TABLE OF CONTENTS. Compliance Manual Version 4.8 Author: Updated: 28/05/2017

TABLE OF CONTENTS 1 Introduction... 9 1.1 Purpose & Scope of the Manual... 9 1.2 Responsibility for the Manual... 10 2 Regulatory Framework... 11 2.1 Introduction to the FCA... 11 2.2 Financial Services Regulatory Framework... 11 2.2.1 FCA's Objectives... 12 2.2.2 FCA Handbook Overview... 13 3 Compliance Program... 14 3.1 Introduction... 14 3.2 Scope of Your Business... 14 3.3 Regulatory Business Plan... 15 3.3.1 INSERT: Organisational Chart... 17 3.4 Status Disclosure Statement... 17 3.5 Compliance Statement... 18 3.5.1 Compliance Monitoring Document... 19 3.6 Compliance Officer... 21 3.7 Compliance Policy... 21 4 Principles for Business (PRIN)... 25 4.1 Introduction... 25 4.2 The Principles... 25 4.2.1 Our Approach to PRIN... 26 5 Conduct of Business (COBS)... 27 5.1 Introduction... 27 5.2 Conduct of Business Obligations (COBS 2)... 27 5.2.1 Conduct of Business Policy... 27 5.3 Client Agreements (COBS 8)... 35 5.3.1 Record Keeping for Client Agreements... 36 5.4 Providing Product Information to Clients (COBS 14)... 36 6 Senior Management Arrangements, Systems & Controls (SYSC)... 40 6.1 Introduction... 40 6.2 General Organisational Requirements... 40 6.2.1 INSERT: Business Continuity... 41 6.3 Compliance... 42 6.3.1 Compliance with the Rules... 42 6.4 Compliance Breach Policy... 43 2

6.5 Compliance Breach Procedures... 45 6.5.1 Breach Incident Form... 49 6.6 Internal Audits... 51 6.7 Audit & Monitoring Policy & Procedures... 51 6.7.1 Compliance Monitoring Assessment Form... 60 6.8 Quality Assurance & Performance Policy & Procedures... 61 6.8.1 Appendix A - Staff Monitoring Form... 66 6.9 Risk Management... 68 6.9.1 Risk Management Policy... 69 6.9.2 Risk Management Procedures... 72 6.10 Risk Matrix... 79 6.11 Risk Register... 82 6.12 Outsourcing... 83 6.12.1 General Requirements... 83 6.12.2 Introducer/Lead Generator Agreement... 84 6.13 Outsourcing & Supplier Policy & Procedures... 88 6.14 Record Keeping... 97 6.14.1 Guidance on Record Keeping... 98 6.14.2 Records Management Policy... 98 6.14.3 Records Retention Policy... 100 6.15 Records Retention Periods Register... 102 6.16 Secure Waste Disposal Policy... 104 6.17 Conflicts of Interest... 104 6.17.1 Chinese Walls... 105 6.18 Conflicts of Interest Policy... 105 6.18.1 INSERT: Conflicts of Interest Procedures... 109 6.19 Whistleblowing... 109 6.19.1 Public Interest Disclosure Act... 110 6.20 Whistleblowing Policy & Procedures... 110 6.20.1 Whistleblowing Complaint Form (Template)... 116 6.21 Remuneration... 118 6.21.1 FCA Remuneration Code Principles... 118 6.22 Remuneration Policy... 119 6.22.1 INSERT: Remuneration Procedures... 121 7 Data Protection & Information Security... 122 7.1 Data Protection... 122 7.1.1 Commitment to Comply with Data Protection Act... 123 7.1.2 Data Protection Principles... 124 7.2 Data Protection Policy & Procedures... 124 7.3 Data Protection Audit... 132 3

