Category Archives: Senior Managers & Certification Regime (SMCR)

Is the FCA creating a new category of customer with the Vulnerable Customer Guidance?

compliance specialist vulnerable conduct risk

Is the FCA creating a new category of customer with the Vulnerable Customer Guidance?

compliance consultants london vulnerable customers

One of the key elements of the FCA’s remit is ensuring consumers have an appropriate degree of protection. Specifically at this time and central to their role, includes protecting vulnerable consumers.

Protection of the most vulnerable is a sign of an advanced society, but not necessarily if it removes individual responsibility or deprecates the need for autonomous decision making in lieu of expensive and cossetting rules. What of the expense of a provider of products, who will then have to increase costs to meet the imposed procedures and standards for this “category” of consumer. Could this then exclude the most vulnerable and financially deprived even further of the services of the society it forms part of?
The Guidance (FG21/1-Guidance for firms on the fair treatment of vulnerable customers) identifies in the introduction that “When we (the FCA) consider our consumer protection objective, we have regard to the general principle that consumers should take responsibility for their choices and decisions. However, we know that there are very real factors that might limit their ability to do so.”
The FCA obviously want vulnerable consumers to experience outcomes as good as those for other consumers and receive consistently fair treatment across the firms and sectors they regulate. Does the existing Conduct Risk and Treating Customers Fairly initiative, fail to cover this already?
Further, the “vision” as stated in point 1.7 of the Guidance states “We want to see the fair treatment of vulnerable customers embedded as part of a healthy culture throughout firms, not just on the frontline but also in areas such as product development. Firms’ senior leaders should create and maintain a culture that enables and supports staff to take responsibility for reducing the potential for harm to vulnerable customers. They should ensure that firms embed the fair treatment of vulnerable customers in their policies and processes throughout the whole customer journey. We have seen some good examples where commitment comes from the top and where there is a culture of feedback and learning from the frontline.”
In FG 21/1 the FCA state We expect firms to provide their customers with a level of care that is appropriate given the characteristics of the customers themselves. The level of care that is appropriate for vulnerable consumers may be different from that for others and firms should take particular care to ensure they are treated fairly.
Does this then mean that there is a comparable category of customers (predominantly retail based) that are considered as vulnerable at various times, so they overlap with normal and embedded TCF treatment rom time to time. With recent statements that nearly one third of UK adults are “vulnerable” due to the pandemic, this then puts the onus on firms to draw up a raft of assessment tools to test the vulnerability of every consumer, customer or client they have contact with. This also lends itself to those who may not be “natural persons” and act on behalf of incorporated bodies or even associations of firms that may display signs of vulnerability. This is a “should” and cannot be ignored, thus, perhaps a seperate regimen of assessment is needed?
Throughout their document, the regulator uses terms like 
Must: where an action is required by a Principle or rule. (25 appearances)
Should: where we think a firm ought to consider a course of action (not specified in a Principle) to comply with a Principle, but that does not necessarily mean they should follow a detailed or prescribed course of action. (207 appearances)
May: where an action is only one of several ways of complying with a Principle. (203 appearances)
To be fair, the “Must” references are predominantly concerning the Data Protection applicable references. However, this makes the should, even more poignant.
In the guidance document, under customer service, it states that firms should; 
  • Set up systems and processes in a way that will support and enable vulnerable consumers to disclose their needs. Firms should be able to spot signs of vulnerability.
  • Deliver appropriate customer service that responds flexibly to the needs of vulnerable consumers.
  • Make consumers aware of support available to them, including relevant options for third party representation and specialist support services.
  • Put in place systems and processes that support the delivery of good customer service, including systems to note and retrieve information about a customer’s needs.
To ram home the point, in the TCF section the FCA state; “Under Principle 6 we expect firms to have management information (MI) or measures in place to test whether they are treating their customers fairly, including delivering the 6 TCF outcomes. The MI should demonstrate to firms and to us that they are consistently treating customers fairly and delivering the TCF consumer outcomes.” Regrettably in, in our experience as a consultancy, many firms that we have seen wildly inadequate or outdated MI, some that has not been refreshed with contemporary data!
So how much of this can be consider necessary and how much is proportionate? 
The answer to that needs to be looked at under the “Must” statement, such as the Principles for Business PRIN 1.2.1G states that the extent to which firms meet their requirements under Principles 6, 7 and 9 will depend, in part, on the characteristics of the customers concerned. The relevant interests and needs that firms must have due regard to and what is reasonable care in the relevant circumstances will depend on those characteristics. The way to establish those characteristics is then to assess them, which requires a full process to identify any vulnerability on all customers. Therefore this means that every firm must instigate the requirements without fail, whether they deal with any of the categories of customer, consumer or client.
The requirements, of course, are welcome for the treatment of vulnerable customers, and I know first hand of the abuse that firms engage in from a close relative of mine and their treatment. But the requirements do not end at the consumer. Firms are required to ensure that staff are fully GDPR trained as when handling data, it should be managed appropriately. The ICO is clear that consent is not always needed to process data.
Product design should cater for vulnerable customers, and that has been echoed through time under the TCF regime. Customer services, KYC onboarding etc are required to have available systems and processes in a way that will support and enable vulnerable consumers to disclose their needs. Firms “should” be able to spot signs of vulnerability, which means that if you don’t have the systems or procedures in place, you are not conforming to a “should”, whereby the FCA think a firm ought to consider a course of action (not specified in a Principle) to comply with a Principle. Further, to deliver appropriate customer service that responds flexibly to the needs of vulnerable consumers, another part of the “should” means you need a written process that can be switched into on identification of any area of vulnerability. Don’t forget, someone may be vulnerable under more than one area.
Every firm also needs to readdress their communications to customers and encapsulate the possibility of vulnerability, and inform them of all facilities available. With that, staff skills and capability needs to be considered and evidenced (SMCR reasonable steps as well as TCF). Firms are required to embed the fair treatment of vulnerable consumers across the workforce. All relevant staff should understand how their role affects the fair treatment of vulnerable consumers. Alongside that role responsibility, frontline staff have to be able to demonstrate the necessary skills and capability to recognise and respond to a range of characteristics of vulnerability. As a good employer, firms should also offer practical and emotional support to frontline staff dealing with vulnerable consumers. These areas are often lacking in most firms we encounter, but there is now guidance on what is required and the areas that need to be interrogated for ways to enhance your service.


