RISK MANAGEMENT AND BUSINESS CONTINUANCE A FAIS Standard. An AC Guidance Note. July 2010

Similar documents
TERMS OF REFERENCE FOR THE PROVISION OF OUTSOURCED INTERNAL AUDIT SERVICE

School Business Manager

Chapter 1. Introduction and Overview of Audit & Assurance

2.6 When introducing new systems, care must be taken to ensure:

EXECUTIVE SUMMARY INTERNAL AUDIT REPORT. IOM Kingston JM JULY 2017

NUMBER: BUSF 3.30 Business and Finance. Other Educational and General Program Accounts ("E" Funds) Date: October 18, 2006 I. PURPOSE OF THE POLICY

Renewing an Insurance Policy

NCTJ Conflicts of Interest Policy and Procedures

MiFID Supervisory Briefing Suitability

STATE OF NEW YORK MUNICIPAL BOND BANK AGENCY

Understanding Self Managed Superannuation Funds

LMA GUIDANCE: GDPR CORE USES INFORMATION NOTICE

FSB Press Release 20 August 2015

The CIA certification has 4 parts. The CCSA exam and the CGAP exam are single part specialty exams.

The UK Register of Trusts 21 December 2017

Clearing arrangements

TASSAL GROUP LIMITED ABN Procedures for the Oversight and Management of Material Business Risks. (Approved by the Board 28 May 2015)

Producer Statements will be accepted only in accordance with this policy.

You can get help from government organizations that are not connected with us

Are you ready for the FUTURE of your Quality Management system?

The UK Register of Trusts 23 October 2017

Subject Access Requests

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

TaxAid. Your Personal Tax Account Filing Your Tax Return

JAUPT Appraisal Criteria Centre Application. November 2016

Handling Complaints at Lloyd s: Guidance for managing agents and their representatives

We process personal data for some or all of the following purposes depending on our relationship with the individual data subject:

Best Execution & Client Order Execution Policy. October P age 1 6. BE31/10/17 v1

HIPAA Privacy Rule LINKS AND RESOURCES AFFECTED ENTITIES IMPACT ON EMPLOYERS. Provided by Brown & Brown of Louisiana, LLC

DATA PROTECTION POLICY FOR PUPILS AND PARENTS

NEW PROCEDURES FOR ORDER MARKER CORRECTIONS

Terms and Conditions 19 December 2018

Windham School District Procurement Policy for Federal Funds

PERFORMANCE DEVELOPMENT SYSTEM. Supervisory and Management Staff Appraisal. Department: Reviewer s Name: Review Period:

RISK INFORMATION CHURCHES CHURCH RISK MANAGEMENT

AUDIT & RISK COMMITTEE CHARTER

How to Become a Delaware Public Benefit Corporation

ARIZONA FIRE DISTRICT ASSOCIATION FINANCIAL PROCEDURES POLICY

UK Employment Law Changes in 2010: New Statutory Rates, Limits and Entitlements

LICENSEE STANDARDS. Life Insurance Advice. (including Replacement of Product Advice)

MIFID Policy Client classification

Information Article. ISO - International Standards for Business Continuity Operations (in an Aviation Related Context)

FCA Final Notice: Market abuse systems and controls

IRDA Update: Draft Guidelines on Web Aggregators

EXECUTIVE SUMMARY INTERNAL AUDIT REPORT. IOM Mogadishu SO November 7 December 2018

Risk Management Policy

Approval Process and Arrangements for University Consultancy Work

BROCKTON AREA MULTI-SERVICES, INC. ORGANIZATION AND POLICY GUIDE

Work Instruction. for Change Management. Work Instruction Administrator John Doe Chief Corporeal Officer ACME

AUDIT, RISK MANAGEMENT AND COMPLIANCE COMMITTEE CHARTER

SRI LANKA AUDITING STANDARD 580 WRITTEN REPRESENTATIONS CONTENTS

AUDIT and ASSURANCE COMMITTEE TERMS OF REFERENCE

The Committee is specifically charged with the following duties and responsibilities:

Consultation: Travel Trade Consumer Protection Measures

FINANCE & AUDIT COMMITTEE

IA POSITION PAPER ON LAST LOOK

Pershing Financial Services Guide (FSG) including its Privacy Policy

Internal Control Requirements for Adopting New Accounting Standards

FORM 2. INDEPENDENT REGULATORY BOARD FOR AUDITORS (Established under Section 3 of Act 26 of 2005)

This Agreement is hereby confirmed to vary Terms & Conditions of employment between The Company and you.

