Tag Archives: compliance consultancy services

How Do We Manage Your FCA Application for Authorisation?

FCA authorisation compliance consultants

We manage your regulatory application to the UK’s Financial Conduct Authority (FCA) by setting out a project plan, guiding you through the process and keeping you up to date with all the milestones and timelines involved.

You will have quality advice and assistance at all stages of the authorisation process, which includes preparation, filing and ongoing conduct of the application. We are all professionally qualified and experienced in this area of regulated business.

Our Expertise and Services also include:
  • Advising you on the FCA Regulated activities for which you will need FSMA Part IV permissions
  • Advising you on the different FCA Regulatory obligations specific to your Regulatory Activities
  • Advising you on the FCA Regulatory Capital obligations (the money you need to keep in reserve)
  • Advising you on the FCA competency requirements for senior management and other staff
  • Assisting you in the preparation of your Regulatory Business Plan (or creating one with you for an additional cost)
  • Assisting in the completion of the necessary forms, including ownership disclosure forms and FCA Approved Persons/Senior Management Function Forms
  • Advice on corporate governance, systems and controls
  • Providing you with practical and effective regulatory compliance documentation including required policy templates.
  • Finalise your Compliance Monitoring Programme (and set it up in Pathfinder, our software, if you select it)
  • Liaising with your other advisers and with the FCA
  • Project managing your Firm’s FCA application from start to finish
Additional services also provided are
Preparing your senior management for meetings with the FCA (if necessary)
Arranging for Trademark protection
Total Control From Day One – Pathfinder (our all-encompassing RegTech solution) –  starting your regulated business activities in complete control of your compliance arrangements (includes free trial and training).
Training for all Senior Management and Staff in matters from Senior Managers responsibilities and accountabilities, FCA Code of Conduct, Anti-Money Laundering, Conflicts of Interest, KYC and many others.

Compliance Consultant

‘Making Compliance Work’

Contact Us Today!
[ninja_form id=1]

Download our FREE Brochures

Basic FCA Authorisations Process

    Can You Really Afford Generic Ongoing Compliance Support?

    The problem with most firms, whether they be IFAs, Stockbrokers, Payment Services or whatever sector, is that the Compliance Officer is treated unfairly, if they are running the compliance function as a component of their job. Whether they are advising, trading or operate the financial side of the business, unlike 10 or even 5 years ago, there is far too much to get done, to gratify the demands of the regulators.

    Obviously there are 5 main options;
    • You can proceed as normal and let things get slowly further and further behind; not a great option, running the gauntlet of “not” being visited.
    • You can devote more time to the compliance aspect, rejig the annual compliance monitoring plan and enlist other people to help; but you will need to supervise their efforts and if they are not “compliance” people, it may be even more work than you save.
    • Engage one of the many consultancies that are either big 5 or quasi big 5, made successful by all the mis-selling of yesteryear and not necessarily focused on your kind of business. These guys usually want a big chunk of profits to be “available” and deliver ongoing support.
    • You can recruit a compliance manager (or team) to perform the main bodies of work required, and have regular meetings to ensure they are staying up to date with everything. This is expensive with all the rights of workers and the fringe benefits.
    • The final option is to engage with a particular niche consultancy that only provided experienced and qualified consultants in order to help you fit in all the compliance requirements and carry on your day job. Not the cheapest option, but a wise person would never confuse cost with price.
    The regulator’s business plan for 2018 has created a raft of focused areas for the remainder of 2018 and start of 2019. From the FCA Handbook there are a variety of hotspots and they are determined to use their powers under the FSMA 2000 to progress, investigate and enforce where appropriate. Whatever FCA Regulated Activities you have permissions for, I am sure you will see that there is something for everybody.
    The following list identifies the regulators cross-sector priorities to be addressed over the coming few months:
    – Firms’ culture and governance
    – Tackling Financial crime (fraud & scams) & anti-money laundering (AML).
    – Data security, resilience and outsourcing.
    – Innovation, big data, technology and competition.
    – Treatment of existing customers.
    – Long-term savings, pensions and intergenerational differences.
    – High cost credit.
    – Wholesale financial markets.
    – Investment Management.
    As a part of the FCA’s ongoing programme of work they continue to mitigate harm from firms selling Contracts for Difference (CFDs) and spread bets to retail customers who often do not comprehend the risks of these complicated, leveraged instruments.
    They are also concentrating on binary options, which entered into the FCA’s regime from January 2018. Their work involves a coordinated programme of policy and supervisory activity. In 2018, they will evaluate how well their interventions have worked and act where firms fail to meet expectations.
    The FCA support the European Securities and Markets Authority’s (ESMA) agreed EU-wide temporary product intervention measures announced 27th March 2018. These include the prohibition of the marketing, distribution or sale of binary options to retail clients and a series of limitations on the marketing, distribution or sale of CFDs to retail clients, including rolling spot forex. The FCA expect to consult on whether to apply the ESMA measures on a permanent basis to firms offering CFDs and binary options to retail consumers.
    The importance of self-governance and accountability: this is demonstrated in the extension of the Senior Managers and Certification Regime (SM&CR) to all regulated firms, incorporating dual regulated insurers. The FCA’s policy statement and new rules will be published in the summer of 2018 and the SM&CR will be extended to insurers on 10 December 2018.
    So there is a huge raft of work going on which is quite in addition to the changes to the FCA Handbook after MiFID II, and your very own monitoring plan, that we calculate for most firms includes over 60 diverse events, from governance reviews (several day’s work in itself) through to whistleblowing and reporting (Gabriel returns anyone?), financial promotions and conflicts of interest through to KYC and Money Laundering and TCF, to name but a few.
    With Liz Field of PIMFA joining with the FCA in encouraging advisers to whistleblow on “bad behaviour” within the profession in order to bring down the cost of the FSCS levy, all firms should ensure they have their house in order if they have enough time.
    Compliance Consultant offers various support packages that can be managed on-site or remotely (depending on your needs), or a mixture of both. Experienced and professionally qualified people that are as flexible as you need, with the goal of providing you with the very best compliance function possible, with regular reports by email of the work they have planned, work that they have undertaken and any challenges identified along the way.
    Compliance Consultant.
    Making Compliance Work.
    0207 097 1434

    Can You Really Afford Generic Ongoing Compliance Support?

