Styperson POPE

Strategy & Compliance for Investment Firms


Compliance Audits & Monitoring Visits

This post is just a quick anatomy of a compliance monitoring visit we’re in the middle of for an FSA authorised Investment Firm.  We tailor all our compliance audits and monitoring programmes to our clients’ particular businesses and we make sure that they add value by focussing not only on the bare FSA requirements but also commenting on best practice and efficiencies.  We have developed tried and tested monitoring formats for:

Like most of our clients, the one who’s ‘enjoyed’ today’s compliance visit, is on a quarterly programme with a slightly more expanded report at mid-year and a full review at each year end.  Today (Friday) is day one of the full review, continuing Monday, and ending in the delivery of a report to the Board by the close of next week.  It’s not the best time to be taking several days out to run a full compliance audit… but then it never is!

Two of us are splitting the work, with me reviewing all of their regulated activities, policies, procedures, management systems, governance provisions, and Gabriel reports (which should be OK because we’re involved in all their FSA reporting).  Their in-house Compliance Manager is reviewing their files and records including KYC and AML, financial promotions, client categorisation, periodic statements, and suitability assessments (each based on a sample I chose at random).

Despite being only one day in, the visit has already proved invaluable with a big gap identified in their conduct of business (COBS) procedures (actually, they’d done everything right but didn’t understand why so had gone to expensive lawyers for advice each time), and a few gaps in management systems which can very easily be plugged (once you know they’re there!).

We’ll have plenty of recommendations to make and we categorise them all based on the urgency of the change and the cost or effort of completing it.  Generally we like to see through the changes we suggest but we also understand the costs involved in ‘gold plating’ and accept that perfection may be a longer-term objective!

One inevitable consequence of a compliance monitoring visit is some additional training and it’s a great way to identify areas of need.  This may be informal training for the Board in the form of talking through the report, or it might be identifying the key topics for a firm-wide workshop.

It’s easy to forget how valuable a compliance audit or monitoring visit can be and often it’s the most cost effective way of discovering problems (it’s certainly a lot cheaper than letting them revel themselves!).  If you’d like to discuss what kind of visit would be most suited to your business, do please give Simon Webber, STYPERSON POPE‘s Managing Director, a call on 07710 260 717, or e-mail sw@strategic-compliance.co.uk.


How are Funeral Plan Providers Regulated?

One relatively unknown corner of legislation is how providers of funeral plans are regulated under the financial services and markets act (FSMA)…

From a regulatory point of view, there are three types of provider:

1. FSA Authorised Providers
Because of the ready availability of exemptions to the Regulated Activities Order (RAO) which defines the requirement for FSA authorisation, no funeral plan providers have opted for full regulation.  Nonetheless, the starting point for the exemptions is the regulated activity of…

”Entering as provider into a funeral plan contract… under which a person (“the customer”) makes one or more payments to another person (“the provider”); and the provider undertakes to provide, or secure that another person provides, a funeral in the United Kingdom for the customer (or some other person who is living at the date when the contract is entered into) on his death”

2. Plans Secured Against a Contract of Insurance
If the money paid by the customer is used to purchase insurance cover which provides for funeral expenses, the provider of this product is exempt from requiring authorisation as a funeral provider (however, they may well require authorisation as an insurance intermediary).

3. Plans Which Hold Money in Trust
These are by far the most common type of funeral plan but they are also have the most complicated exemption for their providers to avoid having to be FSA authorised.  There are five separate tests which must each be met for the use of this exemption.  They cover:

i) the form of the trust;
ii) the eligibility of the trustees;
iii) the management of the trust’s funds;
iv) the accounting for the trust; and
v) the valuation of the trust.

Providers will also need to consider the Money Laundering Regulations as they apply to trusts and trust and company service providers.

If you’re a provider of funeral plans and would like to ensure you manage your activities to fit within one of these exemptions, do please contact Simon Webber, StypersonPOPE’s MD, on 07710 260 717 or sw@strategic-compliance.co.uk.

If you’re interested in purchasing a funeral plan, this post probably hasn’t been very helpful, but you might want to read this advice from the FSA.


Trusts & Money Laundering – HMRC AML registration for a TCSP

We’ve recently been doing some work with a couple of trusts which, because the investment returns aren’t shared with the trust’s settlors, are not collective investment schemes.  This means that the managing trustees don’t need to be regulated (although there are regulated custodians and investment managers involved) and therefore don’t automatically apply anti-money laundering measures.  This raises an important question…

What steps should non-investment trusts take under the Money Laundering Regulations 2007?

Well, as so often with compliance… it depends.

The first consideration is whether they should be regulated by the FSA.  This will depend on the intention of the trust.  If it is for investment purposes (such as a unit trust), and it has more than one settlor, it may well be a collective investment scheme (CIS) and therefore require an Operator.  One we’ve worked on was for the provision of funerals; these aren’t a CIS but are separately regulated unless they meet a number of detailed exemption criteria.

If the trust’s activities don’t require regulation by the FSA, it may still require registration with HMRC as a Trust or Company Service Provider (several of our clients fall into this relatively new and quite wide category).  This will be the case where an individual or company acts, or arranges for others to act, as a trustee by way of business.  Charities and trusts created by wills are generally excluded but a lot of trusts used for tax planning or asset protection will be caught.

If a trust or its managing trustees require regulation by the FSA or registration with HMRC, then the Money Laundering Regulations 2007 (MLR) will apply.

This will generally mean that they have to identify, and then verify the identity of, anyone with whom they do business.  Depending on the nature of the relationships, this is likely to include the settlors (the people who give money or property to the trust), the beneficiaries (the people to whom the trust gives money or property), the trustees themselves, and possibly others as well.