De minimis aid declaration

UCEA/ECU Age Discrimination Working Group Guidance. Age Discrimination Legislation Guidance Note 1: Pay and Benefits A UCEA Publication

GUIDANCE ON OUTSOURCING OF BUSINESS FUNCTIONS

Financial Aid Satisfactory Academic Progress Appeal Request Spring 2019 Deadline: January 3, 2019

FINANCIAL SERVICES GUIDE Adams Triglone, Gregory Thomas Adams, Judith Anne Constantine

Enterprise Risk Management Focusing on the Right Risks

TERMS OF REFERENCE. Audit and Risk Committee (the "Committee") of Wilmcote Holdings Plc (the "Company")

T E M P L A T E. Tenancy Management Requirements. 1. General. a. Compliance obligations

International Complaints Handling: New Procedures in Italy. To advise of new complaints handling arrangements for Italy

Sirtex Medical Limited Senior Executive Short Term Incentive Policy and Procedure

International Standard on Auditing (UK) 265

FINANCIAL SERVICES GUIDE

Guidelines and Recommendations Guidelines on periodic information to be submitted to ESMA by Credit Rating Agencies

FAQS ON DEBT CONSOLIDATION PLAN

8722 S. Harrison St. Sandy, UT P.O. Box 4439 Sandy, UT Fax

The Company is a public company incorporated in Bermuda and its securities are listed on AIM.

COMPLAINTS POLICY ARUNSIDE PRIMARY SCHOOL. POLICY ADOPTED: 20 th JUNE 2016 THE POLICY IS TO BE REVIEWED: November 2017

Audit and Risk Management Committee Charter

University of Pittsburgh Office of the Controller General Accounting

Record Keeping and Notes in Records for Claims Adjusters

Disciplinary Policy. WHO is this policy for?

IRS announces changes to determination letter program

SUMMARY FOR THIRD PARTY SUPPLIERS

PSNC Briefing on the NHS Complaints procedure (from 1 April 2009)

Client Advisory. Pension Changes Proposed: Federal Funding and Investment Rules. Proposed Funding Rules. Summary

Documentation / Other important Standards with SME perspective

3. What do you need to do to take holiday or carry forward holiday prevented by sickness absence? 6. Appendix 1 Annual Leave Entitlement 7

Quick Reference Guide

International Standard on Auditing (Ireland) 265. Communicating Deficiencies in Internal Control to Those Charged with Governance and Management

STANDARD OF PRACTICE (7): ADVERTISING

Start-up Crowdfunding Guide for Funding Portals

International Standard on Review Engagements (ISRE) 2400 (Revised), Engagements to Review Historical Financial Statements

Non-Regulated Activities. Application Guidelines

Written Representations

THE CLOROX COMPANY AUDIT COMMITTEE CHARTER. [Effective May 8, 2017]

It is mandatory to have this insurance if the person is living within a participating National Flood

edisclosure PROTOCOL PACK

Appendix G. Wisconsin DOT: Q&A from FTA

Audit & Risk Committee Charter

Penalties Guidance March 2015

Transcription:

RISK MANAGEMENT AND BUSINESS CONTINUANCE A FAIS Standard An AC Guidance Nte July 2010 Risk Management and Business Cntinuance - A FAIS standard The General Cde f cnduct deals in a number f ways with the general requirement f Risk Management The primary Risk management requirement falls under Part IX f the Cde. The sectin deals with 3 specific requirements, namely (and we will qute the sectin numbers); 11. Cntrls Measures

A prvider must at all times have and effectively emply the resurces, prcedures and apprpriate technlgical systems that can reasnable be expected t eliminate as far as reasnably pssible, the risk that clients, prduct suppliers and ther prviders r representatives will suffer financial lss thrugh theft, fraud, ther dishnest acts, pr administratin, negligence, prfessinal miscnduct r culpable missins. 12. Specific Cntrl Objectives A prvider, excluding a representative, must, withut limiting the generality f sectin 11, structure the internal cntrl prcedures cncerned s as t prvide reasnable assurance that The relevant business can be carried n in an rderly and efficient manner; Financial and ther infrmatin used r prvided by the prvider will be reliable; and All applicable laws are cmplied with. 13. Insurance A prvider, excluding a representative, must, if, and t the extent, required by the registrar maintain in frce suitable guarantees r prfessinal indemnity r fidelity insurance cver. As can be seen there is actually n reference t the wrds Risk Management ther than the heading, s all f the abve were adpted as Risk management FAIS style. S Risk Management included, but was nt limited t; Physical disaster recvery measures. These included; - Physical security - IT systems and cntrls (where apprpriate) e.g. Firewalls, Virus prtectin, back ups - Plans fr fire fld and the like - Apprpriate insurances t cver lss f assets and increased cst f wrking Quality cntrl i.e. hw well d yu d what yur systems and cntrls say yu d? Verificatin f data used i.e. infrmatin is nt given ut t clients r prduct prviders withut sme level f authenticatin and suitability, especially if it is t be used t advise clients Awareness and cntrls f ther legislative requirements fr the business Insurances Prfessinal Indemnity (nw cmpulsry), Fidelity guarantee (als cmpulsry in certain circumstances) and Guarantees (IGF fr the shrt term industry FSP s handling client funds als cmpulsry) All ultimately dcumented and cntrlled within a cmprehensive dcumented prcedures manual

