Tag Archives: compliance

EMI Compliance Manual Template

OK, So Why Should I Need A Compliance Manual?

For any Compliance Officer or SMF16 who has been in the UK financial services industry for any more than a year, this document is important.

Critically they will know that one of the first documents that they, as well as all staff, have to read and attest to having done so, is the Company Compliance Manual.

Although this is not a regulatory requirement …

 it is becoming a regulatory expectation!

There are a number of elements that the regulators not only expect to be documented, but also somewhere that explains the rationale behind the way company’s manager their risks. This would clearly be best summarised in a regulatory Operational or Compliance Manual.

The Regulator expects a firm to have a personalised and firm-specific compliance operating procedures manual pertinent to the firm and embedded within its processes and culture.

Most on-line and centrally maintained manuals offered by some consultancies are considered NOT to be personalised, firm specific OR relevant enough to the individual firm.

Similar Products bought by IFAs, Private Banks, GI Brokers, Payment Providers, MSBs, EMIs, Portfolio and Asset Managers and others!

Only £400+ VAT!

If You Know Our Quality Already

Buy Now

Or

SEE FULL DETAILS BY CLICKING THE BUTTON BELOW!

 

You will need a zip decompression tool such as 7-Zip (Free) available at www.7-zip.org/download.html or Winzip (Free version) available at free.winzip.com


An additional function is where the firm can articulate how they expect the staff to operate and the standards that they are expected to adhere to.

But what do I put in it?

Often Compliance Manuals can be used to document the sales process for adviser’s to follow including, for example, transaction only clients.

There has to be  clear distinction for specific procedures and, for example when to assess a client for appropriateness when they refuse to provide sufficient details for suitability.

We do not suggest you fill your Compliance Manual with just processes as it is a valuable place to store certain high level explanations of policies such as the Data Protection Act, Bribery Act, Outsourcing Policy and Whistleblowing protocols.

Additionally this invaluable document can be used to point to other company documents such as policies and forms or other constantly updated items such as the Anti-money Laundering and Terrorist Financing procedures or even areas such as your Approved Persons Policy or possibly additional changes from Euroland.

SEE FULL DETAILS BY CLICKING THE BUTTON BELOW!

 

UK Financial Services Compliance ‘Premium Access Retainer Service’

 

We offer a Premium Access Retainer Service

Providing Your Firm With Fast, Accurate, Experience Based Quality Answers So You Can Move Ahead With Your Business Efficiently and Profitably.

We have a bespoke service starting from £600 pm.

Our Full Services Obviously Has The Following 11 Benefits;

  1. You will get a response within 3 hours by phone or email/text.

  2. From PBR, S165 or S166 (we were appointed as skilled persons in 2012), we will advise and make recommendations regarding what is required.

  3. Your issues take priority over other work whilst we respond to your query; additional research or further work that may be required will be quoted on.

  4. Products like our best-selling Compliance Manual/AML Policy & Procedures are provided at a heavy discount typically around 40%.

  5. Any services we offer is again heavily discounted from 5  – 20%.

  6. Normal service is mainstream hours Monday to Friday but weekends and evenings are ad-hoc, although we often can be found working into the night or across the weekends at some point. Holidays excepted, but happy to take emergency calls.

  7. You will receive a monthly “Statement of account” before the next billing cycle or after a purchase.

  8. We work on a first come, first served basis, so anyone paying ‘Premium Retainer’ for the longer time, gets priority over the other Premium Retainer clients – if push comes to shove and we are snowed under.

  9. We occasionally have marketing promotions, and you get free gifts and/or free or heavily discounted event tickets for anything run by us.

  10. Also available for discussions on business strategy and marketing; areas we are also often asked about.

  11. 30 min telephone/video call per month to discuss your regulatory needs or issues.

We only take on a maximum of 12 new clients per quarter. If you are too late for this quarter, we

 

will add you to the list for the next quarter on a first-come-first-served basis.

Monthly cost = £1,150 subject to firm size of less than 20 staff inc directors/partners.

    Ongoing Obligations for FCA Authorised Investment Firms

    So What Are The Ongoing Requirements After FCA Authorisation?

    There are a number of areas that firms should pay attention to and be accurate in the monitoring and reporting of post FCA Authorisation or Registration. The video below explains generic requirements but you need to discuss your specific issues with us, Compliance Consultant, on 0207 097 1434.