    Compliance is an ambivalent function. On the one hand you are viewed as the regulators’ ally inside the investment firm; overseeing the implementation of their regulation. Meanwhile, you are paid by the investment company and a component of their culture and hierarchy.

    You might say ‘front office’ (traders making the money) considers compliance the way compliance subsequently considers the regulators.

    The problem with most companies, whether they be IFAs, Stockbrokers, Payment Services or whatever sector, is that the Compliance Officer is treated unfairly, if they are running the compliance function as a component of their job. Whether they are advising, trading or operate the financial side of the business, unlike 10 or even 5 years ago, there is far too much to get done, to satisfy the needs of the regulators.
    Obviously there are 5 main options;
    1. You can carry on as normal and let things get slowly further and further behind; not a great option, running the gauntlet of “not” being visited.
    2. You can devote more time to the compliance component, rejig the annual compliance monitoring plan and enlist other individuals in order to help; but you will need to supervise their efforts and if they are not “compliance” people, it may be even more work than you save.
    3. Engage one of the numerous consultancies that are either big 5 or quasi big 5, made successful by all the mis-selling of yesteryear and not necessarily focused on your type of business. These guys usually want a big chunk of profits to be “available” and supply ongoing support.
    4. You can recruit a compliance manager (or team) to perform the main bodies of work required, and have regular meetings to ensure they are staying on top of everything. This is expensive with all the rights of employees and the fringe benefits.
    5. The final option is to engage with a niche consultancy that only provided experienced and qualified consultants to assist you fit in all the compliance necessities and maintain your day job. Not the cheapest option, but a thinker would never confuse cost with price.
    fca template compliance manual risk management fca handbookThe regulator’s business plan for 2018 has created a raft of focused areas for the remainder of 2018 and start of 2019. From the FCA Handbook there are a variety of hotspots and they are determined to use their powers under the FSMA 2000 to progress, investigate and enforce where appropriate. Whatever FCA Regulated Activities you have permissions for, I am sure you will see that there is something for everybody.
    The following list identifies the regulators cross-sector priorities to be addressed over the coming few months:
    • Firms’ culture and governance
    • Tackling Financial crime (fraud & scams) & anti-money laundering (AML).
    • Data security, resilience and outsourcing.
    • Innovation, big data, technology and competition.
    • Treatment of existing customers.
    • Long-term savings, pensions and intergenerational differences.
    • High cost credit.
    • Wholesale financial markets.
    • Investment Management.
    As a part of the FCA’s ongoing programme of work they continue to mitigate harm from firms selling Contracts for Difference (CFDs) and spread bets to retail customers who often do not comprehend the risks of these complicated, leveraged instruments.
    They are also concentrating on binary options, which came into the FCA’s regime from January 2018. Their work involves a coordinated programme of policy and supervisory activity. In 2018, they will evaluate how well their interventions have worked and act where firms fall down and cannot meet expectations.
    The FCA support the European Securities and Markets Authority’s (ESMA) agreed EU-wide temporary product intervention measures announced 27th March 2018. These include the prohibition of the marketing, distribution or sale of binary options to retail clients and a range of limitations on the marketing, distribution or sale of CFDs to retail clients, including rolling spot forex. The FCA expect to consult on whether to apply the ESMA measures on a permanent basis to firms offering CFDs and binary options to retail customers.
    The importance of self-governance and accountability: this is demonstrated in the extension of the Senior Managers and Certification Regime (SM&CR) to all regulated firms, incorporating dual regulated insurers. The FCA’s policy statement and new rules will be published in the summer of 2018 and the SM&CR wasextended to insurers on 10 December 2018.
    fca template compliance manual smcr supplementThere is a huge raft of work going on and that is quite apart from the changes to the FCA Handbook after MiFID II, and your own monitoring plan, that we calculate for most firms includes over 60 different tasks, from governance reviews (several day’s work in itself) through to whistleblowing and reporting (Gabriel returns anyone?), financial promotions and conflicts of interest through to KYC and Money Laundering and TCF, to name but a few.
    With Liz Field of PIMFA joining with the FCA in encouraging advisers to whistleblow on “bad behaviour” within the profession in order to bring down the cost of the FSCS levy, all firms should make certain they have their house in order if they have the time.
    Compliance Consultant offers various support packages that can be managed on-site or remotely (depending on your needs), or a mixture of both. Experienced and professionally qualified people that are as flexible as you need, with the goal of providing you with the very best compliance function possible, with regular reports by email of the work they have planned, work that they have undertaken and any challenges identified along the way.
    Compliance Consultant.
    Making Compliance Work.
    0207 097 1434

    Senior Managers & Certification Regime: is your HR function prepared for becoming successful

    The Senior Managers & Certification Regime (SMCR) and Conduct Rules mark a new era for the UK’s beleaguered financial services industry.

    The new regime is one of the most strict individual accountability codes throughout all industries, making executives open to fines, including jail, for failure within their oversight.

    This is not only a “Compliance” thing, it is most undoubtedly an area wherein not only the board, executive committee and individual directors will need to understand what they are answerable for, but some other departments in the business as well.
    The HR function must play a central role in dealing with the processes that underpin long-term compliance. In the past, the operation concentrated on three components parts of the employee lifecycle, attracting talent, managing employment issues whilst it is there and letting it go. But the SMCR means HR needs to make sure that employees are ‘fit and proper’, manage regulatory submissions, furnish a lot more detailed regulatory references, clarify employees’ roles and help map their responsibilities, manage breaches to the conduct rules and disciplinary sanctions, and also review and incorporate the required changes to the HR lifecycle.
    To step up to its new role as the custodian of SMCR compliance from the firm’s perspective, HR should ensure significant changes are embedded all through the employee lifecycle. If they are delivered accurately, they have the potential to produce a permanent and positive difference to how the organisation is managed and driven. This can possibly be accomplished in 2 steps; by concentrating then ensuring core HR processes fit for the Senior Managers & Certification Regime and then supporting their company to accept these changes.