Is the FCA creating a new category of customer with the Vulnerable Person Guidance? We would have to say no, but the impact of dealing with any customers, consumers or clients needs to be minutely investigated and areas for improvement identified. This would be a fairly major project for most firms, and the worst part is, if they don’t take external opinion, they will continue to choke on their own exhaust. or call 0207 097 1434 to arrange an exploratory call.

compliance consultants london

Getting Ready For The 6AMLD

regulatory compliance consultants london

aml specialist consultants londonThe sixth anti-money laundering directive (6AMLD) is almost here. It has been n effect in EU member states since December 3, 2020, all financial institutions must implement the directive by June 3, 2021.

While there are fewer big changes than previous directives, 6AMLD brings clarity to specific regulatory details to close loopholes, toughen penalties, and encourage greater cooperation. Its goal is to empower financial institutions and states to do more in the fight against money laundering and the financing of terrorism.

UK financial services businesses

The UK has chosen to opt-out of abiding by further AML policy as the Government believes that domestic legislation is already mostly compliant with the Directive’s steps and, in most cases, goes even more than what 6AMLD proposes. For example, in the UK, the maximum penalty for money laundering is fourteen years, going beyond the new four-year minimum needed by 6AMLD; and aiding and abetting offenses of helping, motivating, and trying to launder money is currently a criminal matter.

However, it is essential to keep in mind that UK-based businesses in the monetary sector that operate within the EU jurisdiction will require to comply with the modifications set out in 6AMLD.

Access to clean and available international customer data for effective AML/ KYC screening

To be ready for 6AMLD, those in financial services require to know their clients, whoever they are. The key is to have access to billions of consumer records worldwide from trusted data streams; these consist of federal government firms, credit firms, and energy records for cross-check and verification purposes. It is particularly essential to obtain confirmation of important proof of address. Having access to up-to-date watch lists, such as politically exposed Persons (PEPs) information as part of this dataset is likewise essential.

From a customer experience perspective, the checks leveraging this data should take place in real time to prevent slowing the consumer onboarding procedure. This data should also originate from a single source to avoid the requirement for many expensive providers in various markets. This issue frequently results in irregular ID data and supply chain management issues.

Regtech: MRZ and ORC ID document scanning and biometrics to support 6AMLD compliance

When it pertains to remote onboarding, banks need to use machine legible zone (MRZ) and optical character recognition (OCR) innovations to gather customer ID and extract important details. This ensures the ID is real and validated in real time. The image ID embedded in these scanned documents supports biometric ID confirmation, such as facial acknowledgment, which can likewise help securely speed up consumer engagements.

