultants london fca authorisations

document control version control

Remember – when electronically storing documents, it is often best practice to include the date at the front in reverse, as computers store files incrementally. So – 1st March 2021 becomes 20210301.

 

If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

0207 097 1434 or email info@complianceconsultant.org.

This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

FCA Fine? You may be in good company!

Compliance Monitoring Plan template

FCA Fine? You may be in good company!

Penalties for regulatory compliance breaches can be eye-watering in scale.

2020 largest Fines
1. Goldman Sachs International (fined £97m)
PRIN 2 and PRIN 3 breaches – Risk management failures

2. Lloyds Bank, BoS & The Mortgage Business (fined £64m)
PRIN 3 & 6 breaches – Poor handing of mortgage customers

3. Commerzbank (fined £37.8m)
PRIN 3 breaches – AML failings

4. Barclays (fined £26m)
PRIN 6, PRIN 3, and CONC rules breaches – unfair treatment of customers in the Retail Banking sector

5. Charles Schwab (fined £8.96m)
PRIN 10 and 11, CASS and Section 20 FSMA breaches – Safeguarding and Compliance Issues

6. Moneybarn (fined £2.8m)
PRIN 6 & 7 and CONC rules breaches – Unfair treatment of customers

How could these fines have been avoided?

The FCA’s ‘Principles for Business’ (PRIN) set out the fundamental obligations for firms under the regulatory regime.

According to the FCA principle 3, a firm ‘must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems’.

This refers to a firm’s:

  • Robust governance arrangements – rules, practice and processes. How Can We Help? We can review your arrangements.
    Skills, knowledge and expertise of staff – in other words train people!
  • Outsourcing responsibilities – know your suppliers and make sure they are compliant. How Can We Help? We can review your arrangements.
  • Reasonable steps – under SMCR you need to ensure you have decision making fully and appropriately records. How Can We Help? We can review your arrangements.
  • Record-keeping – keep records, and make sure they are accurate and up-to-date. How Can We Help? We can review your arrangements.
  • Conduct Risk – keep records of any T&C breaches, mis-selling, product design etc. How Can We Help? We can review your arrangements.
  • Conflicts of interest – keep a compliance register to avoid issues. How Can We Help? We can review your arrangements. 

The FCA will identify potential or actual consumer harm caused by the actions of firms or markets and take action to address that conduct. These penalties should act as a clear warning to any companies who aren’t taking financial compliance as seriously as they should be.

If you would like to have any of your processes, files, procedures, governance or strategy planning reviewed, in confidence, we can be contacted on the above number. Or, just complete the form below.


     

    Fca Principles For Business Conflicts Of Interest, Fca Principles For Business Rules, Fca Principles For Business Smcr, Fca Principles For Business Sourcebook, Fca Principles For Business Tcf, Fca Principles For Business Treating Customers Fairly, Principles For Business, Principles For Business Sustainability, Principles For Business Vulnerable Customers

    PSD2 Guide To Safeguarding & Wind Down Planning

    Compliance consultants london - failure - wind down planning

    PSD2 Guide To Safeguarding & Wind Down PlanningCompliance consultants London - PSD2 Safeguarding & Wind Down

    Download Our FREE Guide By Completing The Form Below!

      compliance consultants london

      Treating Customers Fairly – TCF Checklist

      Treating Customers Fairly – TCF

      Treating Customers Fairly TCF Checklist

      The FCA no longer carries out TCF specific visits, however this does not mean that they think it is any the less important. It does mean that by now they expect the principles of TCF to be embedded in all firms and to be the bed rock of their business models. The principle is to ‘put the customer first’ in everything which we do. Therefore, if during a visit or an interview they get the impression that TCF is no longer a priority, they will certainly investigate further and this is where you will need FCA compliance consultant by your side.

      TCF applies to both Product Providers and Intermediaries. Broadly, the Regulator intends that:

      Product Providers should ensure that:
      • their products are appropriately designed for the target market
      • the marketing material is clear, fair, not misleading, and likely to be understood easily by those reading it
      • the product should perform according to the expectations given
      An Intermediary’s primary responsibility is to ensure that:
      the customer has all appropriate information in an understandable format, which means;
      For advice sales:
      • the clients’ attitude to investment risk and capacity for loss has been properly established
      • the product is suitable for the customer
      • the product is affordable
      • the post sales service meets the expectations created
      The TCF exercise, which all regulated firms should undertake no less than annually, is essentially a “Gap Analysis.” For the purposes of Risk Management, the FCA expectations could be broken down into 6 key areas:
      1. Senior Management Responsibilities
      2. Communication with Clients
      3. The Advice Process
      4. The Post Advice Process
      5. Disclosure and Payment for Services
      6. Staff Competence
      The following is a non-exhaustive list for your guidance.
      The TCF Outcomes Management Statement
      • TCF is central to our corporate culture
      • Senior management can demonstrate how TCF is embedded in our business strategy
      • The fair treatment of customers is central to our Firm’s culture
      • Senior management practice what they preach and re-inforce TCF on a day to day basis
      • Senior management have undertaken a TCF audit / gap analysis
      • An action plan has been agreed and is/has been implemented
      • Critical elements of TCF are included within our MI. This is regularly reported and acted on
      • Staff routinely share best practice and can explain what TCF looks like to them
      • Adherence to TCF practices are rewarded
      • Remuneration policy and staff rewards support TCF
      • Actions taken demonstrate adherence to TCF obligations are recorded
      • Feedback processes are in place to gauge client satisfaction
      • Responsibilities for TCF are clear, e.g. for taking action, monitoring results / identifying improvement areas
      • Staff are engaged, motivated and trained in what TCF means
      • Everyone within the business is truly client focused
      • All our people are well trained for the roles they perform
      Products and services marketed….meet the needs of identified customer groups and are marketed accordingly 
      • Advisers are able to identify target markets for specific products
      • Financial promotions are regularly reviewed for relevance and clarity
      • Advisers/managers demonstrate their knowledge of products
      • The sign-off process for advertising and promotions is rigorous
      • We are confident in our expertise to recommend and manage in our chosen markets
      • Our promotions are targeted to ensure they are aimed at the right clients
      Consumers are provided with clear information and are kept appropriately informed before, during and after the point of sale
      • TCF principles are reflected within T&C documentation, e.g. observation form
      • Content of documentation is not overly technical, e.g. suitability letter
      • Clients can clearly see the advice given and why, e.g. it isn’t buried in other documentation
      • Clients always understand the benefits of the advice / products recommended
      • Clients always understand the limitations and risks associated with the advice / products recommended
      • Documentation (such as suitability letters) are always tailored to individual clients
      Advice is suitable and takes account of their circumstances
      • Attitude to risk is clearly identified, understood by the client, documented, and matched by recommendations
      • Advice covers, where appropriate, non-income earning recommendations, e.g. National Savings, utilizing IHT annual allowance, repayment of debt
      • Soft facts are always collected on the fact find — not only what, but why?
      • Knowledge of adviser / supervisor products and associated advice areas is spot on —this is current and has been objectively assessed
      • There is no sales bias
      • Clients fully understand the status of the adviser and clearly understands the merits of the different remuneration methods
      • `Know your customer’ requirements are fully documented, e.g. limited advice or `client not prepared to disclose’ are the exception rather than the rule
      • We take time to understand our clients’ needs
      • We regularly review our stance on investment and technical issues
      • The fact find document readily captures all of the information we need about the clients circumstances for us to fully advise them.  
      Consumers are provided with products that perform as firms have led them to expect and the associated service is both of an acceptable standard and as they have been led to expect
      • Advice process includes a measurement of client satisfaction
      • Service standards (where agreed with a client) are met, e.g. time to write a report
      • Ongoing client reviews are always conducted as agreed with the client
      • Advice to existing clients is always the same as that to potential new clients, e.g. some advisers would not now recommend WP investments to new clients — what do we do about existing clients with WP investments?
      • Client reviews / contact methods are established with each client
      • Whatever client contact is agreed, this is followed through for both new and existing clients
      • Information is reviewed for relevance, accuracy, and clarity
      • Ensure clients expectations match provider service
      • Clients regularly complement us on our service
      Consumers do not face unreasonable post-sale barriers imposed by firms to change product, switch provider, submit a claim or make a complaint 
      • Complaints data / client feedback is reviewed to identify TCF issues
      • Staff and advisers know what a complaint is defined as and what to do when one is received
      • Service standards are in place and adhered to
      • Complaints investigated in a impartial manner without confrontation
      • Complaints processes in place and regularly reviewed (as applicable)
      • All client data is accurate, up-to-date, easy to use and accessible
      • Our database enables most client queries to be dealt with by support staff
      • Our software supports the main advice and business process

      If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

      0207 097 1434 or email info@complianceconsultant.org.

      compliance consultants london
      This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

      Compliance Bench-Mark Check: Annual Policy Review

      Annual Policy Review

      Annual Policy Review

      Best practice for all governance is at least an annual review of policies and Terms of Reference. Policies should be reviewed by the policy owner and submitted for republishing to the Board/Partners in good time. The updated policies should then be uploaded somewhere centrally (we can help with this) to create a single version of the truth copy. Version control needs to be maintained.