    Making Compliance Work: A Short Overview of Board Minutes

    Making Compliance Work: A short overview of Board Minutes

    This post considers:

    • The types of meeting minutes
    • why companies should keep board minutes;
    • what is typically discussed at a board meeting;
    • what should go into board minutes; and
    • how to draft, sign and store board minutes
    • Why do we need board minutes?

    Board minutes are needed for both legal and practical reasons.

    Under the Companies Act 2006, every company is required to take minutes of all proceedings of its directors, which must then be retained for 10 years from the date of the meeting.

    The company’s articles of association (its constitution) may also require this to be done. For example, the current form of government-prescribed articles for UK companies (which many companies choose to adopt) require directors to keep records of their decisions.

    Aside from the legal requirement to do so, there are good practical reasons for having board minutes including:

    • having a record of decisions – useful as a reminder to attendees, to brief any director who couldn’t attend the meeting, and for long term internal record purposes;
    • showing that the directors took their decisions properly, in accordance with their duties – especially if the decision might be called into question in the future.

    What is typically discussed at a board meeting?

    Executive Directors will make decisions about the day-to-day management of the company at a board meeting, often following an agenda or sample meeting minutes format. They will typically:

    • consider the minutes from the last meeting and any matters arising from them;
    • review the company’s activities and performance since the last meeting (e.g. sales reports, ongoing projects, product or technical developments, issues arising out of the company’s operations);
    • discuss the outlook for the business and strategic matters arising;
    • review the company’s financial position including performance against budget;
    • deal with any procedural matters e.g. appointment of a new board member;
    • Visiting specialist information providers, (invited in at certain key and relevant points) i.e., solicitors, compliance experts etc
      consider risks and their management (e.g. competitive landscape, supply chain issues).

     

    From time to time, it may be necessary to have a one-off board meeting to approve a key business decision such as the acquisition of a new business, the sale of one of the company’s subsidiaries, changes to the company’s share capital structure, or the taking out of a new business loan.

    Any decisions made at a board meeting would normally be made by a simple majority, with voting on a show of hands. But you should always check your company’s articles of association as these determine the voting rights at meetings.

    What should be in the board minutes?

    Although there is no set minutes of meeting format for board minutes, the following should be included as a minimum;

    • The registered name and number of the company.
    • The date, time and place of the meeting.
    • The names of the directors (and any others) that attended and details of any who sent apologies.
    • The name of the person acting as chairperson (if any).
    • Confirmation that notice of the meeting has been given and a quorum is in attendance.
    • Declarations of the directors’ interests in the matters being discussed, where required.
    • Approval of minutes of previous meeting.
    • A short narrative recording the matters discussed or approved and decisions taken at the meeting. If a resolution was passed, the minutes should record the exact text of that resolution.
    • A note of any investigation or research required by any of the company’s officers, and a precis of the remit and/or authority. For larger projects a terms of reference should be agreed as an addendum to the minutes.
    • A note of any instructions to the company’s officers e.g. to make any filings with Companies House or any other regulatory authority, or changes to the company’s statutory books and registers.
    • A note of the time limits of the company officers instructions, i.e., when they have to report back or confirm completion. If confirmation of completion is required, by what medium or process is it to be socialised within the board?

    Tips for drafting, signing and storing board minutes

    Board minutes should not be a verbatim record of everything that was said or debated. Rather, they should refer to any briefing papers considered and set out a concise description of the key points of any discussion, with enough detail for someone not present to have an understanding of the reasons for the decision.

    The board minutes can be signed by any of the directors, but are most commonly signed by the chairperson of the meeting.

    Subject to any specific requirements in a company’s articles of association, board minutes can be kept in

    (a) hard copy or
    (b) electronic form

    so long as the paper copy can be produced.

    If the minutes are not kept in bound books, the company must take precautions against falsification of the records.

    Lee Werrell, Chartered FCSI and owner of Compliance Consultant states, “As with all good compliance; it’s not what you do, it’s what you wrote down that you did and why”.

    Lee Werrell is a Governance, Risk & Compliance professional with 30 years experience in the financial services industry, including roles at board and senior executive level for banks and other distribution channels. Contact Lee on 0207 097 1434 or through the website at http://www.complianceconsultant.org.