Nevertheless, the biometric innovation must provide liveness checks, such as eye motion, for proof of life confirmation. This is vital with scammers significantly utilizing creative approaches like 2D images and video playback to try to trick facial recognition technology and ‘prove’ they are the person they are impersonating. In fact, this process can result in money services (MSPs) and Payment Service Providers (PSP) organisations getting a due diligence report related to AML and KYC that can be used to show their compliance when it comes to regulatory checks.

To prevent money being laundered and prevent extreme sanctions, financial services companies operating within the EU needs to comprehend and be ready for 6AMLD by the June due date. Ideally, this must involve having access to billions of consumer records worldwide for cross-check and ID confirmation functions, helping recognize individuals throughout borders. They must also undertake document scanning with MRZ and ORC innovation, which will also allow delivery of biometrics that help to safely speed up engagement with customers. Embracing these procedures will decrease the concern of compliance and equip financial institutions for more stringent global policies in the future.


If you have any questions or want further assistance, please contact us by email – or call +44 (0) 207 097 1434

compliance consultants london

Training & Competence – T&C

Training & Competence – T&C

Training & Competence t&c

The importance of this section cannot be under stated. Due to the changes in this area and post-Brexit potential changes, we consider it prudent to provide a link to the FCA Handbook 

Additionally, you may find these points useful;

How are individual training needs identified and by whom?
Identifying the training needs for each role in the T&C scheme should start with the professional knowledge / qualifications required of that role. Professional bodies like the CII (Chartered Institute of Finance) and Chartered Institute for Securities and Investment (CISI) run both training programmes and provide qualifications. A second source of guidance is your professional trade body. Many trade bodies host interest groups on T&C that will enable networking and the opportunity to benchmark with other similar organisations. The third source of guidance should be your internal HR team. If you don’t already have the competency requirements defined for the roles in the T&C scheme, they should have the expertise to help you define what these are. HR should be a key resource for guidance on the competency requirements of each role beyond the core set of professional knowledge / qualifications. Once defined for each role, these competency frameworks form the basis for the identification of training needs that should be aligned by role. All that remains then is to organise any training needs in a logical sequence. On a final note, training needs can arise at any time and a key part to effective identification is supervisors who are trained and capable of not only spotting training needs but providing appropriate support to resolve them.
How are the learning objectives, timescales, responsibilities and measurements set defined for each training need identified?
This depends on the nature of the training needs. There is a great deal of discretion for firms to decide how they define and subsequently deliver their training. Professional bodies usually set annual standards for continuing professional development (CPD) for their members and many firms will also have their own in-house expectations too. These CPD requirements will often be split into structured versus unstructured learning. In fact, the FCA requires that retail investment advisers need to complete 35 hours of CPD each year. Successful completion of this CPD enables the individual to retain their Statement of Professional Standing (SPS). Beyond the CPD targets set by professional bodies, firms can and do set their own CPD requirements. This should be linked to the required measurements and timescales and be evidenced as part of the T&C Scheme arrangements.
In essence, any training identified should be noted via a SMART training plan that allows anyone looking at an individual’s development to be able to see when the need was identified, how will it be met and, when it is met, how will the change be measured.
What is in place to ensure training remains effective and up to date?
Training plans should be subject to regular review. There should be corporate training input that is managed by a central training team and typically will cover the provision of e-learning together with behavioural type inputs such as selling skills, handling difficult clients etc. Then you have the localised training that will tend to be managed by the T&C Supervisor. This is where small needs are identified through other T&C activities and then localised on the spot training is delivered to meet the need.  The trick here though is once again for a well-trained supervisor who can identify, manage and deliver against these needs, ensuring of course that everything is documented on the individual’s records, because if you can’t evidence it then in the eyes of the regulator it didn’t happen.
Who is responsible for ensuring training is timely, appropriate and evaluated?
At a localised level it is the T&C supervisor that needs to cater for the needs of the individual through either 1:1, group or referred training. Each training intervention should be evidenced through some type of Training Event Record that details what the training need is, what the proposed solution is and how this will be taken into the workplace. A structured approach of this nature then allows the T&C Scheme activity to be reviewed by the most senior overseer of the scheme to help ensure that training needs are either being met in the field or referred where a more formalised response is required.
How is training evaluated and by whom?
Who takes responsibility for making assessments about the competence and capabilities of individuals will vary across different organisations. However, responsibility for evaluating the effectiveness of training tends to fall to the staff member’s immediate line manager, dedicated T&C supervisors or, in some cases, a mix of both. Because whilst training is the input, the most effective way of evaluating its success is looking at the output and that means reviewing the individual whilst operational in role. The T&C scheme should define who assesses what activities and training will typically be evaluated at the point of delivery (by the training team) and at the point of use by the supervisory team.

