FCA and PRA licenses (authorisations) and ongoing compliance support, training, recruitment. Contact us 7 days a week, 8am-11pm. Free consultations. Phone / Whatsapp: +4478 3368 4449 Email: hirett.co.uk@gmail.com
1 COMPLIANCE MONITORING PLAN
Version control:
| Ver. | Description of change | Author | Approved by | Approved date |
| 1 | ||||
| 2 | ||||
| 3 | ||||
| 4 | ||||
| 5 | ||||
| 6 | ||||
| 7 | ||||
| 8. | ||||
| 9 | ||||
| 10 |
Objective of the Compliance Monitoring Plan
This Compliance Monitoring Plan (CMP) is used to monitor the business in respect of its obligations under the regulatory regime, pursuant to its authorisation as an E-Money Issuer under the Electronic Money Regulations 2017 (EMR), supervised by the Financial Conduct Authority (FCA).
It also serves to protect the reputation of the company by ensuring compliance with FCA regulatory requirements, together with internal policies and procedures. It confirms to Senior Management that regulatory requirements and internal policies and procedures are being respected and informs them of significant regulatory changes and regulatory risks.
Responsibility
Day to day responsibility and oversight of the checks contained within this plan has been allocated to MLRO.
Review and Ownership of this Document
This document will be reviewed annually by MLRO.
| Requirement | Monitoring overview | Method | Frequency | Last performed (and by whom) | Next due (and by whom) | |
| 1 | REGULATED ACTIVITIES | |||||
| 1.1 | Permitted business: a firm is prohibited from carrying on a regulated activity in the United Kingdom by way of business other than in accordance with its FCA permissions. | Review of business undertaken by the firm to ensure that it is appropriately authorised, with particular regard to any new business activity. | Quarterly | |||
| 2 | SENIOR MANAGEMENT ARRANGEMENTS | |||||
| 2.1 | Apportionment of responsibilities: a firm must appropriately allocate to one or more individuals, the functions of: (1) dealing with the apportionment of responsibilities and (2) overseeing the establishment and maintenance of systems and controls. | Confirmation that individuals in senior management have been allocated with these functions and are discharging them appropriately. | Annually | |||
| 3 | SYSTEMS AND CONTROLS | |||||
| 3.1 | Governance: A firm must have robust governance arrangements, (including a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms), including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems. | Confirmation that reporting lines are clear, appropriate and documented, responsibilities are clearly defined, and job descriptions are appropriate and complete (particularly for significant influence functions).
Updates to any internal structure charts to reflect organisational changes/staff turnover, and ensure these are communicated internally.
Confirm that terms of reference for all standing committees exist and are appropriate.
Is the organisational structure still sufficient for the size and scope of operations? |
Annually | |||
| 3.2 | Compliance function: A firm must establish, implement and maintain adequate policies and procedures sufficient to ensure compliance of the firm with its obligations under the regulatory system. | Review of all policies and procedures, and compliance manual, and amendments as necessary (including to reflect legal/regulatory changes).
|
Quarterly | |||
| 3.3 | Regular Monitoring: A firm must monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements and take appropriate measures to address any deficiencies. | Assessment of monitoring programme and amendments if necessary. | Quarterly
|
|||
| 3.4 | Telephone monitoring | Telephone Calls
Review of Telephone conversations
|
Daily | |||
| 3.5 | Outsourcing: A firm must, on a continuous and satisfactory basis, ensure that it takes reasonable steps to avoid undue additional operational risk. Any outsourcing must not impair materially: (a) the quality of its internal controls; and (b) the ability of the FCA to monitor the firm’s compliance with its obligations under the regulatory system.
|
Confirmation that any new outsourced arrangements comply with the rules and guidance.
Confirmation that FCA is notified of any material changes to existing arrangements.
Confirmation that any outsourced arrangements are clearly documented (SLAs, KPIs etc.) |
Quarterly
Ad-Hoc
Quarterly |
|||
| 3.6 | Risk Control: A firm must establish, implement and maintain adequate risk management policies and procedures, including effective procedures for risk assessment, which identify the risks relating to the firm’s activities, processes and systems, and where appropriate, set the level of risk tolerated by the firm. | Review actual and potential operational risks arising from personnel, IT systems, failures in processing information or failures of security of systems that contain information. Notify FCA immediately of any material matters that arise.
Confirmation that regular risk-assessments are being undertaken.
Confirmation that incident reports are being completed and followed up. |
.
|
Quarterly | ||
| 3.7 | Business Continuity: A firm should have in place appropriate arrangements to ensure that it can continue to function and meet its regulatory obligations in the event of an unforeseen interruption. | Testing of business continuity arrangements, including IT arrangements. Update continuity plan if required, to ensure it remains effective and relevant. | Annually | |||
| 3.8 | Record Keeping: A firm must take reasonable care to make and retain adequate records of matters and dealings (including accounting records) which are the subject of requirements and standards under the regulatory system. | Confirmation that correct records are being kept for the required duration, and that data is backed up and can be retrieved as required. (including off-site storage arrangements)
Include all records of client communications including taped recordings, email communications, complaints etc. |
Six months | |||
| 3.9 | Financial Crime: A firm must have systems and controls that: (1) enable it to identify, assess, monitor and manage money laundering risk; and (2) are comprehensive and proportionate to the nature, scale and complexity of its activities.
Internal SARs |
Confirmation of adequacy of money laundering policies and procedures against risk-based assessment, KYC procedures and client screening, staff training and reporting to authorities.
Assess responsibilities and effectiveness of MLRO.
Confirm internal blacklists are properly maintained.
Are sufficient volumes of SARs being raised by staff members following monitoring activities?
Appropriate Action being taken including regular monitoring |
Annually
Two months |
|||
| 3.10 | Whistleblowing: Firms are encouraged to consider adopting appropriate internal procedures which will encourage workers with concerns to blow the whistle internally about matters which are relevant to the functions of the FCA. | Ensure staff have been advised of the firm’s internal procedures on Whistleblowing, including information on how they can raise their concerns confidentially.
(See whistle blowing procedures).
|
Annually | |||
| 3.11 | Client money: Firm safely holds and accounts for client money | Ensure reconciliation of segregated account balances is performed on a regular basis and that sufficient funds are held | Monthly | |||
| 4 | SUPERVISION | |||||
| 4.1 | Regulatory Reporting: A firm must submit reports to the FCA in writing (including regulatory reporting on financials, annual controllers report, annual close links report etc.) | Ensure all relevant personnel are aware of the FCA reporting schedule.
Confirm that all reports are filed with the FCA prior to the due date. |
Six months
Six months |
|||
| 4.2 | Registrations | Are all registrations up to date and active, e.g ICO | Annually | |||
| 4.3 | Breaches | Have any breaches been recorded, investigated and reported where relevant? | Two months | |||
| 5 | STAFF | |||||
| 5.1 | EMD Individuals: Certain individuals must be approved persons to perform ‘controlled functions’. | Ensure staff carrying out controlled functions have been registered appropriately with the FCA and have met the necessary Training and Competence requirements and are fit and proper.
Ensure changes in approved persons’ details and departures etc. have been notified to FCA. |
Annually | |||
| 5.2 | Supervision, training and competence: A firm must assess an employee as competent to carry on certain activities with clients (this can include a requirement to pass a competency test) | Maintain training schedules for all new employees and existing employees to cover regulatory requirements.
Ensure initial and refresher training carried out |
Ad-Hoc | |||
| 5.3 | Employee – Disciplinary Action | Ensure that any issues related to the fitness and propriety of staff (e.g. disciplinary action) have been reviewed and acted upon including where necessary notification to the FCA.
Ensure adequate Disciplinary procedures |
Ad-Hoc
Annually
|
|||
| 6 | CLIENT TAKE-ON | |||||
| 6.1 | KYC/AML: Firms must apply client due diligence measures when they establish a business relationship. | Confirm all KYC checks are carried out on clients, and that appropriate records are made and kept.
For a sample of existing clients, check that KYC information has been updated at least every [three] years and any changes recorded.
Ensure unable to open clients who appear on the sanctions list and relevant reports submitted. |
Monthly
|
|||
| 6.2 | Change of Address: Clients wishing to change their address | Compliance to periodically check for forged docs | Ad-Hoc | |||
| 6.3 | KYC: Ongoing obligation to keep up to date information on your clients | Review clients on a periodic basis | Ad-Hoc | |||
| 6.4 | Sanctions, PEPs and Criminal checks | Ensure systems are in place to catch any existing client who suddenly appears on these lists. | Annually
|
|||
| 6.5 | Client agreements: A firm must enter into a written basic agreement, on paper or other durable medium, with the client setting out the essential rights and obligations of the firm and the client. | Ensure all clients are party to the firm’s terms of business and that records are kept of the agreement that applies to each client.
Ensure client agreements are updated to take account of relevant regulatory and legal changes. |
Quarterly | |||
| 6.6 | Data Protection: A firm must comply with the requirements of the Data Protection Act 1998. | Ensure client data is kept securely and only transferred to third parties with client’s consent.
Ensure client documentation particularly ID info etc is kept secure and confidential at all times Check data is password protected or secure
Ensure all relevant employees have received data protection training |
Annually
Annually
Annually |
|||
| 7 | CONDUCT OF BUSINESS | |||||
| 7.1 | Complaints: A firm must establish, implement and maintain effective and transparent procedures for the reasonable and prompt handling of complaints from clients | Review internal complaints handling procedures and complaints received (in particular for patterns). Train staff where necessary.
Check whether any cases have been referred to FOS in the period and what outcome was. Identify any patterns.
Check complaints handling procedures used correctly and update if necessary. |
Monthly
|
|||
| 7.2 | Client money: A firm must make adequate arrangements to safeguard client’s rights in client money and assets and prevent the use of client money and assets for its own account. | Review procedures for holding client money and assets.
|
Quarterly | |||
| 8 | MARKETING AND CLIENT COMMUNICATIONS | |||||
| 8.1 | Financial promotions: must be identifiable as such. | Confirm that all client communications which could constitute financial promotions are reviewed by Compliance prior to distribution. This includes bulk emails to clients | Quarterly | |||
| 8.2 | Client communications: must be clear, fair and not misleading. | Review all current brochures, fliers, websites etc.
Ensure all communications to clients comply with rules |
Quarterly | |||
| 8.3 | Financial promotion record keeping | Ensure copies are kept of all approved financial promotions | Quarterly
|
|||
| 9 | TCF | |||||
| 9.1 | TCF: A firm must act honestly, fairly and professionally in accordance with the best interests of its client | Ensure six consumer outcomes are consistently met in all activities of the firm, including product design, client information, any advice, and product performance. | Quarterly | |||
| 10 | FINANCIAL RESOURCES | |||||
| 10.1 | Financial Resources | Ensure the Firm has an adequate excess of Financial resources to cover the Capital Requirement | Monthly
|
|||
| 11 | BRIBERY AND CORRUPTION | |||||
| 11.1 | Bribery & Corruption: The crime of bribery is described as occurring when a person offers, gives or promises to give a “financial or other advantage” to another individual in exchange for “improperly” performing a “relevant function or activity”. | Has the Firm robust procedures in place to ensure its employees and connected parties do not give or receive bribes? | Annually | |||
| 11.2 | Staff Training | Are Employees aware of the firm’s policy and procedures ?
Have they received training? |
Annually | |||
| 11.3 | Third Parties | Are any parties the Firms does business with aware and have agreed to abide by the firm’s procedures. | Quarterly | |||
| 11.4 | Third Party Vetting | The Firm must carry out due diligence on all third parties (including those with existing relationships) and know sufficient information about the Firm or individual that it is about to conduct business with. | Six months | |||
| 11.5 | Gift Register | Firm is required to maintain a gift register. | Six months | |||
| 11.6 | Risk Register | Ensure Risk register is up to date | Annually
|
|||