Compliance Monitoring Programme
1 Compliance Management
Mr __________, the Managing Director/MLRO of the Company holds primary responsibility for regulatory
compliance for all users of the firm. He is supported by Hirett Ltd (hirett.co.uk) a leading compliance consultancy who specialise in supporting regulated payment institutions.
2 Customer Complaints
A complaints procedure is employed by Hirett Ltd to satisfy DISP rules, with standard letters of acknowledgment and ongoing communication. Hirett Ltd records complaints via a complaint ‘log’, so that they can be used by the Financial Ombudsman Services (FOS), if a complaint does reach them.
The Complaint log is to be used to record information about our complaints, including the type of complaint by classification.
The Complaints log will track the progress of a complaint with the ability to monitor the time taken for responses and resolution to facilitate completion of the relevant section in the FCA return.
3 Business Management
3.1 New Clients
The procedure will entail:
- Presentation of the Hirett Ltd Terms and Conditions
- Complete client assessment by obtaining client data using Credit Safe – our proposed ID validation partner
- Ensure on new client understand our AML & KYC Procedure
All clients are provided with a copy of the firm’s Terms and Conditions, which provide full transparency
over how we operate. The above process is periodically monitored to satisfy regulation standards.
3.2 Existing Clients
We will carry out rigorous procedures for ensuring that we are treating clients fairly at all times. In addition to our TCF (Treating Customers Fairly) procedures, which are detailed separately within this manual, we also operate a structured client management procedure for ensuring that existing clients are provided with the cover and service they need at all times. The process is periodically monitored to satisfy regulation standards.
4 Personnel
All personnel at Hirett Ltd must and will adhere to the firms AML, Compliance and internal policies. All data remains the confidential property of the firm and personnel must never remove any business information or data for personal use or to disclose to 3rd parties without consent of the Management as this would be a breach of the terms and conditions of employment and also against the regulations that Hirett Ltd adheres to.
For all staff we will maintain a HR file, this will contain appropriate documentation on the individual such as evidence of permission to work in the UK, a current description of their role, contract of employment etc. The HR file will be kept by HR/Director of the firm.
5 Training and Competence
It is the company’s policy to implement effective Training and Competence (T&C) procedures. The Company’s training and competence policy is as follows:
5.1 Our terms and commitments commitments are:
- Staff competence is maintained appropriate to the level of our business
- Staff remain competent
- Staff are appropriately supervised
- Staff competence is regularly reviewed
The paragraphs below identify how we meet each of the above commitments.
5.2 Maintaining of Competence
It is the company’s policy to ensure that staff maintains their competence levels through an ongoing programme of training and assessment. This is done in a structured process and measurement as follows:
- A minimum of annual reassessment of all staff in the core skills related to the compliance element of their job roles
- Where repeat training is required then this is carried out through appropriate course materials
- Staff failing 3 consecutive assessments will be placed on a specific training programme so targeted activities may be undertaken to establish the reason for non-competence
- We maintain and have audit trails of all competence management activity
5.3 Ongoing supervision
It is the role of the firm’s MLRO, __________, to ensure staff are well educated, have access to training material and are regularly tested. Hirett Ltd shall deploy certain AML training to its compliance partner, Hirett Ltd, on a periodic basis
6 Disaster Recovery and Business Continuity
The Company takes seriously the threat of disaster, including loss of access to premises or systems or other circumstances that could impact our ability to service clients. Our disaster recovery policy for each prime scenario is documented below and is designed to mitigate key risks to continuity of client service. Our relatively small size makes us able to adapt very rapidly to changing situations to ensure continuity of customer service.
6.1 In the event occurring that falls into the category of a ‘significant incident’, the Company shall notify the FCA within 4 hours of it occurring (or management being made aware) via completion of the reporting form made available on CONNECT.
Disaster Scenario | Mitigation |
---|---|
Loss of access to Server/data | The company maintains a backup record of client records for use in emergencies if the main server is unavailable. Management believe that a short term of access to data therefore is not critical. A long-term loss of access to data would require us to recover our full data set for backup on to new servers. |
Loss of access to premises | In the event of a loss of access to our premises then our staff will work from home until further notice and will be able to serve our customer on an interim basis from there. |
Loss of key personnel | We will cross train key members of staff in each other’s role. |
7 Data Protection and Data Security
The Company takes seriously its responsibility for Data Protection, Confidentiality and Security.