    Brand-new FCA suggestions on operational and security risk management by Payment Services Providers (PSPs)

     

    During March 2018, the FCA released its consultation paper (CP18/6) on its proposed approach to the application of the European Banking Authority’s (EBAs) final guidelines on security strategies for operational and security risks of payments services under PSD2.

    The Latest Approach document, Version 2, was released 19th December 2018 https://www.fca.org.uk/publication/finalised-guidance/fca-approach-to-payment-services-electronic-money-2017.pdf

    Generally, the documents do not tell us much we did not already have knowledge of. Having said that, it does announce a new and important requirement for PSPs to report to the FCA on an annual basis, and submit an updated risk evaluation of the operational and security risks pertaining to the payment services they give.

    compliance consultants london apcc compliance consulting firms in london fsmaThe Background
    Under PSD2, payment service providers are required to establish an effective operational and security risk management framework relating to the payment services they provide. The EBA published its final Guidelines on 12 December 2017. It has then been up to the FCA to carry out this requirement into national law and to announce reporting requirements.
    The proposal takes the form of a direction that all PSPs are to adhere to the EBA Guidelines and a new Chapter 18 in the FCA’s payment services and e-money Approach Document, as well as additions to Chapter 13 of the Approach Document. The new Chapter 18 is designed to highlight areas in which the FCA has determined the potential for particular operational and security risk priorities, including relating to the way payment accounts are accessed for the functions of account information services (AIS) and payment initiation services (PIS), and on its expectations where PSPs work with 3rd parties.
    Changes will also be made to the FCA’s Supervision Handbook, together with amendments to the Payment Services Regulations 2017 (PSRs 2017) and the Electronic Money Regulations 2011 (EMRs 2011).
    Consultation
    In the additional Chapter 18, the FCA mandates the following headline points:
    A PSP’s operational and security risk management should be proportionate to its size and the nature, scope, complexity and riskiness of its operating model and the payment services it offers.
    Particularly, PSPs should consider how making use of agents introduces operational or security risks, it is the obligation of the PSP to ensure that all identified risks, including those arising from or surrounding agents, are mitigated.
    When outsourcing functions pertinent to the payment services it offers, the PSP’s operational and security risk framework should lay out mitigation measures related to risks that arise from the outsourcing. These may relate to the relationship between the PSP and the outsourced provider or how the PSP monitors risks connecting with those activities. This applies whether the outsourcing is ‘internal’ to an entity within the PSP’s enterprise, or ‘external’. PSPs should note that regardless of whether parties to which services are outsourced fall outside the FCA’s regulatory perimeter, the PSP retains full responsibility for discharging their regulatory obligations. A relevant act or omission by a party to which a PSP has outsourced activities will be considered the act or omission of the PSP. PSPs will therefore need to have effective (and full) oversight over every one of their various outsourced functions and ensure the appropriate systems and controls are in place to mitigate the identified security and operational risks.fca template compliance manual risk management fca handbook
    Any firms wishing to outsource obligations to the cloud or to any third-party IT services company should consult the FCA’s specialist guidance on this point.
    Reporting requirements
    PSPs will be required to report to the FCA at the very least once per calendar year, but no greater than once per quarter, via a new “REP018 Operation and Security Risk” reporting form. PSPs are otherwise free to choose the frequency of reporting, albeit noting the FCA’s expectation that PSPs will “submit their reports when they are carried out and when they are most pertinent, rather than at a point in time when the information contained in reports might be less pertinent”.
    The proposed reporting form is set out in the consultation and requires the PSP to include certain details in regard to the relevant reporting period, for instance, the range of operational and security incidents notified to the FCA and the number of security related customer complaints. As well as the report, PSPs are required to submit to the FCA:
    an updated risk assessment of the operational and security risks relating to the payment services it provides; and
    an assessment of the adequacy of the mitigation measures and control mechanisms implemented in response to those risks.
    Each supporting document must include all of the relevant requirements of the EBA Guidelines, including the following:
    in relation to the risk assessment: a list of relevant functions, processes and assets supporting the payment services together with a risk assessment relating to the same, a description of the security measures implemented to mitigate those risks, and the conclusions of the results of the risk assessment; and
    in relation to the assessment of adequacy of mitigation measures: a summary description of the methodology used to assess effectiveness and adequacy of the mitigation measures, together with the assessment and any conclusions on deficiencies identified as a result of the assessment and proposed corrective actions.
    Further guidance on the reporting requirements will be set out in Chapter 13 of the Approach Document.
    Comment
    Barring the details relating to the reporting requirements, the consultation and final revision does not add much to what we already know: the substantive law is contained within the EBA Guidelines and the proposed additions to the Approach Document and the FCA’s Supervision Handbook only perfect those EBA Guidelines.
    Given the increasing role of technology in the payments sector and the intensifying (and evolving) risks posed by fraud and cyber threats, the FCA has made it clear that it is looking for PSPs to have adequate systems in place to have knowledge of the risks pertinent to the payment services they offer and to make clear that they have considered and implemented mitigation measures addressing those risks. It is also apparent that the FCA will be focusing more closely on how firms ensure sufficient oversight of their agents and/or outsourced arrangements, featuring how those arrangements are overseen. This is probably to become a key area of supervision by the FCA for PSPs which have several agents and/or outsourcing arrangements.
    Lee Werrell Chartered FCSI
    Compliance Doctor