If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on 0207 097 1434 or email

This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

FCA Fine? You may be in good company!

Compliance Monitoring Plan template

FCA Fine? You may be in good company!

Penalties for regulatory compliance breaches can be eye-watering in scale.

2020 largest Fines
1. Goldman Sachs International (fined £97m)
PRIN 2 and PRIN 3 breaches – Risk management failures

2. Lloyds Bank, BoS & The Mortgage Business (fined £64m)
PRIN 3 & 6 breaches – Poor handing of mortgage customers

3. Commerzbank (fined £37.8m)
PRIN 3 breaches – AML failings

4. Barclays (fined £26m)
PRIN 6, PRIN 3, and CONC rules breaches – unfair treatment of customers in the Retail Banking sector

5. Charles Schwab (fined £8.96m)
PRIN 10 and 11, CASS and Section 20 FSMA breaches – Safeguarding and Compliance Issues

6. Moneybarn (fined £2.8m)
PRIN 6 & 7 and CONC rules breaches – Unfair treatment of customers

How could these fines have been avoided?

The FCA’s ‘Principles for Business’ (PRIN) set out the fundamental obligations for firms under the regulatory regime.

According to the FCA principle 3, a firm ‘must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems’.

This refers to a firm’s:

  • Robust governance arrangements – rules, practice and processes. How Can We Help? We can review your arrangements.
    Skills, knowledge and expertise of staff – in other words train people!
  • Outsourcing responsibilities – know your suppliers and make sure they are compliant. How Can We Help? We can review your arrangements.
  • Reasonable steps – under SMCR you need to ensure you have decision making fully and appropriately records. How Can We Help? We can review your arrangements.
  • Record-keeping – keep records, and make sure they are accurate and up-to-date. How Can We Help? We can review your arrangements.
  • Conduct Risk – keep records of any T&C breaches, mis-selling, product design etc. How Can We Help? We can review your arrangements.
  • Conflicts of interest – keep a compliance register to avoid issues. How Can We Help? We can review your arrangements. 

The FCA will identify potential or actual consumer harm caused by the actions of firms or markets and take action to address that conduct. These penalties should act as a clear warning to any companies who aren’t taking financial compliance as seriously as they should be.

If you would like to have any of your processes, files, procedures, governance or strategy planning reviewed, in confidence, we can be contacted on the above number. Or, just complete the form below.


    Fca Principles For Business Conflicts Of Interest, Fca Principles For Business Rules, Fca Principles For Business Smcr, Fca Principles For Business Sourcebook, Fca Principles For Business Tcf, Fca Principles For Business Treating Customers Fairly, Principles For Business, Principles For Business Sustainability, Principles For Business Vulnerable Customers

    PSD2 Guide To Safeguarding & Wind Down Planning

    Compliance consultants london - failure - wind down planning

    PSD2 Guide To Safeguarding & Wind Down PlanningCompliance consultants London - PSD2 Safeguarding & Wind Down

    Download Our FREE Guide By Completing The Form Below!

      compliance consultants london

      Committee Terms of Reference – TOR

      Committee Terms of Reference (TOR)

      Committee Terms of Reference (TOR)


      Terms of Reference (TOR) form a foundation stone for the commencement of any workplace investigation. Much like a recipe, they set out the core people and components of the investigation, as well as the boundaries and methods to be utilised. Without solid terms of reference, an employer’s well-meaning attempt to gather information and fix a workplace problem can fail, or cause even more problems. As well as establishing an understanding of what is required and by when, TOR create an excellent framework for the more detailed investigation plan. Terms of reference can prevent such pitfalls as misunderstandings, unintended breaches of privacy, and negative effects on relationships. 