All intended t prtect the business s the business culd cntinue t prtect the clients in the event f a disaster situatin within the FSP. The FSB s annual reprt has cnsistently asked abut the status f an FSP s Risk Management plans driven by the requirements f Parts 11, 12 & 13. The Questins is always in tw parts; Des the FSP have and effectively emply risk management resurces, prcedures, systems and cntrls as described in sectins 11 and 12 f the General Cde f Cnduct S it is nt enugh t have a generic dcument filed away that will enable a psitive tick t be applied t this questin. The key elements t yur plan, nt just ne fr the purpses f FAIS cmpliance, are; Effectively emply must be used and nt a chapter in a manual Prcedures what are yu actually ging t d if an event ccurs? Systems what tls are yu ging t be relying upn t achieve results? Cntrls wh and hw is the prcess ging t be managed? And the bjectives f these shuld be t enable the risks highlighted in the measures and bjectives listed abve. The secnd part f the questin is; Des the FSP have a dcumented Risk Management Plan? S it is nt enugh t knw what yu wuld d if smething happens but it must be written dwn and accessible t all thse affected by the plan remember the key individual - which may be yu may nt be there when disaster strikes. The need fr such measures was reinfrced by the amendment t the Cde f Cnduct in 2009 by virtue f the Determinatin f Fit & Prper Requirements fr Financial Services Prviders, 2008. These expanded the Operatinal Ability requirements f an FSP as riginally set ut in the Act itself. Amngst ther things these regulatins made use f the term Business Cntinuity which frm a pure risk management perspective is a term ften used as an alternative term fr Disaster Recvery and/r Risk Management, althugh nt always crrectly frm a risk managers perspective. There was n specific definitin f this new term and interestingly these new regulatins did nt replace the existing Cde f Cnduct requirements. The Operatinal Ability standards, which shuld be addressed in yur risk management plans, include the fllwing peratinal ability aspects; Access t Business premises Access t Cmmunicatin facilities Access t Strage and filing systems and yur existing recrds If yu utilise ffsite strage facilities, ensure that the 3 rd party has an effective risk management plan f their wn in place Internal cntrl f staff and IT requirements

D yu have security fr all persns that enter the premise (i.e. Staff and visitrs)? D yu have data security (i.e. Passwrd cntrls t restrict assess t certain staff)? D yu have Firewalls? D yu have a way f testing yur IT system and making sure that the results are crrect? (applicable where yu have a reliance n a system fr prcessing) D yu have IT recvery and back up prcedures in place? Are there measures in place t mnitr the use f systems? Are all financial and system cntrls recrded? Please nte that this is nt an exhaustive list. It merely indicates sme f the peratinal ability standards that need t be addressed. Whilst we d nt advcate, nr d the FSB, the use f ff the shelf Risk Management Plans where all yu d is add yur name t the dcument and believe yu have a plan, we have included examples f such plans t assist yu in develping yur wn. These examples fcus n all the key aspects f the physical risk management side f Risk management fairly well. These can be fund in sectins 2 f the PS draft administratin manual. Paragraph 12 (c) abve calls fr a reasnable assurance that; all applicable laws are cmplied with In simple terms, if this requirement can be seen as simple, asks that all laws that affect the running and maintenance f yur business are firstly understd and that there are prcedures in place t deal with the expsures t the business that may be presented by these laws where failure t cmply with them culd threaten the business either financially by way f fines and penalties r the ability t trade, by fr example by the lss f licences r ther sanctin by ther regulatrs. The vlume f legislative requirements is immense and grwing and/r being amended every year and it is becming increasingly difficult t manage these withut frmal cntrls being in place. These cntrls can be utsurced e.g. auditrs r human resurce specialists r managed internally but the cntrls all start with; awareness f what legislatin applies t yur business the pssible cnsequences f failure t cmply with the requirements understanding what cntrls yu have in place assessing the current effectiveness f these cntrls