    Updated FCA proposals on operational and security risk management by Payment Services Providers (PSPs)

    In March 2018, the FCA released its consultation paper (CP18/6) on its proposed approach to the execution of the European Banking Authority’s (EBAs) final guidelines on security measures for operational and security risks of payments services under PSD2.

    On the whole, the documents do not tell us much we did not already comprehend. Nonetheless, it does announce a new and important obligation for PSPs to report to the FCA on an annual basis, and submit an updated risk examination of the operational and security risks pertaining to the payment services they provide.

    The Background
    Under PSD2, payment service providers are mandated to establish an effective operational and security risk management framework relating to the payment services they provide. The EBA published its final Guidelines on 12 December 2017. It has then fallen to the FCA to incorporate this requirement into national law and to announce reporting requirements.
    fca template compliance manual risk management fca handbookThe proposal takes the form of a direction that all PSPs are to follow the EBA Guidelines and a new Chapter 18 in the FCA’s payment services and e-money Approach Document, as well as additions to Chapter 13 of the Approach Document. The new Chapter 18 is designed to highlight areas by which the FCA has determined the possibility for particular operational and security risk priorities, including identifying with the way payment accounts are accessed for the purposes of account information services (AIS) and payment initiation services (PIS), and on its expectations where PSPs work with 3rd parties.
    Improvements will also be made to the FCA’s Supervision Handbook, alongside amendments to the Payment Services Regulations 2017 (PSRs 2017) and the Electronic Money Regulations 2011 (EMRs 2011).
    Consultation
    In the additional Chapter 18, the FCA mandates the following headline points:
    A PSP’s operational and security risk management should be proportionate to its size and the nature, scope, complexity and riskiness of its operating model and the payment services it offers.
    Particularly, PSPs should consider how making use of agents presents operational or security risks, it is the responsibility of the PSP to ensure that all identified risks, including those arising from or surrounding agents, are mitigated.
    When outsourcing functions related to the payment services it provides, the PSP’s operational and security risk framework should lay out mitigation measures linked with risks that arise from the outsourcing. These may connect with the relationship between the PSP and the outsourced provider or how the PSP monitors risks relating to those activities. This applies whether the outsourcing is ‘internal’ to an entity within the PSP’s company, or ‘external’. PSPs should note that regardless of whether parties to which services are outsourced fall outside the FCA’s regulatory perimeter, the PSP retains full responsibility for discharging their regulatory obligations. A relevant act or omission by a party to which a PSP has outsourced activities will be considered the act or omission of the PSP. PSPs will therefore need to have effective (and full) oversight over all of their various outsourced functions and ensure the specific systems and controls remain in place to mitigate the identified security and operational risks.
    Any firms wishing to outsource obligations to the cloud or to any third-party IT services company should consult the FCA’s specialist guidance on this point.
    In March 2018, the FCA published its consultation paper (CP18/6) on its proposed approach to the execution of the European Banking Authority's (EBAs) final guidelines on security precautions for operational and security risks of payments services under PSD2.Reporting requirements
    PSPs will be required to report to the FCA at least once per calendar year, but no more than once per quarter, via a new “REP018 Operation and Security Risk” reporting form. PSPs are otherwise free to choose the frequency of reporting, albeit noting the FCA’s expectation that PSPs will “submit their reports when they are carried out and when they are most pertinent, rather than at a point in time when the information contained in reports might be less pertinent”.
    The proposed reporting form is set out in the consultation and requires the PSP to include certain details relative to the relevant reporting period, for instance, the range of operational and security incidents notified to the FCA and the quantity of security related customer complaints. As well as the report, PSPs are required to submit to the FCA:
    an updated risk assessment of the operational and security risks relating to the payment services it provides; and
    an assessment of the adequacy of the mitigation measures and control mechanisms implemented in response to those risks.
    Each supporting document must include all of the relevant requirements of the EBA Guidelines, including the following:
    in relation to the risk assessment: a list of relevant functions, processes and assets supporting the payment services together with a risk assessment relating to the same, a description of the security measures implemented to mitigate those risks, and the conclusions of the results of the risk assessment; and
    in relation to the assessment of adequacy of mitigation measures: a summary description of the methodology used to assess effectiveness and adequacy of the mitigation measures, together with the assessment and any conclusions on deficiencies identified as a result of the assessment and proposed corrective actions.
    Further guidance on the reporting requirements will be set out in Chapter 13 of the Approach Document.
    Comment
    With the exception of the details relating to the reporting requirements, the consultation and final revision does not add much to what we already know: the substantive law is contained within the EBA Guidelines and the proposed additions to the Approach Document and the FCA’s Supervision Handbook only perfect those EBA Guidelines.
    Given the increasing role of technology in the payments sector and the escalating (and emerging) risks posed by fraud and cyber threats, the FCA has made it clear that it is anticipating PSPs to have adequate systems in position to appreciate the risks relevant to the payment services they offer and to describe that they have taken into account and implemented mitigation measures addressing those risks. It is also apparent that the FCA will be honing in more closely on how firms ensure sufficient oversight of their agents and/or outsourced arrangements, featuring how those arrangements are observed. This is probably to become a key area of supervision by the FCA for PSPs which have several agents and/or outsourcing arrangements.
    Lee Werrell Chartered FCSI
    Compliance Doctor