      There are no hard and fast rules regarding how and when TOR should be drafted. Some employers start with a Statement of Complaint and flesh out the terms of the proposed investigation based upon this central concern. Others call upon the services of a workplace investigator to actually assist in drafting TOR, particularly where a workplace problem is vast, sensitive, and/or complex. Sometimes it is important to wait and collate some preliminary materials prior to pinning down the exact terms of the investigation. In any event, it is important to start working on your TOR sooner rather than later, and certainly once a workplace investigation is confirmed.  
      Below are typical sections of a ToR document. Each section needs to be customized to the unique needs of your committee. More formal committees usually need more formal information and instructions
      Committee Name
      Official name of the committee or group
      Can be standing, ad hoc (special project) or advisory (related to another board, committee or project)
      Describe the purpose of the committee (what the committee will do, why it was created)
      Clearly describe what is in and out of scope for the committee
      Describe the decision making authority of the committee (decides, approves, recommends, etc.)
      Type and number of members, how members are appointed, how the chair and co-chair are appointed and a list of members (Name and functional role)
      Meeting arrangements
      Meeting frequency and location, meeting procedures (if applicable), quorum, details about agendas and minutes (how these will be distributed, available online, who prepares them, etc.), communication between meetings.
      Describe whom the committee will report to, in what format, how often
      Resources and budget
      Describe the available resources (people, rooms, equipment, etc.) available to the committee, Describe the funds available to the committee
      Describe the requested/required committee output
      State the ToR review frequency and next review date

      If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

      0207 097 1434 or email

      This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

      Treating Customers Fairly – TCF Checklist

      Treating Customers Fairly – TCF

      Treating Customers Fairly TCF Checklist

      The FCA no longer carries out TCF specific visits, however this does not mean that they think it is any the less important. It does mean that by now they expect the principles of TCF to be embedded in all firms and to be the bed rock of their business models. The principle is to ‘put the customer first’ in everything which we do. Therefore, if during a visit or an interview they get the impression that TCF is no longer a priority, they will certainly investigate further and this is where you will need FCA compliance consultant by your side.

      TCF applies to both Product Providers and Intermediaries. Broadly, the Regulator intends that:

      Product Providers should ensure that:
      • their products are appropriately designed for the target market
      • the marketing material is clear, fair, not misleading, and likely to be understood easily by those reading it
      • the product should perform according to the expectations given
      An Intermediary’s primary responsibility is to ensure that:
      the customer has all appropriate information in an understandable format, which means;
      For advice sales:
      • the clients’ attitude to investment risk and capacity for loss has been properly established
      • the product is suitable for the customer
      • the product is affordable
      • the post sales service meets the expectations created
      The TCF exercise, which all regulated firms should undertake no less than annually, is essentially a “Gap Analysis.” For the purposes of Risk Management, the FCA expectations could be broken down into 6 key areas:
      1. Senior Management Responsibilities
      2. Communication with Clients
      3. The Advice Process
      4. The Post Advice Process
      5. Disclosure and Payment for Services
      6. Staff Competence
      The following is a non-exhaustive list for your guidance.
      The TCF Outcomes Management Statement
      • TCF is central to our corporate culture
      • Senior management can demonstrate how TCF is embedded in our business strategy
      • The fair treatment of customers is central to our Firm’s culture
      • Senior management practice what they preach and re-inforce TCF on a day to day basis
      • Senior management have undertaken a TCF audit / gap analysis
      • An action plan has been agreed and is/has been implemented
      • Critical elements of TCF are included within our MI. This is regularly reported and acted on