7.3.1 Privacy & Electronic Communications Regulations... 132 7.4 Employee Confidentiality Agreement... 133 7.4.1 Non-Disclosure Agreement (NDA) Template... 134 7.5 Information Security... 137 7.5.1 Information Security Policy... 138 7.6 Information Security Audit... 141 7.7 PCI Compliance... 142 7.7.1 PCI Compliance Policy... 142 8 Financial Crime & AML... 147 8.1 Introduction... 147 8.1.1 Proceeds of Crime Act... 148 8.2 Money Laundering Reporting Officer (MLRO)... 149 8.2.1 MLRO Annual Report... 149 8.2.2 National Crime Agency (NCA)... 150 8.2.3 The Financial Action Task Force (FATF)... 150 8.3 AML Measures & Controls... 150 8.3.1 Introduction... 150 8.3.2 Anti-Money Laundering Audit... 151 8.3.3 Anti-Money Laundering Policy & Procedures... 152 8.4 Suspicious Activity Reporting... 165 8.4.1 Suspicious Activity Report (SAR) Internal Template... 165 8.5 Bribery & Corruption... 167 8.5.1 Introduction... 167 8.5.2 Anti-Bribery Principles... 167 8.5.3 Anti-Corruption & Bribery Policy... 168 9 Know Your Customer & Due Diligence... 173 9.1 Introduction... 173 9.1.1 Know Your Customer Controls... 173 9.1.2 Enhanced Due Diligence... 174 9.1.3 Politically Exposed Persons (PEPs)... 175 9.1.4 Cross-Border Due Diligence... 175 9.1.5 Non-UK Country AML Requirements... 176 9.2 Due Diligence Policy... 176 9.3 Due Diligence Questionnaire & Checklist... 180 10 Market Abuse... 188 10.1 Introduction... 188 10.2 Market Abuse Policy... 188 10.2.1 Suspicious Transaction or Order Report (STOR) Form... 205 10.2.2 Insider List Template (Excel)... 211 11 Threshold Conditions (COND)... 212 4

11.1 Introduction... 212 11.1.1 Location of Offices... 212 11.1.2 Effective Supervision... 212 11.1.3 Appropriate Resources... 213 11.1.4 Suitability... 213 1.1.1 Business Model... 213 11.2 Threshold Conditions Policy & Controls... 214 12 Approved Persons & Controlled Functions (APER & FIT)... 224 12.1 Introduction... 224 12.1.1 The Statements of Principle for Approved Persons... 225 12.1.2 The Code of Practice for Approved Persons... 225 12.2 Approved Person & Controlled Functions Policy... 226 12.3 Controlled Functions... 231 12.3.1 Controlled Functions & Approved Persons Register... 232 12.4 SMF Roles... 233 12.5 SMF Manager Handover Policy... 233 13 Recruitment & Induction... 240 13.1 Introduction... 240 13.1.1 Competence... 240 13.1.2 Assessing & Maintaining Competence... 241 13.2 Supervisors... 242 13.3 Employee Recruitment Policy & Procedure... 242 13.3.1 Sample Interview Questions & Scoring... 247 13.4 Employee Induction Policy... 250 13.4.1 Induction Checklist... 253 13.4.2 Job Description Example... 256 14 Employee Training & Assessment... 258 14.1 Training... 258 14.2 Training & Development Policy & Procedure... 259 14.2.1 Training Evaluation Form... 264 14.2.2 Training & Development Log... 266 14.2.3 Employee Training Record... 267 14.3 Employee Assessment Papers... 268 14.3.1 Assessment Structure... 268 14.3.2 Assessment Analysis... 268 14.3.3 Assessment Q&A Format... 269 14.4 Arrears & Default Assessment Q&A Papers (external)... 269 14.5 AML & Financial Crime Assessment Q&A Papers (external)... 269 14.6 DPA & Information Security Assessment Q&A Papers (external)... 269 14.7 FCA & Regulation Assessment Q&A Papers (external)... 269 5

14.8 TCF Assessment Q&A Papers (external)... 270 14.9 Vulnerable Customers Assessment Q&A Papers (external)... 270 14.10 Complaint Handling & Disputes Assessment Q&A Papers (external)... 270 14.10.1 Call Monitoring Checklist & Assessment... 271 15 Responsibilities to Customers... 277 15.1 Treating Customers Fairly (TCF)... 277 15.1.1 What is TCF?... 277 15.1.2 Expectations of Firms... 278 15.1.3 Six TCF Outcomes... 278 15.2 Treating Customers Fairly Policy... 279 15.3 Insert: Treating Customers Fairly Procedures... 284 15.3.1 TCF Procedure Guidance... 284 15.4 Treating Customers Fairly Audit... 287 15.5 Vulnerable Customers... 287 15.5.1 Approach to Vulnerable Customers... 288 15.5.2 Debt & Mental Health MALG... 289 15.5.3 Debt & Mental Health Evidence Form (DMHEF)... 289 15.6 Vulnerable Customers Policy & Procedures... 289 15.7 Vulnerable Customer Audit... 299 16 General Provisions (GEN)... 300 16.1 Introduction... 300 16.2 Statutory Disclosure Status... 300 16.2.1 Additional Disclosure Requirements... 300 16.2.2 General Disclosure Notes... 301 16.2.3 Insurance against Penalties... 302 16.3 Consumer Call Charges Rules... 302 16.4 Appointed Representative (AR) Principal Requirements... 303 16.4.1 Due Diligence for Appointing AR... 305 16.5 Appointed Representatives (SUP 12)... 306 16.5.1 Appointed Representative Monitoring Procedures... 306 16.5.2 Insert: Appointed Representative Agreement... 309 16.5.3 Insert: Appointed Representative On-boarding Procedures... 309 17 Supervision (SUP)... 310 17.1 Introduction... 310 17.2 General Guidance... 311 17.3 Reports by Skilled Persons... 311 17.4 Notifications to the FCA... 311 17.5 Reporting Requirements... 312 17.5.1 Internal Reports... 312 17.6 Management Information Policy... 312 6