    Step one: Develop your core HR processes fit for SMCR

    Bulletproof record-keeping methods and technology
    The SMCR require that, in addition to making certain the employee’s current background check is sufficiently durable, firms must establish processes and systems to store employees’ records for external scrutiny over a long period. This is 6 years for all employees after they leave the firm and 10 years for senior managers because of the fully extended period of investigation and any bonus clawback. It also requires business to keep an audit trail of the actions taken if a breach of the conduct rules transpires and trail any disciplinary processes, outcomes and actions, all fitness and propriety evaluations and any training delivered around the regime.
    If possible, the Certification Regime should be addressed and managed similarly with checks that are just as robust and documentary evidence of roles, performance and decision making of all of those in a position of causing harm to the company. Certificated and even non-certificated staff (excluding ancillary staff) are also obligated to adhere to the FCA Code of Conduct rules (COCON).
    If a breach does arise, it is HR’s responsibility to prove that appropriate record-keeping processes and tools remain in place to flag any misconduct. Information should also be shared in a timely manner with internal stakeholders, such as audit and compliance, and the regulator.
    Currently, record-keeping is variable across the financial services sector, with standards across companies varying considerably. So, even though the extent to which employee records might be shared is still to be defined legally, organisations need to be sure their record-keeping processes and tools are embedded and foolproof.
    Control breaches and suspected breaches
    A breach will definitely lead to one or several senior managers coming under scrutiny and potentially being suspended, impacting business as usual and intensifying the level of anxiety among staff and management. The HR function must be totally ready to reply to the human and the business impact concerning this.
    From the employee’s perspective, being under investigation can possibly be frustrating and negatively impact a career and reputation, whether or not proven innocent. The onus lays on the FCA to prove deception or incompetence, they have to carry the burden of proof, but companies should be crystal clear where responsibility lies for giving assistance to employees during an investigation and what type of support may possibly be offered. The business’s management need to also update job descriptions to make sure an appointed individual is responsible for taking care of such events, and has acquired not only the appropriate training and coaching to do so efficiently, but also the appropriate Management Information (MI) to make them aware of any issues.
    Breach scenarios are a great way for you to see how your organisation would react if one occurred. Designing tailored answers, as well as creating a rapid response team that is trained to manage such events, could all be necessary activities.
    Align performance management.
    The regime’s requirements mean enterprises must have a performance review process that ensures their employees are ‘fit and proper’. Especially, the process should assess fitness and propriety throughout the year, not just at an annual review. This is a good incentive for companies to take stock of their yearly performance review processes, and may produce significant changes to how and when they evaluate their people, and integrate them with the necessary regime checks.
    Train those at the top
    For senior managers, the focus of training should be on rolling out a corporate framework and adapted leadership development programme that enables them to evidence their ‘reasonable steps’ obligations. Ongoing stress tests and scenario analysis will likely help senior managers make the appropriate improvements to their overall governance, controls and delegations as their business or functional units evolve within the business. This will make sure the correct training, decision making etc. is in place and raise any potential issues.

    Step two: Support the firm’s culture and values

    Attract talent and enhance the corporate brand
    Tarnished by bad press and a catalogue of scandals, the financial services industry has been struggling to attract needed talent.
    The new regulations provide an unmissable opportunity to improve the reputation of the financial services industry as a whole, and the winners will be organisations that have completely embraced and embedded the required changes to a degree that positively impacts their employer brand. Carried out correctly, these changes could even improve public perception of the corporate brand.
    Redefine culture
    Under SMCR, encouraging a culture of compliance and risk management has become a directed responsibility for the board and senior managers. A standardised and transparent operational risk framework is essential to these changes. As Tracey McDermott, the former Director of Enforcement and Financial crime at the FCA, said: “We are beginning to rebuild a culture within financial services that is more centred on consumer needs, with a regulator in place that has the right tools and approach, to uphold and encourage the standards the public has the right to expect.”
    It’s likely that every financial services business is going to be individually assessed on culture by the regulators. They will determine if there are any improvements in areas like individual accountability, remuneration, conduct rules and whistle-blowing, and whether senior management are proving the right values and behaviours. This will require a broad set of internal stakeholders from across the business to come together, including those of different generations or rank, under the close sponsorship of board members. These stakeholders must pay attention to identifying priority areas where improvements really need to happen, following through on changes created to make accountability a core component of the company.
    To overcome the challenges of SMCR and incorporate its great potential, organisations must begin by upskilling their HR, Compliance and Risk teams on all SMCR conditions as early as possible to see to it nothing falls into any cracks and to drive real and lasting change. Only by doing this can business ensure regime compliance and, most critically, gain the organisation advantages and benefits that an increase in ownership and accountability will drive.
    We have inexpensive and practical scalable software available that will centrally and securely manage each of these areas for you and reduce time wasted on keeping personalised, individual logs, review evidence, download and access “footprint” trails, that are often impossible with the average PC based systems and nested folders.

    To talk with one of our experts about how we can help your company respond to the SMCR, or adapting our skills to any industry or enterprise, contact us today.

    Other Posts you ay find of interest
    Senior Managers & Certification Regime https://wp.me/p7OMfd-2mj
    SMCR: Client dealing function CF30 https://wp.me/p7OMfd-2n4
    Head of Legal https://wp.me/p7OMfd-2mm
    Systems & Controls https://wp.me/p7OMfd-2nb
    SMCR: Intermediary revenue criteria for the enhanced tier https://wp.me/p7OMfd-2n7
    SMCR: Limited Scope Firms https://wp.me/p7OMfd-2nd
    Lee Werrell Chartered FCSI
    Compliance Doctor
    0207 097 1434.
    http://ComplianceDoctor.co.uk

    SMCR: is your HR function prepared for good results

    The Senior Managers & Certification Regime (SMCR) and Conduct Rules mark a new era for the UK’s beleaguered financial services industry. The new regime is one of the strictest individual accountability edicts throughout all industries, resulting in executives open to punishments, including jail, for failure beneath their oversight.