      • Staff routinely share best practice and can explain what TCF looks like to them
      • Adherence to TCF practices are rewarded
      • Remuneration policy and staff rewards support TCF
      • Actions taken demonstrate adherence to TCF obligations are recorded
      • Feedback processes are in place to gauge client satisfaction
      • Responsibilities for TCF are clear, e.g. for taking action, monitoring results / identifying improvement areas
      • Staff are engaged, motivated and trained in what TCF means
      • Everyone within the business is truly client focused
      • All our people are well trained for the roles they perform
      Products and services marketed….meet the needs of identified customer groups and are marketed accordingly 
      • Advisers are able to identify target markets for specific products
      • Financial promotions are regularly reviewed for relevance and clarity
      • Advisers/managers demonstrate their knowledge of products
      • The sign-off process for advertising and promotions is rigorous
      • We are confident in our expertise to recommend and manage in our chosen markets
      • Our promotions are targeted to ensure they are aimed at the right clients
      Consumers are provided with clear information and are kept appropriately informed before, during and after the point of sale
      • TCF principles are reflected within T&C documentation, e.g. observation form
      • Content of documentation is not overly technical, e.g. suitability letter
      • Clients can clearly see the advice given and why, e.g. it isn’t buried in other documentation
      • Clients always understand the benefits of the advice / products recommended
      • Clients always understand the limitations and risks associated with the advice / products recommended
      • Documentation (such as suitability letters) are always tailored to individual clients
      Advice is suitable and takes account of their circumstances
      • Attitude to risk is clearly identified, understood by the client, documented, and matched by recommendations
      • Advice covers, where appropriate, non-income earning recommendations, e.g. National Savings, utilizing IHT annual allowance, repayment of debt
      • Soft facts are always collected on the fact find — not only what, but why?
      • Knowledge of adviser / supervisor products and associated advice areas is spot on —this is current and has been objectively assessed
      • There is no sales bias
      • Clients fully understand the status of the adviser and clearly understands the merits of the different remuneration methods
      • `Know your customer’ requirements are fully documented, e.g. limited advice or `client not prepared to disclose’ are the exception rather than the rule
      • We take time to understand our clients’ needs
      • We regularly review our stance on investment and technical issues
      • The fact find document readily captures all of the information we need about the clients circumstances for us to fully advise them.  
      Consumers are provided with products that perform as firms have led them to expect and the associated service is both of an acceptable standard and as they have been led to expect
      • Advice process includes a measurement of client satisfaction
      • Service standards (where agreed with a client) are met, e.g. time to write a report
      • Ongoing client reviews are always conducted as agreed with the client
      • Advice to existing clients is always the same as that to potential new clients, e.g. some advisers would not now recommend WP investments to new clients — what do we do about existing clients with WP investments?
      • Client reviews / contact methods are established with each client
      • Whatever client contact is agreed, this is followed through for both new and existing clients
      • Information is reviewed for relevance, accuracy, and clarity
      • Ensure clients expectations match provider service
      • Clients regularly complement us on our service
      Consumers do not face unreasonable post-sale barriers imposed by firms to change product, switch provider, submit a claim or make a complaint 
      • Complaints data / client feedback is reviewed to identify TCF issues
      • Staff and advisers know what a complaint is defined as and what to do when one is received
      • Service standards are in place and adhered to
      • Complaints investigated in a impartial manner without confrontation
      • Complaints processes in place and regularly reviewed (as applicable)
      • All client data is accurate, up-to-date, easy to use and accessible
      • Our database enables most client queries to be dealt with by support staff
      • Our software supports the main advice and business process