      The review should cover at least;-
      Identification
      • Policy Owner TITLE
      • Review frequency Annual
      • Responsible for document management
      • Next Review Due Date TITLE 
      • Date
      • Security classification Restricted
      • Version control updated with salient changes?
      Content Questions
      • Is the policy consistent with the core values and principles, mission and strategic plan of the firm? YES/NO
      • Have there been deviations from the policy over the past year? If yes, were there a sufficient number to consider revising the policy? YES/NO
      • Are there ambiguities in the policy statement? Are there questions arising from this policy? (if yes, perhaps the policy needs rewording for greater clarity) YES/NO
      • Does the policy comply with current legislation? YES/NO
      • Have you amended to include any practices that may have been adopted (due to limitations or resource shortfalls) to ensure they are consistent with the policy statement? i.e., heuristics, short-cuts, workarounds. YES/NO
      • Checked for any contradictions within the policy statement? YES/NO
      • Checked for conflicts or contradiction of other policies? YES/NO
      • Is the policy consistent with current technology? YES/NO
      • Is language within the policy statement current? YES/NO
      • Is the policy consistently interpreted? YES/NO
      • Are the related procedures relevant and up to date? YES/NO
      • Is the scope (i.e., to whom or what it applies) accurate? YES/NO
      If there are any “No” answers, please review and amend the policy and/or procedures accordingly.

      If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

      0207 097 1434 or email info@complianceconsultant.org.

      Compliance Benchmark Audit and Projects
      This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

      The Importance and Value Of The MLRO’s Report

      MLRO ANNUAL REPORT COMPLETION

      importance-of-MLRO-Annual-Reports

      The Financial Conduct Authority (FCA) have specific regulatory rules and requirements set out in the ‘Senior Management Arrangements, Systems and Controls (SYSC)’ section of their handbook, which relate to financial crime and specifically anti-money laundering officer, controls, measures and audits. SYSC 6.3.7 also specifies that the appointed Money Laundering Reporting Officer (MLRO) is to ensure the appropriate provision of information to its governing body and senior management, including a report, at least annually, on the operation and effectiveness of the systems and controls put into place to enable it to identify, assess, monitor and manage money laundering risk.

      The MLRO has to produce an annual MLRO Report which is provided to Senior Management and made available to any regulating or governing body where applicable and/or requested. The report seeks to ensure the efficiency, effectiveness and adequacy of the AML/CFT measures, controls and systems in place and details any breaches, SAR’s, improvements and actions within the reporting period. 

      MONEY LAUNDERING REPORTING OFFICER (MLRO) ANNUAL REPORT 
      NOTE: We have compiled a list of the sections and just a few of the questions that we feel should be included on this annual MLRO Report – however it is essential that you add to and/or amend/expand the sections to ensure that they take into account the size, scope and scale of your business. Some areas have been removed for the sake of brevity. If you want assistance in designing your reports more effectively and comprehensively, lease contact us.
      1. Company Details
      MLRO Name:
      Date Report Compiled:
      2. Systems & Controls
      a. Are the AML/CFT policy and procedure documents up-to-date? YES/NO 
      b. Are they adequate to meet the firm’s needs & mitigate financial crime risks? YES/NO
      c. Are they effective in meeting the regulatory & legal rules & requirements? YES/NO
      d. Detail any areas where the firm’s AML policies, procedures, systems and/or controls should be improved, and proposals for making appropriate improvements?
      e. Do the existing controls and measures ensure that your firm can identify, assess, monitor and manage money laundering risk? YES/NO 
      f. Are client identification procedures effective and adequate? YES/NO
      g. Have due diligence checks been completed & retained for all new clients? YES/NO
      h. Are your Risk Management policies and procedures up-to-date? YES/NO 
      i. Are they adequate to meet the firm’s needs & mitigate financial crime risks? YES/NO
      j. Are they effective in meeting the regulatory & legal rules & requirements? YES/NO
      3. Breaches & Reports
      a. How Many Internal Suspicious Activity Reports (SAR’s) Were Completed?
      b. Number of SAR’s Passed to the FCA/NCA?
      c. Number of SAR’s NOT Passed to the FCA/NCA?
      d. Were there any breaches of internal AML/CFT policies and/or procedures? YES/NO
      e. Were there any breaches of FCA regulations with regards to AML/CFT? YES/NO
      f. Were there any breaches of regulations/laws regarding AML/CFT YES/NO
      4. Training & Assessments
      a. Has appropriate and effective Financial Crime and AML training been provided to all employees and associated personnel? YES/NO
      b. Have all training materials been reviewed for compliance with current laws, regulations and legislation? YES/NO
      c. Are employees asked for feedback on the training content and delivery? YES/NO
      d. Are assessment test papers used to test AML knowledge and understanding? YES/NO
      e. What was the date of the last content update/review for training materials?
      f. Have all staff received the training within the past 6 months? YES/NO
      5. Due Diligence & High-Risk Clients
      a. Is a due diligence checklist and questionnaire used for all new customers? YES/NO
      b. Are adequate/effective background checks performed on all new customers? YES/NO
      c. Are adequate/effective background checks performed for all new employees?    YES/NO
      d. How many customers does the firms have that it categorises as ‘high-risk’? 
      6. Due Diligence & High-Risk Clients
      a. Are adequate/effective monitoring and audit procedures and controls in place? YES/NO
      b. Based on the audit and monitoring outcomes, are the AML/CFT controls and measures deemed to be comprehensive and proportionate?    YES/NO
      c. Are transaction monitoring processes adequate and effective? YES/NO
      d. Were ‘Source of Funds’ checks carried out on all transactions over £10,000?YES/NO
      7. Summary
      Do they summarise any regulatory/legislative changes during the reporting period and their impact on the firm’s systems, controls and measures?
      Do they summarise any impending and/or future regulatory/legislative changes that could impact the firm’s systems, controls and measures and suggestions for actions and/or mitigations?
      Do they indicate changes in activity and elements of the business that have had implications for money laundering controls?