The depth of these checks will depend on the risks the trust faces of being used for money laundering and financial crime.  The first priority of any company subject to the MLR is to assess this risk according to the requirements of the regulations.

Even if the trust doesn’t require regulation or registration, if it deals with individuals as settlors or beneficiaries, the trustees should seriously consider implementing some procedures to identify and verify the people on whose behalf they act.  These can be a lighter touch version of the MLR requirements but they provide an excellent template for best practice and identification techniques.

If you’re involved in the management of a trust and would like to discuss the Money Laundering or Regulated Activity Order regulations which apply to you, do please contact Simon Webber, StypersonPOPE’s MD, on 07710 260 717 or sw@strategic-compliance.co.uk.


OFT Anti-Money Laundering (AML) Registration

On the 31st July 2009, the Office of Fair Trading (OFT) opened its registration for Anti-Money Laundering (AML). 

The OFT requires all its supervised businesses to register before the 31 January 2010. The following types of business are supervised by the OFT and will need to register:

  • Estate agents – those engaged in estate agency work as defined by Section 1 of the Estate Agents Act 1979.
  • Consumer Credit Financial Institutions (CCFIs) – businesses carrying on consumer credit lending activity who are neither authorised by the Financial Services Authority (FSA) nor money service businesses supervised by Her Majesty’s Revenue and Customs (HMRC).

Failure to register could lead to the OFT imposing a civil penalty or taking a prosecution if business is carried on after 31 January 2010. Prosecution could result in a sentence of up to two years in prison and/or an unlimited fine.

The Joint Money Laundering Steering Group (JMLSG), part of the British Bankers’ Association (BBA), has devised rules for all of these businesses to follow in their anti-money laundering efforts.  Because of our familiarity with these rules, we can prepare appropriate procedures based on your business’ exposure to the risk of financial crime.  We can tailor these to fit your existing business processes and ensure that they are easily understood, implemented and overseen.

We are able to offer the services of an FSA and HMRC-approved Money Laundering Reporting Officer who can oversee the processes we implement and report to your Board, SOCA or your relevant authority as required… we can even complete the registration forms for you if you’d like us to.

If you would like to discuss any aspects of money laundering reporting or registration, please call or e-mail Simon Webber, our Managing Director.


Data Security in Authorised Firms

In 2008, the FSA made “Data Security” one of their priorities and although they do not lay down rules specific to data security, they expect authorised firms to take it extremely seriously as part of their commitment to establishing effective management systems and controls, and their obligation to treat customers fairly.

The risk of damage to a firm’s reputation and the cost of dealing with lost or stolen client information is bad enough but worse still is the danger that clients may be exposed to identity theft. Even small financial services firms which hold limited data on clients can be targeted by organised criminals or casual opportunists. The greatest threat often comes from the firm’s own staff; database encryption and secure servers are pointless if somebody can take client information away from the office on a CD or accidentally leave their laptop on a train.

The first step in establishing data security, is a performing a risk assessment specific to your business. The advice from the FSA is that:

“If firms think their in-house resources or expertise are inadequate to perform an effective risk assessment, they should consider seeking external guidance.”

Once completed, the risk assessment becomes the foundations on which proper policies and business-specific procedures can be built.

“We were not convinced by firms that claimed to have detailed data security rules but were unable to produce written policies and procedures”

Of course written policies are pointless if staff are not appropriately trained in their use. Because many people wrongly assume that data security is common sense (and because, let’s face it, it’s not a subject naturally dripping with drama), it is important to be creative.

“Our experience shows that many instances of data loss occur because staff do not know or understand relevant policies and procedures.”

Of course, we hope that risk assessments, appropriate procedures and effective training will prevent data loss or theft but if the worst happens, firms must decide how to react and this will probably involve advising those affected, something which must be done carefully but swiftly.

“Firms should consider telling affected consumers exactly what data has been lost, give them an assessment of the risk and give advice and assistance to consumers at a heightened risk of identity fraud.”

For a business-specific risk assessment, help creating suitable procedures, and some effective training on data security, do please give us a call or send us an e-mail.


Anti-Money Laundering

All FSA-authorised firms are required to ensure that their businesses are not used to facilitate financial crime.  Since December 2007, many unregulated companies have joined them, becoming responsible to other regulators including HMRC and the Office of Fair Trading (OFT).

The Joint Money Laundering Steering Group (JMLSG), part of the British Bankers’ Association (BBA), has devised rules for all of these businesses to follow in their anti-money laundering efforts.  Because of our familiarity with these rules, we can prepare appropriate procedures based on your business’ exposure to the risk of financial crime.  We can tailor these to fit your existing business processes and ensure that they are easily understood, implemented and overseen.

We are able to offer the services of an FSA and HMRC-approved Money Laundering Reporting Officer who can oversee the processes we implement and report to your Board, SOCA or you relevant authority as required. 

If you would like to discuss any aspects of money laundering reporting, please call or e-mail Simon Webber, our Managing Director.


Ad Hoc Advice

As well as ongoing and strategic advice, most firms will require occasional, more intensive advice either to acheive a specific goal or to overcome a particular issue. 

Examples of our recent acheivements include:

  • Designing strategic alterations to a client’s permissions and corporate structure to reduce FSA-required capital reserves by over 90%;
  • Overseeing an application to the FSA from a new corporate finance firm;
  • Creating and writing processes for two corporate finance firms;
  • Updating documents and processes after FSA rule changes (CRD and MiFID);
  • Creating and writing processes for a new division operating in a new market;
  • Designing a plan for an innovative private equity investment scheme to market directly to individuals rather than IFAs;
  • Creating compliant documents for two property investment funds; and
  • Designing business models to avoid unecessary (and costly) regulation for unauthorised firms.

If you would like to discuss any projects or issues that require strategic compliance advice, please do call or e-mail Simon Webber, our Managing Director.