    Compliance Contracting Not Hitting The Spot?

    contractors,compliance,risk,management,opportunity,UK,financial services

    contractor compliance income reduce over qualified ageism

    Over Qualified? Too Senior? The Role Is For A More Junior Person.

    Ring Any Bells?

    We know what they mean. They think you are too old or if a higher paying and more senior job came along you would jump ship.

    Unfortunately the young recruiters apply their values on how they think you will react if another opportunity came along. They don’t appreciate the “My Word Is My Bond” that we do.

    What can you do?

    At Compliance Consultant we are often coming up with innovative and interesting ideas that can earn us all a great income and do what we like doing – working in the compliance arena.

    We have a fantastic opportunity for senior, experienced and driven contractors to take charge of their own destiny, employ their regulatory skills and make a difference to a fantastic number of Small & Medium Sized Enterprises in the UK ... around 2.8 Million of them.

    We have two options – to suit most people and we think you will like them both.

    Earnings are virtually unrestricted and the clients remain yours. We also cross-sell other products and services to the clients on your behalf – giving you a massive 40% commission on each and every payment. Services start at £500 per month and products vary.

    If you want to work from home and have a good level of MS Office skills (Word & Excel as a minimum) and a decent broadband speed, we will show you how to start building a consultancy business in your home area.

    We have a vision, and the tools…..

    Do You Have The Drive & Determination?

    Interested?

    Email age@complianceconsultant.org with your contact details, and by doing this you will be confirming you are over 18, you have at least 10 years experience in Compliance & Risk in Financial Services and you are qualified by through the CISI or CII (or equivalent) and you are based in the UK. CV’s are useful but not critical at this stage.

    Compliance News


    Liquidity Risk Management in Banks: Economic and Regulatory Issues (SpringerBriefs in Finance)



    buy now

    £42.74


    The recent turmoil on financial markets has made evident the importance of efficient liquidity risk management for the stability of banks. The measurement and management of liquidity risk must take into account economic factors such as the impact area, the timeframe of the analysis, the origin and the economic scenario in which the risk becomes manifest. Basel III, among other things, has introduced harmonized international minimum requirements and has developed global liquidity standards and supervisory monitoring procedures. The short book analyses the economic impact of the new regulation on profitability, on assets composition and business mix, on liabilities structure and replacement effects on banking and financial products.​
    ×
    Current Activity
    ×