    This is not merely a “Compliance” thing, it is most definitely an area wherein not only the board, executive committee and individual directors ought to appreciate what they are accountable for, but some other teams in the business as well. The HR operation must play a main role in handling the processes that underpin long-term compliance.

    Historically, the operation focused on three parts of the employee lifecycle, drawing in talent, taking care of employment issues whilst it is there and letting it go. But the SMCR means HR has to ascertain employees are ‘fit and proper’, manage regulatory submissions, present much more detailed regulatory references, clarify employees’ roles and help map their responsibilities, manage breaches to the conduct rules and disciplinary sanctions, and even review and carry out the necessary changes to the HR lifecycle.
    To rise to its new role as the protector of SMCR compliance from the firm’s perspective, HR should ensure that important changes are embedded across the employee lifecycle. If they are produced successfully, they have the potential to make a permanent and positive difference to how the business is managed and controlled. This can be obtained in 2 steps; by focusing then producing core HR processes suitable for the Senior Managers & Certification Regime and then supporting their company to welcome these changes.

    Step one: Make your core HR processes suitable for SMCR

    Bulletproof record-keeping methods and technology
    The SMCR demands that, as well as making certain the employee’s current background check is sufficiently strong, business must develop processes and systems to store employees’ records for external scrutiny over a lengthy period. This is six years for all employees after they leave the organisation and 10 years for senior managers thanks to the fully extended period of investigation and any bonus clawback. It also necessitates business to keep an audit trail of the actions taken if a breach of the conduct rules takes place and track any disciplinary processes, outcomes and actions, all fitness and propriety reviews and any training delivered around the regime.
    If at all possible, the Certification Regime should be handled and managed similarly with checks that are equally as robust and documentary evidence of functions, performance and execution of any of those in a position of causing harm to the company. Certificated and even non-certificated staff (excluding ancillary staff) are also obligated to comply with the FCA Code of Conduct rules (COCON).
    If a breach does take place, it is HR’s responsibility to demonstrate that appropriate record-keeping processes and tools reside in place to flag any misconduct. Information should also be provided in a timely manner with internal stakeholders, for instance, audit and compliance, and the regulator.
    Currently, record-keeping is patchy across the financial services sector, with standards across businesses varying considerably. So, though the extent to which employee records may be shared is still to be defined legally, business need to see to it their record-keeping processes and tools are embedded and flawless.
    Control breaches and suspected breaches
    A breach will cause one or several people coming under scrutiny and potentially being suspended, impacting business as usual and intensifying the level of anxiety among staff and management. The HR function must be fully ready to address the human and the business impact concerning this.
    From the employee’s point of view, being under investigation could be overwhelming and detrimentally impact a career and reputation, even if proven innocent. The onus is on the FCA to prove deception or incompetence, they will have to carry the burden of proof, but companies should be clear where responsibility lies for giving assistance to employees during an investigation and what sort of support could be offered. The company’s management need to also update job descriptions to make sure an appointed individual is responsible for dealing with such events, and has obtained not only the appropriate training and coaching to do so effectively, but also the appropriate Management Information (MI) to make them knowledgeable about any issues.
    Breach scenarios are a wonderful way for you to see how your organisation would react if one arose. Designing tailored answers, in addition to creating a rapid response team that is trained to manage such events, could all be necessary actions.
    Align performance management.
    The regime’s requirements mean organisations must have a performance review process that ensures their employees are ‘fit and proper’. Especially, the process should assess fitness and propriety throughout the year, not just at an annual review. This is a good incentive for firms to take stock of their yearly performance review processes, and may cause significant changes to how and when they evaluate their people, and integrate them with the necessary regime checks.
    Train those at the top
    For senior managers, the focus of training should be on presenting a corporate framework and tailored leadership development programme that enables them to evidence their ‘reasonable steps’ commitments. Ongoing stress tests and scenario analysis will definitely help senior managers make the appropriate enhancements to their overall governance, controls and delegations as their business or functional units evolve within the company. This will assure the correct training, decision making etc. is in place and raise any potential issues.

    fca template compliance manual risk management fca handbookStep two: Support the company’s culture and values

    Attract talent and enhance the corporate brand
    Tarnished by bad press and a catalogue of scandals, the financial services industry has been striving to attract needed talent.
    The new regulations provide an unmissable opportunity to improve the reputation of the financial services industry as a whole, and the winners will be organisations that have fully embraced and embedded the required changes to a degree that positively impacts their employer brand. Carried out correctly, these changes could even improve public perception of the corporate brand.
    Redefine culture
    Under SMCR, ensuring a culture of compliance and risk management has become a prescribed responsibility for the board and senior managers. A standardised and transparent operational risk framework is key to these changes.
    As Tracey McDermott, the former Director of Enforcement and Financial crime at the FCA, said: “We are beginning to rebuild a culture within financial services that is more centred on consumer needs, with a regulator in place that has the right tools and approach, to uphold and encourage the standards the public has the right to expect.”
    It’s likely that every financial services company is likely going to be individually assessed on culture by the regulators. They will determine if there are any improvements in areas for example, individual accountability, remuneration, conduct rules and whistle-blowing, and whether senior management are displaying the right values and behaviours. This will require a broad set of internal stakeholders from across the business to come together, involving those of different generations or rank, under the close sponsorship of board members. These stakeholders must target identifying priority areas where improvements really need to happen, following through on changes developed to make accountability a core section of the business.
    To overcome the challenges of SMCR and incorporate its great potential, organisations must begin by upskilling their HR, Compliance and Risk teams on all SMCR needs as early as possible to be sure nothing falls into any cracks and to drive real and lasting change. Only by doing this can organisations ensure regime compliance and, most critically, gain the company advantages and benefits that an increase in ownership and accountability will drive.