      If you need to create, review or execute your Governance, Risk or Compliance strategy, call us today on

      0207 097 1434 or email info@complianceconsultant.org.

      compliance consultants london
      This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

      Key Committee Meeting Minutes

      Key Committee Meeting Minutes

      compliance consultant-compliance consultants-fca compliance consultants-committee minutes

      Committee minutes are important as they show the data and information available and presented, decisions made, responsibles for the actions agreed and timescales. Compliance Consultant will assess and grade the effectiveness and any errors, anomalies and inconsistencies for you to rectify your procedures.

      Plan your meetings effectively by
      • Setting dates well in advance to maximise the number of members available to attend (and sending a reminder notice);
      • Clarifying the purpose or focus of the meeting;
      • Ensuring that staff and financial reports are concise and comprehensible;
      • Ensuring conflicts of interest are declared;
      • Ensuring that minutes and agreed actions from the previous meetings are circulated.  Click here to download suggested format for Minutes;
      • Ensuring that all papers are circulated well in advance;
      • Agreeing the meeting agenda in advance.
      • Identifying which agenda items require a decision and which are for information or discussion; and
      • Purpose of meetings.
      • Planning your Management Committee meetings easier if the purpose of each meeting is clear.
      Management Committee meetings are for:
      • Monitoring and reviewing progress towards meeting the aims of the organisation;
      • Monitoring financial performance;
      • Ensuring all activities are consistent with the organisation’s purpose and mission;
      • Considering applications for membership of the organisation;
      • Planning annual general meetings;
      • Initiating and reviewing internal and external policy positions and statements;
      • Deciding on management and governance systems and processes;
      • Deciding the most appropriate methods of funding raising and considering applications for funding;
      • Delegating work;
      • Discussing and making decisions on new proposals;
      • Planning for the future and identifying new opportunities;
      • Delegating work; and
      • Deciding on appropriate staffing requirements, staff terms and conditions.
      • However, each individual meeting may focus on one or two issues.  Is there one or more development or proposal which requires a decision?  Should the financial report or the staff report be considered early in the meeting because it was at the bottom of the agenda at the last meeting and did not receive sufficient attention.
      A well planned agenda should clearly communicate the purpose and objectives of the meeting.
      Effective chairing
      Chairing is a key factor in the effectiveness of meetings.
      The role of the Chair is to direct discussion of the Committee, ensuring that the objectives of the meeting can be met, and that the Committee effectively fulfils its responsibility in consideration of the items on the agenda.  This involves ensuring that you are well briefed about each agenda item and that:-
      • decisions are taken, recorded and carried out;
      • the organisation’s policies are applied;
      • there is full participation;
      • the agenda is followed; and
      • there are time limits for the meeting as a whole and for agenda items.