No staff member will take with them from the company premises, in soft or hard copy, details of clients, policy information or any other data that may be perceived as confidential.
Access to our systems and data are accessed by each individual using their own login and passwords. Our staff will not, under any circumstances, share their system login details with each other or any 3rd party, internal or external.
All client documentation which is not required or used will be suitably shredded and disposed.
8 Whistle blowing Policy
Hirett Ltd is committed to conducting its business to the highest possible standards.
We believe that high standards of conduct, ethics, honesty and integrity are essential to the smooth running of its business.
In order to maintain high standards, we attach great importance to identifying and remedying serious unprofessional or unlawful conduct in the workplace.
If such wrongdoing in the workplace goes unreported, this could have a serious effect on our reputation and business, which in turn could have a serious effect on our employees.
Hirett Ltd recognises that employees may not always feel comfortable about discussing their concerns internally especially if they believe we are responsible for the wrongdoing.
The aim of this policy is to ensure that employees are confident that they can raise any matter and concerns in the knowledge that it will be taken seriously, treated as confidential and that no action will be taken against them.
If you have a genuine suspicion about actual or planned wrongdoing which may be against the law or which may be a serious breach of regulations, or which may threaten seriously the high standards required of all employees, you should raise your concern(s) with the Director by following the procedure detailed below.
If you follow this procedure properly you:
- Can expect Management to deal with your concern(s) in a responsible manner, to respect confidentiality and to take appropriate action
- Have the right not to be victimised for using the procedure to raise your concern(s). We shall take all reasonable steps to prevent you suffering victimisation by other staff as a result of raising the concern(s)
This procedure has been designed to allow employees to raise concerns with the appropriate individual in the appropriate way. If you do not follow this procedure properly or abuse the procedure by raising concerns which are not genuine, you may be liable to disciplinary action, including summary dismissal.
If any employee victimises other employees who have raised concerns or if any employee deters other employees from making concerns about wrongdoings, then the employee responsible may be liable to disciplinary action, including summary dismissal.
8.1 Grounds for raising a concern
You should follow this procedure where you have a genuine suspicion about actual or planned malpractice and wrong doing or which affects you and the firm.
This includes malpractice or wrongdoing which:
- Amounts to a breach of the Financial Services and Markets Act 2000 or any applicable FCA requirements
- Amount to a criminal offence or breach of civil law
- Amounts to a breach of any statutory code of practice
- Amounts to corruption or fraud
- Amounts to a miscarriage of justice
- Involves danger to the health and safety of any person
- Involves damage or potential damage to the environment
- Attempts to cover up the occurrence or likely occurrence of any of the above
You must raise your concern(s) in good faith and must reasonably believe that the information that you wish to disclose relates to one of the above categories of wrong doing.
8.2 Who to raise a concern with
You should raise your concern with the Director, Mr. __________
8.3 How to raise a concern
You should initially raise your concern(s) directly, by speaking personally, and in confidence to the appropriate person, (as indicated above). However, if you consider that it is insufficient or impractical to resolve the concern by way of a confidential discussion, you may raise the concern in writing. In the event that you do raise a concern, the Director may request that you put your concerns(s) in writing.
Once a complaint is received, Management will conduct an investigation into the allegation(s). Unity Remit Ltd will do everything that it can to respect confidentiality and to prevent reprisals.
However, in order to investigate your concern(s) properly it may be necessary for you to consent to other employees being informed of your concern(s). You may request anonymity, but this may affect the ability to investigate your concern(s). The investigation will be conducted and concluded as quickly as possible.
We will advise you in a manner and to an extent considered appropriate, of the outcome of any investigation. This may include disciplinary action being taken against any employee(s) suspected of malpractice. You must treat the investigation, the outcome of the investigation, any report prepared as a result of the investigation and any disciplinary arising as confidential. Any breach of confidence may lead to disciplinary action being taken, including summary dismissal.