    We have affordable and practical scalable software available that will centrally and securely manage all of these areas for you and reduce time wasted on keeping personalised, individual logs, review evidence, download and access “footprint” trails, that are often impossible with the average PC based systems and nested folders.

    To speak to one of our experts about how we can help your firm respond to the SMCR, or adapting our skills to any industry or enterprise, contact us today.

    You may also be interested in
    Senior Managers & Certification Regime https://wp.me/p7OMfd-2mj
    SMCR: Client dealing function CF30 https://wp.me/p7OMfd-2n4
    Head of Legal https://wp.me/p7OMfd-2mm
    Systems & Controls https://wp.me/p7OMfd-2nb
    SMCR: Intermediary revenue criteria for the enhanced tier https://wp.me/p7OMfd-2n7
    SMCR: Limited Scope Firms https://wp.me/p7OMfd-2nd
    Lee Werrell Chartered FCSI
    Compliance Doctor
    0207 097 1434
    smcr supplement compliance manual insurer

    SMCR: Your Action Points

    SMCR-Senior-Managers-certification-regime-fca

    This post summarises the steps which core and limited scope and enhanced firms are likely to have to take in order to adhere to the regime. To promote internal discussion and planning around these changes, we summarise a few of the steps which will be required relative to SMCR.

    Although only senior managers have to evidence their compliance with the SMCR, virtually every member of staff within a financial services firm has to have had their professional competence certified, CPD assessed and their conduct evaluated at least annually. Again, this should be documented and reported on to the FCA.

    Who does this apply to?
    So banks have had to meet these standards for the past couple of years but now the rules have been extended to cover almost all Financial Services Firms from Insurers to IFA’s, essentially it will apply to all FSMA authorised firms. It also applies to branches of non-UK firms with permission to carry out regulated activities in the UK.
    The FCA have created three new classifications to allow the requirements to be applied in line with potential risk. Enhanced which, will have expected to meet requirements that are similar to the banking SM&CR rules; Core (which applies to the majority) and Limited Scope who will have a lighter set of requirements. The regime applies per legal entity so if you have more than one legal entity in your firm then you need to apply the regime to each one, again adding complexity and admin so you may want to consider a system like ours.
    What are the requirements?
    We have summarised these below
    fca template compliance manual risk management fca handbookEnhanced Firms have 17 SMF’s; 12 Prescribed Responsibilities and some additional Overall Responsibilities. Full details are in Chapter 7 of the FCA paper itself.
    Core Firms have 6 SMF’s to report on which comprise of 4 Governing Functions namely Chief Executive; Executive Director; Partner; Chair and 2 Required Functions; Compliance Oversight and Money Laundering Reporting Officer. There are also 5 Prescribed Responsibilities that must be given to Senior Managers and an additional responsibility for Authorised Fund Managers if relevant– remember to duplicate this for each legal entity!
    Limited Firms have 3 SMF’s, SMF 29, Limited Scope Function; SMF16, Compliance Oversight; SMF 17, Money Laundering Officer. The Governing Functions will depend on specific permissions and activities and the FCA direct you to their handbook to read about these. No Prescribed Responsibilities apply to Limited Scope firms.
    Implementation of the SMCR rules – your action points:
    • Identify appropriate business functions and business areas across all entities that are within the regime as relevant authorised persons. This includes identifying the FCA’s 27 categories of activity are already allocated
    • Identify current Significant Influence Function (SIF) holders of relevant entities and consider how they will be grandfathered over into new roles under the new regime. Confirm these are suitable.
    • Identify any territorial scope issues relating to the location of key personnel and teams.
    • Review current organisational charts and reporting lines for all impacted entities to collaborate in analysis of which individuals will have total responsibility for key functions by reporting to the Board and which individuals are senior but do not require to be approved as Senior Managers within the key business area function. In complex groups review reporting lines out of the UK or into the UK and to group entities. Roles that have dual responsibility actually carry 100% responsibility each.
    • If reporting lines and organisational charts are not fully up to date or detailed, update to ensure they reflect the status before overlaying the new SMCR regime requirements.
    • Identify who will perform FCA SMFs (regardless structure of business).
    • Identify applicable responsibilities and functions for every Senior Manager.
    • Assess and map application of SMFs to business model.
    • Propose relevant re-organisation of structure to meet requirements relative to allocation of responsibility, where necessary.
    • Consult and agree with individual employees on the relevant responsibilities.
    • ( If necessary) restructure business areas reporting to Senior Managers in order to reach agreement relative to Statements of Responsibilities.
    • Draft template Statements of Responsibilities for different Senior Managers, where possible based upon existing job descriptions or any model statements provided by guidance from the regulators or elsewhere to follow requirements.
    • Ensure Statements of Responsibilities take into consideration collective decision-making and delegation where appropriate.
    • Implement reorganisation and change of reporting lines as required.
    • Establish processes for recruitment of Senior Managers which ensure that fitness and propriety, training and other issues have been taken into account ahead of time.
    • Establish processes for annual assessment of Senior Managers.
    • Possible recruitment for flexible, multi-availability with capacity, temporary compliance consultants to manage processes, including project management.
    • Educate Senior Managers on their responsibilities and processes and establishing processes for Senior Managers in regard to delegation.
    • Formulate plan for engagement with FCA in relation to approval process.
    • Draft forms for submission to FCA for approval.
    compliance consultants london apcc compliance consulting firms in london fsmaFor Enhanced Firms only:
    • Write out firm management responsibilities map. In complex groups ensure that this takes proper account of relationships with other group entities for business silos.
    • Ensure that there is a Senior Manager with responsibility in every activity, business area and management function in the firm.
    • Ensure Statement of Responsibilities dovetailed holistically across all Senior Managers in addition to working at an individual level, ensuring that there are no gaps in or duplications of responsibilities.
    • Review and/or implement policy for handover procedures, laying out what information a new Senior Manager will have to hand when replacing a predecessor.
    If you are a UK authorised firm, Compliance Consultant specialise in UK Regulatory Financial Services Governance Risk & Compliance, and can assist your firm in the preparations for the SM&CR. Just search Google for “Compliance Consultants, London” and look for our tag on Google Maps (we’re usually # 1).

    We can assist in your governance monitoring and general compliance and risk management for an inexpensive solution and help you create the reports and responses you may need in differing situations. Call today!

    Other blog posts on SMCR
    Senior Managers & Certification Regime https://wp.me/p7OMfd-2mj
    SMCR: Client dealing function CF30 https://wp.me/p7OMfd-2n4
    Systems & Controls https://wp.me/p7OMfd-2nb
    SMCR: Intermediary revenue criteria for the enhanced tier https://wp.me/p7OMfd-2n7
    SMCR: Limited Scope Firms https://wp.me/p7OMfd-2nd
    Lee Werrell Chartered FCSI
    Compliance Doctor
    0207 097 1434

    SMCR: is your HR service prepared for good results

    The Senior Managers & Certification Regime (SMCR) and Conduct Rules mark a new era for the UK’s beleaguered financial services industry.

    The new regime is one of the strictest individual accountability guidelines across all industries, leaving executives vulnerable to penalties, including jail, for failings beneath their oversight.

    This is not only a “Compliance” thing, it is most certainly an area in which not only the board, executive committee and individual directors must definitely appreciate what they are liable for, but other teams in the business likewise. The HR function must play a principal role in dealing with the processes that underpin long-term compliance. In the past, the function paid attention to three components of the employee lifecycle, drawing in talent, taking care of employment issues whilst it is there and letting it go. But the SMCR means HR has to make sure employees are ‘fit and proper’, manage regulatory submissions, supply added detailed regulatory references, clarify employees’ roles and help map their responsibilities, manage breaches to the conduct rules and disciplinary sanctions, and even review and employ the required changes to the HR lifecycle.
    To rise to its new role as the protector of SMCR compliance from the firm’s perspective, HR should be sure significant changes are embedded across the employee lifecycle. If they are created appropriately, they have the potential to produce a permanent and positive difference to how the firm is managed and run. This can possibly be obtained in two steps; by focusing then creating core HR processes fit for the Senior Managers & Certification Regime and after that supporting their business to welcome these changes.

    Step one: Craft your core HR processes fit for SMCR

    compliance consultants london apcc compliance consulting firms in london fsmaBulletproof record-keeping procedures and technology
    The SMCR require that, in addition to making sure that the employee’s current background check is sufficiently effective, companies must develop processes and systems to store employees’ records for external scrutiny over a lengthy period. This is six years for all employees after they leave the organisation and ten years for senior managers due to the fully extended period of investigation and any bonus clawback. It also demands organisations to keep an audit trail of the actions taken if a breach of the conduct rules takes place and trail any disciplinary processes, outcomes and actions, all fitness and propriety reviews and any training delivered around the regime.
    Ideally, the Certification Regime should be handled and managed the same way with checks that are exactly as robust and documentary evidence of duties, performance and decision making of all of those in a position of causing harm to the firm. Certificated and even non-certificated staff (excluding ancillary staff) are also required to follow the FCA Code of Conduct rules (COCON).
    If a breach does arise, it is HR’s responsibility to demonstrate that appropriate record-keeping procedures and tools remain in place to flag any misconduct. Information should also be provided in a timely manner with internal stakeholders, including audit and compliance, and the regulator.
    Currently, record-keeping is patchy across the financial services sector, with standards across businesses varying considerably. So, although the extent to which employee records may be shared is still being defined legally, companies need to see to it that their record-keeping processes and tools are embedded and reliable.
    Handle breaches and suspected breaches
    A breach will certainly cause one or several senior managers coming under scrutiny and potentially being suspended, impacting business as usual and raising the level of anxiety among staff and management. The HR function must be fully ready to address the human and the business impact concerning this.
    From the employee’s standpoint, being under investigation may possibly be overwhelming and negatively impact a career and reputation, whether or not proven innocent. The obligation lays on the FCA to prove deception or incompetence, they will need to carry the burden of proof, but businesses should be very clear where responsibility lies for providing assistance to employees during an investigation and what form of support may possibly be offered. The firm’s management need to also update job descriptions to ensure an appointed individual is accountable for handling such events, and has obtained not only the appropriate training and coaching to do so effectively, but also the appropriate Management Information (MI) to make them aware of any issues.
    Breach scenarios are a great way for you to see how your company would react if one developed. Designing tailored answers, and also creating a rapid response team that is trained to manage such events, could all be necessary actions.
    Align performance management.
    The regime’s requirements mean businesses must have a performance review process that ensures their employees are ‘fit and proper’. Particularly, the process should assess fitness and propriety throughout the year, not just at an annual review. This is a good incentive for companies to examine their yearly performance review processes, and may lead to significant changes to how and when they evaluate their people, and integrate them with the necessary regime checks.
    Train those at the top
    For senior managers, the focus of training should be on rolling out a corporate framework and adapted leadership development programme that allows them to evidence their ‘reasonable steps’ obligations. Ongoing stress tests and scenario analysis will definitely help senior managers make the appropriate improvements to their overall governance, controls and delegations as their business or functional units evolve within the company. This will make certain the correct training, decision making etc. is in place and raise any potential issues.

    Step two: Support the company’s culture and values

    fca template compliance manual risk management fca handbookAttract talent and enhance the corporate brand
    Tarnished by bad press and a catalogue of scandals, the financial services industry has been battling to attract needed talent.
    The new regulations provide an unmissable opportunity to boost the reputation of the financial services industry as a whole, and the winners will be companies that have completely embraced and embedded the required changes to a degree that positively impacts their employer brand. Performed correctly, these changes could even improve public perception of the corporate brand.
    Redefine culture
    Under SMCR, boosting a culture of compliance and risk management has become a required responsibility for the board and senior managers. A standardised and transparent operational risk framework is vital to these changes. As Tracey McDermott, the former Director of Enforcement and Financial crime at the FCA, said: “We are beginning to rebuild a culture within financial services that is more centred on consumer needs, with a regulator in place that has the right tools and approach, to uphold and encourage the standards the public has the right to expect.”
    It’s likely that every financial services business is likely going to be individually assessed on culture by the regulators. They will determine if there are any improvements in areas for instance, individual accountability, remuneration, conduct rules and whistle-blowing, and whether senior management are showing the right values and behaviours. This will require a broad set of internal stakeholders from across the business to come together, incorporating those of different generations or rank, under the close sponsorship of board members. These stakeholders must work on identifying priority areas where improvements really need to happen, following through on changes developed to make accountability a core component of the business.
    To overcome the challenges of SMCR and seize its great potential, organisations must begin by upskilling their HR, Compliance and Risk teams on all SMCR demands as early as possible to ensure that nothing falls into any cracks and to drive real and lasting change. Only by doing so can companies ensure regime compliance and, most critically, gain the organisation advantages and benefits that an increase in ownership and accountability will drive.
    We have affordable and practical scalable software available that will centrally and securely manage each of these areas for you and reduce time wasted on keeping personalised, individual logs, review evidence, download and access “footprint” trails, that are often impossible with the average PC based systems and nested folders.

    To speak to one of our experts about how we can help your firm respond to the SMCR, or adapting our skills to any industry or enterprise, contact us today.

    Other posts that may interest you
    Senior Managers & Certification Regime https://wp.me/p7OMfd-2mj
    SMCR: Client dealing function CF30 https://wp.me/p7OMfd-2n4
    Head of Legal https://wp.me/p7OMfd-2mm
    Systems & Controls https://wp.me/p7OMfd-2nb
    SMCR: Intermediary revenue criteria for the enhanced tier https://wp.me/p7OMfd-2n7
    SMCR: Limited Scope Firms https://wp.me/p7OMfd-2nd
    Lee Werrell Chartered FCSI
    Compliance Doctor
    0207 097 1434
    compliance consultants london apcc compliance consulting firms in london fsma compliance guru

    Underpinning better decision-making by utilising Effective Management information for conduct risk

    compliance doctor consultants london fca handbook

    The philosophy of “conduct risk” has bubbled to the top of firms’ and regulators’ agendas in the last few years. In the UK, the FCA presumes conduct risk management to become implanted into firms’ risk management frameworks, maintained by suitable management information (MI).

    Developing on ongoing regulatory and supervisory expectancies and our years of experience of what works well in operations at firms, ten principles of strong conduct risk MI have been identified that our team believe serve as a stable basis for conduct risk MI across all financial services firms and sectors.

    The 10 principles of strong conduct risk MI are;
    • Linked to strategy, culture and risk management framework
    • Outcomes-focused
    • Holistic and used to support analysis of trends
    • Forward-looking
    • Efficient and proportionate
    • Accurate and timely
    • Measured and reported on at an appropriate frequency
    • Comprehensible and traceable
    • Supports open communication and challenge
    • Acted upon and recorded
    Associated to strategy, culture and risk management framework
    Conduct risk MI is taken into consideration when the firm looks at its strategy and the business puts in place a process to evaluate the conduct risk MI it accumulates, if the strategy or business environment should evolve (e.g. due to the economy, developments in policy and regulation, or technology).
    Conduct risks are managed with the same rigour, and given the same priority, as prudential risks.
    A series of indicators are used to inform senior management on how productively the firm’s culture has been embedded. Conduct risk MI is used as a part of performance appraisals and in taking into account staff remuneration and promotions, for instance, as part of a balanced scorecard.
    Firms continue to develop conduct risk appetite statements for key risks and report MI against conduct risk appetite limitations and triggers.
    Outcomes-focused
    As a part of the product governance approach, firms articulate what a good outcome might be for the target end client, as well as the inherent risks of the service or product, and identify the MI they need to oversee this.
    MI enables a consultation of whether good outcomes are achieved routinely, for instance, through monitoring whether the product offers value for money, as opposed to just concentrating on whether poor outcomes are avoided.
    Deep-dive inspections, mystery shopping, customer sales reviews, branch visits and other activities are often used to enhance an understanding of the product and services from the client’s perspective.
    Not necessarily all conduct risk metrics must be outcomes-focused, as firms need a package of metrics to accumulate an overall image of conduct risk. Such as, it is still crucial to receive MI on customer satisfaction, despite the fact that, on its own, this does not necessarily indicate a good customer outcome.
    fca template compliance manual risk management fca handbookHolistic and in support of trend analysis
    Enterprises use a suite of MI, based on an appraisal of what is needed, rather than what is readily obtainable through existing systems and processes, so that a combination of indicators is measured and used to identify potential problems to be investigated further. Using existing risk or control indicators may only provide a skewed view of the situation. We always encourage firms to set an ideal scenario and employ back from the future thinking.
    MI is analysed in different ways to identify trends:
    • Over a period of time (consistent on a period-to-period basis) e.g. to identify increases in complaints over time for a product;
    • Across products e.g. to identify products with comparatively low claims ratios or low investment returns;
    • Across business lines e.g. looking at breaches of conflicts of interest policies in different departments in the business; and
    • Focusing on one team or individual e.g. considering a variety of indicators from a trading desk to identify patterns.
    Forward-looking
    MI reports on possible and emerging conduct risks, in addition to crystallised risks, for instance, monitoring whether a product is promoted to the target audience.
    The firm takes into consideration the emerging conduct risks and trends from the FCA, e.g. those highlighted in the Risk Outlook, and also lessons learned from previous mis-selling scandals or other regulatory enforcement action, and discusses whether any realignments are needed to MI and whether latest MI suggests there may be complications that call for additional investigation. As an example, when the FCA’s Risk Outlook for 2014 highlighted that house price growth may generate conduct issues, firms that provide mortgages should have focused on, as an example, affordability and equity release loans.
    The firm is starting to use analytics tools to link data and enable identity of underlying conduct risks, for example, linking post codes with types of mortgages sold and house price growth in the area to understand the risk of customers falling into arrears or the risk of customers being sold an unsuitable product. Many firms will already have this data for credit risk purposes.
    Efficient and proportionate
    The business takes a risk-based approach to reporting MI to prevent a torrent of information; information that would not provide value to senior management is not included in MI.
    There is a clear delineation of the purpose of conduct risk MI from other MI to eliminate duplication and overlap.
    compliance consultants london apcc compliance consulting firms in london fsmaAccurate and timely
    Decisions are made based upon the right information, collected sufficiently quickly after the relevant business activity has transpired, to enable action.
    The second and third lines of defence are participating in open conversations with the business on expectations in connection with the quality and timeliness of data and what is obtainable.
    Internal Audit reviews the process governing how MI is collected, analysed and reported, and managers review and sense-check information on a sampling basis.
    Measured and reported on at an appropriate frequency
    To allow practical, in lieu of just reactive responses, conduct risk MI is provided to senior management as a component of monthly, quarterly and annual reporting (as agreed with senior management), and on an ad hoc basis e.g. where risk appetite triggers are breached.
    The firm’s resources, systems and processes allow satisfactory versatility in the frequency with which MI is measured and reported; if necessary, data can be aggregated quickly.
    Comprehensible and traceable
    Senior management is in receipt of clear and concise MI that feature the key messages and risks in an easily digestible format; it is possible to drill down into the information for further detail and to trace where the information was derived.
    Conduct risk MI includes a mix of both quantitative and qualitative analysis, which is accompanied by remarks that explain what the MI means, why any conduct risk issues have developed and how substantial they are, how MI was measured (including any limitations), and the proposed actions.
    Supports open communication and challenge
    Senior Managers discuss and question ratings across the ‘Red Amber Green’ (RAG) rating spectrum, in lieu of just focusing on ‘red’ ratings, and drill down into the analysis to prove risk ratings.
    Firms ensure robust thresholds to avoid just ‘green’ and ‘amber’ ratings being reported, giving an untrue sense of comfort.
    Anomalous or unexpected results are challenged and verified e.g. higher than anticipated sales volumes in certain products, or continued successful market predictions from a certain trading desk.
    Senior management openly examines and seeks to understand weak spots in how MI is collected and analysed.
    Acted upon and recorded
    Once prospective, emerging and crystallised conduct risks are identified, the source are investigated and actions are tracked and evaluated to ensure they addressed the risks.
    Conduct risk MI includes reporting on agreed remedial action and whether the action addressed the conduct risk effectively.
    An audit trail is maintained detailing how areas of concern acknowledged within conduct risk MI have been acted upon and monitored.
    If you have any queries, please call us on 0207 097 1434
    Lee Werrell Chartered FCSI
    Compliance Doctor
    fca authorisation consultant specialist compliance