      Meeting Minutes Best Practice

      Minutes should be including;
      1. Title of Meeting
      2. Date, Time, Venue
      3. People present
      4. Apologies for absence
      5. Conflicts of Interest
      6. Corrections to minutes of previous meetings
      7. Actions relating to previous meetings (sometimes referred to as matters arising)
      8. Items on the agenda
      9. Items to be discussed and decided
      10. Date, time and venue of the next meeting

      If you need to create, review or execute your Governance, Risk or Compliance strategy, call us today on

      0207 097 1434 or email info@complianceconsultant.org.

      fca authorisation specialists
      This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

      Audit Committee Minutes Sample, Board Committee Minutes Template, Committee Minutes, Committee Minutes Best Practices, Committee Report Minutes, Risk Committee Minutes, Risk Committee Minutes Template

      Compliant Financial Promotions – Advertising

      Compliant Financial Promotions – Advertising

      compliance consultant-compliance consultants-fca compliance consultants-financial promotions

      When it comes to financial promotions, any regulated business should know that it’s not just the end result that’s important. The promotion’s review process and sign off procedure – and the audit trail created as a result – are all equally relevant when it comes to regulatory requirements.

      Below we examine how to make sure your record retention for financial promotions meets the FCA’s requirements.

      What does the FCA say about financial promotions record-keeping?
      The FCA is quite prescriptive when it comes to record retention for financial promotions. The regulators Code of Business Sourcebook (COBS) 4.11 states that:
      • A firm must make an adequate record of any financial promotion it communicates or approves, other than a financial promotion made in the course of a personal visit, telephone conversation or other interactive dialogue.
      • Any promotion made during a personal visit, or over the phone, is considered a ‘real time’ promotion by the regulator and is subject to different rules.  The exception to the telephone rule is telemarketing, where conversations are more structured and planned, and where firms must keep ‘an adequate record’ of any scripts used.
      What do we need to keep records of?
      A log should be kept of all financial promotions approvals. This needs to include quite a large amount of information.
      As a minimum, you need to record: 
      • A unique log item number or identifying reference number for each financial promotion
      • The name of the campaign, campaign item or individual financial promotion
      • A description of the product(s) in question
      • The name of the promotion’s owner/ originator
      • The date
      • Details of the media to be used
      • The name of the person providing Compliance sign off
      • The date final approval was given by the approved person
      • The name of the approved person providing final approval
      • Adequate space for notes, comments or cross-referencing
      • The expiry date or review date for the promotion
      Is there anything else it would be good to include?
      For larger firms, you might also want to include additional optional information, such as:
      • The date of sponsor sign off
      • The date of marketing sign off
      As well as the financial promotions log, you should keep copies of the promotion and any related documents. These need to be easily accessible for anyone who might need to look at them.
      The sorts of things you need to keep copies of include: 
      • A copy of the final approved item, with evidence of approval from your Compliance/Quality Assurance team. This approval can be either in the form of a manual or electronic signature/reference number
      • A Marketing approval form, showing sign-off from an appropriately authorised member of the Marketing team
      • Any relevant documentation, e.g:
      • Substantiation / rationalisation for any claims
      • Suitable evidence of any facts, figures or options used
      • Signed consent from anyone providing endorsements or testimonials
      • Product details (if applicable)
      Is that everything?
      The FCA’s COBS 4.11 says that ‘A firm should consider maintaining a record of why it is satisfied that the financial promotion complies with the financial promotion rules.’  So this is worth thinking about. It may help you if in future you need to defend the decision you made to sign off a particular financial promotion.
      How long should we keep financial promotions records?
      For most financial promotions, the FCA’s COBS 4.11 states that records should be kept for three years. There are quite a number of exceptions to this, though: 
      • If a financial promotion relates to a pension transfer, pension conversion, pension opt-out or FSAVC, it needs to be kept indefinitely
      • If it relates to a life policy, occupational pension scheme, SSAS, personal pension scheme or stakeholder pension scheme, it needs to be kept for six years
      • If it relates to MiFID (the Markets in Financial Instruments Directive) or ‘equivalent third country business’, it needs to be kept for five years.
      Can records be kept electronically?
      It doesn’t matter if these records are kept in paper form or in electronic or scanned form, provided that the scanned or electronic items are easily accessible, can be printed and are regularly backed up.

      If you need to create, review or execute your Governance, Risk or Compliance strategy, call us today on

      0207 097 1434 or email info@complianceconsultant.org.

      compliance consultants london
      This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

      Fca Financial Promotions Examples, Financial Promotions, Financial Promotions Cobs, Financial Promotions Compliance, Financial Promotions Conc, Financial Promotions Examples, Financial Promotions Order 2001, Financial Promotions Rules, Financial Promotions Should Always Be, Financial Promotions Sign Off Process, Financial Promotions Uk, Financial Services Promotions, Uk Financial Promotions Rules

      ×
      Current Activity
      ×