      If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

      0207 097 1434 or email

      compliance consultants london
      This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

      The Back-Office System and Procedures

      The Back-Office System & Procedures

      The Back-Office System & Procedures

      Bringing in clients (New Business) seems to be the most exciting thing there is, right? That’s why there are so many marketing agencies popping up. Content strategy, copywriting, ads… they all are sexy.

      Doing the work is not as fun, but that’s how you get paid — so you give it a pass.

      But the Back-Office is not generally thought of as sexy. It’s a crucial component if you want to take your business to seven plus figures.
      What does Back-Office include?
      This system manages every foundational element that is needed to run a business — other than your New Business and Production teams.
      I’m talking about things such as legal, HR, rent, administrative and operational support, etc.
      Anything that is essentially non-billable and doesn’t directly contribute to your revenue is what I would leave under back-office.
      Effectively Managing The Back-Office.
      Something that I really try to make emphasis on throughout my content is that every system is comprised of people, processes, and tools. And the Back-Office is no exception.
      In the beginning, for many companies, one or two people were in charge of every single aspect of this system (in all systems, really). They are the ones signing contracts, sending invoices, finding contractors, hiring employees, etc.
      They think that they are working on the business. But, over time, things got more complex. They can’t do everything anymore, so they have to start hiring other people and delegating. They need processes and procedures to be the “go to” document to explain what to do when they are not there. It goes without saying, but people are a HUGE determinant factor of your success.
      You can help your people by setting up a process that optimised their efforts and minimises costs. But someone has to design that process. It can either be you or someone from your management team — but it has to be done.
      If you can document step by step the actions of your legal and hiring processes, for example, the business becomes less “You-dependent”.
      How will you generate candidates when there’s an available position at your company? Who will contact them? How many rounds of interviews will they have to go through? Who are the final decision-makers?
      It may seems like you are wasting a couple of hours to get that on a piece of paper. However, trust me: you’ll realise how much quicker and sustainable you can scale and grow after you have every system documented in detail. Note: having clearly defined guidelines will also help you make less emotional decisions.
      Think of tools as any apps, software, and other tech or old-school solutions that make your life easier.
      I’m sure you are already using them in some way: to improve the communication within your team, to onboard employees, to create invoices, etc.
      Automation will help you reduce the number of people your company needs to operate. It can even fully eliminate repetitive tasks from your daily to-do list.
      A couple of examples:
      You could send contracts through DocuSign to your new clients so that you can get that out of the way much faster. And you could automate sending the onboarding material as soon as they sign. Have a recurrent invoice sent at the end of every month. Obviously much easier, faster, and cheaper, right?
      Understanding the Real Cost of Your Back-Office:
      As I said before, the business owner/CEO– will usually manage the whole Back-Office system in the early days. That’s totally normal, but, as you grow, things will change. You’ll have more clients, you’ll expand your business, and you’ll need more employees to fill that need.
      But beware to not run into this issue:
      1. As you scale up, your back-office will also scale up.
      2. And you don’t want to underestimate how much it’s going to cost you.
      Yes, in the very beginning, it will only take time and effort — but not money. Which, obviously, is still a huge expense. But what happens when instead of sending one invoice, you need to send 10? Or you have to hire not one individual, but two or more? You can only service a certain amount of business areas while maintaining your quality standards.  
      Of course, when you have someone in charge of that, these costs have to now be factored into the equation. I’ve seen plenty of business owners that they didn’t plan for this and guess what happened?
      Their profit margins got screwed up and they realised they weren’t charging enough.
      Just as a reminder, this goes like this: revenue – cost to produce everything – everything else.
      Well, everything else will naturally increase over time as your business grows. You’ll want to reduce it as much as you can through automation, processes, and high-performing people, but it will happen.
      As long as you’re not just throwing unnecessary bodies and it comes from a place of growth, the back-office is a price that you should be willing and capable to assume. Just make sure you account for it and doesn’t come as a scary surprise.
      The Back-Office System Summary:
      • The Back-Office System includes anything that is essentially non-billable and doesn’t directly contribute to your revenue. I.e. legal, HR, rent, administration, and operational support.
      • As you grow, you’ll need to find people to take over every element in the system. Use the leverage from well-designed processes and tools to increase your output efficiency.
      • There’s a real cost of managing the Back-Office, especially as you scale. Make sure you factor it into your prices and profit targets.

      If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

      0207 097 1434 or email

      We Accept Crypto
      Ask Us For Details
      This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

      Compliance Bench-Mark Check: Annual Policy Review

      Annual Policy Review

      Annual Policy Review

      Best practice for all governance is at least an annual review of policies and Terms of Reference. Policies should be reviewed by the policy owner and submitted for republishing to the Board/Partners in good time. The updated policies should then be uploaded somewhere centrally (we can help with this) to create a single version of the truth copy. Version control needs to be maintained.

      The review should cover at least;-
      • Policy Owner TITLE
      • Review frequency Annual
      • Responsible for document management
      • Next Review Due Date TITLE 
      • Date
      • Security classification Restricted
      • Version control updated with salient changes?
      Content Questions
      • Is the policy consistent with the core values and principles, mission and strategic plan of the firm? YES/NO
      • Have there been deviations from the policy over the past year? If yes, were there a sufficient number to consider revising the policy? YES/NO
      • Are there ambiguities in the policy statement? Are there questions arising from this policy? (if yes, perhaps the policy needs rewording for greater clarity) YES/NO
      • Does the policy comply with current legislation? YES/NO
      • Have you amended to include any practices that may have been adopted (due to limitations or resource shortfalls) to ensure they are consistent with the policy statement? i.e., heuristics, short-cuts, workarounds. YES/NO
      • Checked for any contradictions within the policy statement? YES/NO
      • Checked for conflicts or contradiction of other policies? YES/NO
      • Is the policy consistent with current technology? YES/NO
      • Is language within the policy statement current? YES/NO
      • Is the policy consistently interpreted? YES/NO
      • Are the related procedures relevant and up to date? YES/NO
      • Is the scope (i.e., to whom or what it applies) accurate? YES/NO
      If there are any “No” answers, please review and amend the policy and/or procedures accordingly.

      If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

      0207 097 1434 or email

      Compliance Benchmark Audit and Projects
      This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

      The Importance and Value Of The MLRO’s Report



      The Financial Conduct Authority (FCA) have specific regulatory rules and requirements set out in the ‘Senior Management Arrangements, Systems and Controls (SYSC)’ section of their handbook, which relate to financial crime and specifically anti-money laundering officer, controls, measures and audits. SYSC 6.3.7 also specifies that the appointed Money Laundering Reporting Officer (MLRO) is to ensure the appropriate provision of information to its governing body and senior management, including a report, at least annually, on the operation and effectiveness of the systems and controls put into place to enable it to identify, assess, monitor and manage money laundering risk.

      The MLRO has to produce an annual MLRO Report which is provided to Senior Management and made available to any regulating or governing body where applicable and/or requested. The report seeks to ensure the efficiency, effectiveness and adequacy of the AML/CFT measures, controls and systems in place and details any breaches, SAR’s, improvements and actions within the reporting period. 

      NOTE: We have compiled a list of the sections and just a few of the questions that we feel should be included on this annual MLRO Report – however it is essential that you add to and/or amend/expand the sections to ensure that they take into account the size, scope and scale of your business. Some areas have been removed for the sake of brevity. If you want assistance in designing your reports more effectively and comprehensively, lease contact us.
      1. Company Details
      MLRO Name:
      Date Report Compiled:
      2. Systems & Controls
      a. Are the AML/CFT policy and procedure documents up-to-date? YES/NO 
      b. Are they adequate to meet the firm’s needs & mitigate financial crime risks? YES/NO
      c. Are they effective in meeting the regulatory & legal rules & requirements? YES/NO
      d. Detail any areas where the firm’s AML policies, procedures, systems and/or controls should be improved, and proposals for making appropriate improvements?
      e. Do the existing controls and measures ensure that your firm can identify, assess, monitor and manage money laundering risk? YES/NO 
      f. Are client identification procedures effective and adequate? YES/NO
      g. Have due diligence checks been completed & retained for all new clients? YES/NO
      h. Are your Risk Management policies and procedures up-to-date? YES/NO 
      i. Are they adequate to meet the firm’s needs & mitigate financial crime risks? YES/NO
      j. Are they effective in meeting the regulatory & legal rules & requirements? YES/NO
      3. Breaches & Reports
      a. How Many Internal Suspicious Activity Reports (SAR’s) Were Completed?
      b. Number of SAR’s Passed to the FCA/NCA?
      c. Number of SAR’s NOT Passed to the FCA/NCA?
      d. Were there any breaches of internal AML/CFT policies and/or procedures? YES/NO
      e. Were there any breaches of FCA regulations with regards to AML/CFT? YES/NO
      f. Were there any breaches of regulations/laws regarding AML/CFT YES/NO
      4. Training & Assessments
      a. Has appropriate and effective Financial Crime and AML training been provided to all employees and associated personnel? YES/NO
      b. Have all training materials been reviewed for compliance with current laws, regulations and legislation? YES/NO
      c. Are employees asked for feedback on the training content and delivery? YES/NO
      d. Are assessment test papers used to test AML knowledge and understanding? YES/NO
      e. What was the date of the last content update/review for training materials?
      f. Have all staff received the training within the past 6 months? YES/NO
      5. Due Diligence & High-Risk Clients
      a. Is a due diligence checklist and questionnaire used for all new customers? YES/NO
      b. Are adequate/effective background checks performed on all new customers? YES/NO
      c. Are adequate/effective background checks performed for all new employees?    YES/NO
      d. How many customers does the firms have that it categorises as ‘high-risk’? 
      6. Due Diligence & High-Risk Clients
      a. Are adequate/effective monitoring and audit procedures and controls in place? YES/NO
      b. Based on the audit and monitoring outcomes, are the AML/CFT controls and measures deemed to be comprehensive and proportionate?    YES/NO
      c. Are transaction monitoring processes adequate and effective? YES/NO
      d. Were ‘Source of Funds’ checks carried out on all transactions over £10,000?YES/NO
      7. Summary
      Do they summarise any regulatory/legislative changes during the reporting period and their impact on the firm’s systems, controls and measures?
      Do they summarise any impending and/or future regulatory/legislative changes that could impact the firm’s systems, controls and measures and suggestions for actions and/or mitigations?
      Do they indicate changes in activity and elements of the business that have had implications for money laundering controls?

      If you need to create, review or execute your Governance, Risk or Compliance strategy, call us today on

      0207 097 1434 or email

      compliance consultants london
      This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.
      Current Activity