    Significant Rise In RegTech Costing Forecast By 2023

    values compliance consultant london compliance framework annual monitoring plan

    This is according to a new report from Juniper Research, which estimates that spending on RegTech solutions, specifically, will escalate from an estimated $18bn (₤ 14bn) this year to $115bn (₤ 100bn) by 2023.

    Financial commitment is forecast to go up by an average of 45% per annum over the next five years, far more than the 17% invested in compliance as a whole, reflecting a rapid change far away from traditional compliance options.

    The Regulatory Compliance Paradox
    The aggregated expense of regulatory compliance around the financial business sector is approaching $80BN globally. Yet compliance specific risks continue being at all-time highs.
    Why would this be? Solely due to new regulations recommended immediately after the 2008 financial crisis mandate firms to gather, aggregate and fca template compliance manual risk management fca handbookreport unprecedented amounts of data, and combine complicated principles into their business operations. And yes, these rules are open to diverging translations and not consistently harmonised globally. But at the source of the enigma is the industry’s severe state of technology fragmentation: often within a single organisation, the same data is presented in many different ways using many different systems.
    This can commonly cause highly complex regulatory setups that have escalated in to uninhibited costs, even so without having certainty of compliance: exactly how do you prove obedience to a rule, when the reasoning is hidden deep into a maze of inconsonant systems? This opacity at the same time challenges regulators’ supervisory mandate and might potentially affect market transparency.
    Having this rise in complication and antiquated systems showing the existentialist and antique beliefs, it is predicted that RegTech will represent 40% of businesses total compliance spending by the year 2023.
    The conclusions arrive as businesses start adhering to General Data Protection Regulation (GDPR), which came into law earlier this year and could possibly hit companies with fines worth up to 4% of their global annual turnover.
    “Any heavily regulated business sector not prioritising RegTech adoption would risk damaging fines from failing to keep pace with regulatory changes,” Juniper warned.
    After checking multiple technologies for estimated timescale of consequences and costs barriers, Juniper concluded that cloud computing is currently one of the most disruptive force in the RegTech sector.
    The most recent report argues that transitioning to cloud-based compliance is a “crucial precursor” to other regulatory modern technology approaches, for instance, artificial intelligence and big data.
    “Unless businesses effectively plan the correct cloud deployments, they will struggle to utilise the advanced technologies required to meet future compliance challenges,” Juniper said.
    This comes after Claranet UK found that over half of the UK’s financial sector is at this time struggling to understand and act upon the customer data they accumulate.
    Legacy systems are considered to be one of the main reasons behind the findings, with cloud technologies indicated as a way of remedying the predicament. Traditional spreadsheet systems have lots of inherent risks and need to be migrated to a more powerful and scalable system, because as we all know, if we don’t grow; our businesses, continue to adapt to new ways of operating, our business will become hardly a footnote in history.
    Lee Werrell
    Compliance Doctor
    compliance consultants london apcc compliance consulting firms in london fsma compliance guru