17.6.1 FCA Reports... 316 18 Decision Procedure and Penalties (DEPP)... 318 18.1 Introduction... 318 18.2 Penalties... 318 19 Dispute Resolution: Complaints (DISP)... 319 19.1 Introduction... 319 19.1.1 Financial Ombudsman Service (FoS)... 319 19.2 Complaint Handling... 320 19.2.1 Complaint Handling Policy & Procedure... 320 19.2.2 Complaint Handling Log (Excel)... 327 19.2.3 Complaint Handling Form... 327 19.3 Complaint Handling & Disputes Audit... 329 20 Consumer Credit Sourcebook (CONC)... 330 20.1 Introduction... 330 20.2 Guidance on Financial Difficulties... 330 20.2.1 Financial Difficulties Policy... 331 20.2.2 Affordability Assessment Calculator (Excel)... 337 20.3 General Principles for Credit-Regulated Activities... 337 20.3.1 Credit Broking... 337 20.3.2 Credit Broker Refunds... 339 20.3.3 Transparency of Status... 339 20.3.4 Disclosure of Commission and Fees... 339 20.3.5 INSERT: Services and Costs Disclosure Document... 339 20.4 Lenders... 340 20.5 Responsible Lending Policy... 340 20.6 Affordability & Creditworthiness Policy & Procedures... 345 20.6.1 Income & Expenditure Form... 351 20.7 Debt Counselling, Adjusting and Credit Information Services... 353 20.8 Distance Marketing... 354 20.8.1 Distance Marketing Policy... 356 20.8.2 Distance Marketing Checklist... 359 20.9 E-commerce... 360 20.9.1 E-Commerce Policy... 360 20.10 Financial Promotions & Customer Communication... 365 20.10.1 Communication & Financial Promotion Checklist... 365 20.10.2 Financial Promotions & Communication Policy... 369 20.11 Pre-Contractual Requirements... 380 20.11.1 Pre-Contract Disclosure Policy... 380 20.11.2 Key Features Disclosure Information Leaflet... 388 20.11.3 Pre-Contractual Checklist... 392 7

20.12 Commissions... 393 20.13 Continuous Payment Authorities... 394 20.13.1 CPA Policy & Procedures... 394 20.14 Post-Contractual Requirements... 398 20.14.1 Post-Contract Policy... 399 20.15 Cancellation & Refund Policy... 405 20.16 Arrears, Default & Recovery... 407 20.16.1 Introduction to Arrears... 408 20.16.2 Arrears & Default Policy & Procedures... 408 20.17 Arrears, Default & Financial Difficulty Audit... 415 20.18 Application of Interest & Charges... 416 20.19 Communication with Customers... 416 20.20 Data Accuracy... 417 20.21 Debt Recovery Policy & Procedures... 418 20.21.1 Debt Advice... 432 20.22 Debt Management Plans... 434 20.22.1 Prudential Rules for Debt Management Firms... 434 20.22.2 Debt Advice Policy & Procedures... 435 20.23 Credit Reference Agencies... 442 20.23.1 Cost Cap for High-Cost Short-Term Credit... 443 21 Business Operational Procedures... 445 21.1 INSERT: Add Own Procedures Here... 445 21.2 INSERT: Add Own Procedures Here... 445 22 Employee Declaration... 446 22.1 Compliance Declaration Form... 446 23 Compliance Audit Checklists......(External Pages) 447-567 24 Employee Assessment Q&A Papers.....(External Pages) 568-699 25 CASS Manual & Resolution Packs......(External Pages) 700-800 8