We have supplied a tl in the PS administratin manual t assist with the abve prcess. This is nt a ne day task and mst certainly ne that needs t be revisited n a regular basis t cater fr changes t yur circumstances and/r the legislative envirnment. Thereafter imprvements and changes can be made t imprve the situatin. The regulatins and nging cntrl measures frm the FSB d hwever create a little cnfusin between Risk Management and Business Cntinuity within the cntext f FAIS. This arises by virtue f Part XII (sectin 20) f the General Cde f cnduct and mre specifically the questins asked in the FSB s annual cmpliance reprt arund this sectin where it asks; Des the FSP have a business cntinuity plan and prcedures in place t ensure that the client will be serviced if the business is terminated fr any reasn? This is a questin that has been cnsistently asked in all f the annual reprts t date and is in additin t the questin n Risk Management that is asked as a result f Part IX sectins 11, 12 & 13 dealt with abve. One has t assume that Business cntinuance, in the cntext f this questin, has t revlve arund the requirements f Part XII. S what are the requirements? Subject t the Act, and sectins 3(2) and (3) f this Cde (a) (i) a prvider must, subject t any cntractual bligatins, give immediate effect t a request f a client wh vluntarily seeks t terminate any agreement with the prvider r relating t a financial prduct r advice; (ii) Where the client makes the request n the advice f the prvider, the prvider must take reasnable steps t ensure that the client fully understands all the implicatins f the terminatin; (b) (c) a prvider, ther than a representative wh ceases t perate as such, must immediately ntify all affected clients accrdingly and take, where reasnable necessary r apprpriate in cnsultatin with the clients and prduct suppliers cncerned, reasnable steps t ensure that any utstanding business is cmpleted prmptly r transferred t anther prvider; and where a representative ceases t perate as a representative f a prvider, such prvider must immediately take, where reasnably necessary r apprpriate in cnsultatin with the clients and prduct suppliers cncerned, reasnable steps t ntify all affected clients accrdingly and ensure that utstanding business is cmpleted t transferred t such prvider r anther representative f that prvider. And these regulatins imprt tw ther sectins f the Cde, namely; 1. The need t keep recrds and be able t retrieve them

2. The need t keep infrmatin cnfidential The key aspects frm a Business Cntinuance perspective are; An FSP ceasing t perate as such. This culd arise frm a number f situatins; - Retirement if a sle trader - Death f the Key individual - again if a sle trader r where there is nly ne key individual within an FSP r nly ne key individual with respnsibility fr ne r mre categries f licence - Sale f the business t a third party (either the client base r the legal entity) - Suspensin r Withdrawal f the FAIS licence A representative ceasing t perate as such. This culd arise frm a number f situatins; - Death f the representative - Resignatin frm the emply f the FSP - Debarment f the representative - Failure t achieve the required educatinal standards Whilst nt specifically mentined within the regulatins there are a number f ther situatins that culd have an impact n the FSP and/r its representatives and these include; - Lss f primary prduct prvider (insurer) agency - Lss f delegated authrity frm a prduct prvider (insurer) - Lss f primary client accunt - Cmpetitin frm anther FSP/s in key market segments S Business Cntinuance means having plans t manage these situatins as an integral part f the FSP s verall Risk Management framewrk. These plans need t deal with, but shuld nt be limited t, the fllwing; Handling f all clients business affected by any f the abve, r ther similar, scenaris, including cmpletin f any utstanding business in an rderly manner with the interests f the client paramunt Ntificatin t all affected clients Ntificatin t all affected prduct prviders (insurers) These plans shuld deal with the pssible transfer f clients t anther suitable FSP It has t be remembered that these situatins, prbably mre s than with physical disaster events, are likely t be stressful situatins and may well mean the primary Key Individual, is nt arund t manage the situatin s the plans need t take this int accunt.

Whilst every FSP needs t be aware f and manage these expsures there are specific FSP prfiles that have an increased risk t these Cntinuance events; Sle traders FSP s with ne KI FSP s with specific licence categries with nly ne key individual respnsible fr them FSP s reliance n ne insurer (ver 60% f business with ne insurer) FSP s with reliance n ne client (ver 60% f incme emanating frm that ne client) FSP s with a high cmplaints and/r pr cmpliance standard i.e., increased risk f regulatry sanctin FSP s with pr segregatin f duties and respnsibilities i.e. increased risk frm the lss f key persnnel.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback