Styperson POPE

Strategy & Compliance for Investment Firms


Compliance Audits & Monitoring Visits

This post is just a quick anatomy of a compliance monitoring visit we’re in the middle of for an FSA authorised Investment Firm.  We tailor all our compliance audits and monitoring programmes to our clients’ particular businesses and we make sure that they add value by focussing not only on the bare FSA requirements but also commenting on best practice and efficiencies.  We have developed tried and tested monitoring formats for:

Like most of our clients, the one who’s ‘enjoyed’ today’s compliance visit, is on a quarterly programme with a slightly more expanded report at mid-year and a full review at each year end.  Today (Friday) is day one of the full review, continuing Monday, and ending in the delivery of a report to the Board by the close of next week.  It’s not the best time to be taking several days out to run a full compliance audit… but then it never is!

Two of us are splitting the work, with me reviewing all of their regulated activities, policies, procedures, management systems, governance provisions, and Gabriel reports (which should be OK because we’re involved in all their FSA reporting).  Their in-house Compliance Manager is reviewing their files and records including KYC and AML, financial promotions, client categorisation, periodic statements, and suitability assessments (each based on a sample I chose at random).

Despite being only one day in, the visit has already proved invaluable with a big gap identified in their conduct of business (COBS) procedures (actually, they’d done everything right but didn’t understand why so had gone to expensive lawyers for advice each time), and a few gaps in management systems which can very easily be plugged (once you know they’re there!).

We’ll have plenty of recommendations to make and we categorise them all based on the urgency of the change and the cost or effort of completing it.  Generally we like to see through the changes we suggest but we also understand the costs involved in ‘gold plating’ and accept that perfection may be a longer-term objective!

One inevitable consequence of a compliance monitoring visit is some additional training and it’s a great way to identify areas of need.  This may be informal training for the Board in the form of talking through the report, or it might be identifying the key topics for a firm-wide workshop.

It’s easy to forget how valuable a compliance audit or monitoring visit can be and often it’s the most cost effective way of discovering problems (it’s certainly a lot cheaper than letting them revel themselves!).  If you’d like to discuss what kind of visit would be most suited to your business, do please give Simon Webber, STYPERSON POPE‘s Managing Director, a call on 07710 260 717, or e-mail sw@strategic-compliance.co.uk.


FSA Principles for Businesses & Approved Persons

This isn’t a particularly original or insightful page because it’s basically just a cut and paste from the FSA’s handbook but the principles are very imoprtant to the FSA and they should be to all authorised firms as well.  They bear repeating:

FOR BUSINESSES…

1 Integrity – A firm must conduct its business with integrity.

2 Skill, care and diligence – A firm must conduct its business with due skill, care and diligence.

3 Management and control – A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.

4 Financial prudence – A firm must maintain adequate financial resources.

5 Market conduct – A firm must observe proper standards of market conduct.

6 Customers’ interests – A firm must pay due regard to the interests of its customers and treat them fairly.

7 Communications with clients – A firm must pay due regard to the information needs of its clients, and communicate information to them in a way which is clear, fair and not misleading.

8 Conflicts of interest – A firm must manage conflicts of interest fairly, both between itself and its customers and between a customer and another client.

9 Customers: relationships of trust – A firm must take reasonable care to ensure the suitability of its advice and discretionary decisions for any customer who is entitled to rely upon its judgment.

10 Clients’ assets – A firm must arrange adequate protection for clients’ assets when it is responsible for them.

11 Relations with regulators – A firm must deal with its regulators in an open and cooperative way, and must disclose to the FSA appropriately anything relating to the firm of which the FSA would reasonably expect notice.

FOR APPROVED PERSONS…

  1. An approved person must act with integrity in carrying out his controlled function.
  2. An approved person must act with due skill, care and diligence in carrying out his controlled function.
  3. An approved person must observe proper standards of market conduct in carrying out his controlled function.
  4. An approved person must deal with the FSA and with other regulators in an open and cooperative way and must disclose appropriately any information of which the FSA would reasonably expect notice.
  5. An approved person performing a significant influence function must take reasonable steps to ensure that the business of the firm for which he is responsible in his controlled function is organised so that it can be controlled effectively. 
  6. An approved person performing a significant influence function must exercise due skill, care and diligence in managing the business of the firm for which he is responsible in his controlled function.
  7. An approved person performing a significant influence function must take reasonable steps to ensure that the business of the firm for which he is responsible in his controlled function complies with the relevant requirements and standards of the regulatory system. 

(For 5-7 above, a “significant influence function”, includes Directors, Compliance Officers, and Money Laundering Reporting Officers, but not people in only a customer function.)

If you would like help in determining how these principles can be applied in practice, within your business, please do call or e-mail Simon Webber, StypersonPOPE’s MD.


OFT Anti-Money Laundering (AML) Registration

On the 31st July 2009, the Office of Fair Trading (OFT) opened its registration for Anti-Money Laundering (AML). 

The OFT requires all its supervised businesses to register before the 31 January 2010. The following types of business are supervised by the OFT and will need to register:

  • Estate agents – those engaged in estate agency work as defined by Section 1 of the Estate Agents Act 1979.
  • Consumer Credit Financial Institutions (CCFIs) – businesses carrying on consumer credit lending activity who are neither authorised by the Financial Services Authority (FSA) nor money service businesses supervised by Her Majesty’s Revenue and Customs (HMRC).

Failure to register could lead to the OFT imposing a civil penalty or taking a prosecution if business is carried on after 31 January 2010. Prosecution could result in a sentence of up to two years in prison and/or an unlimited fine.

The Joint Money Laundering Steering Group (JMLSG), part of the British Bankers’ Association (BBA), has devised rules for all of these businesses to follow in their anti-money laundering efforts.  Because of our familiarity with these rules, we can prepare appropriate procedures based on your business’ exposure to the risk of financial crime.  We can tailor these to fit your existing business processes and ensure that they are easily understood, implemented and overseen.

We are able to offer the services of an FSA and HMRC-approved Money Laundering Reporting Officer who can oversee the processes we implement and report to your Board, SOCA or your relevant authority as required… we can even complete the registration forms for you if you’d like us to.

If you would like to discuss any aspects of money laundering reporting or registration, please call or e-mail Simon Webber, our Managing Director.


FSA Client Categories

Client categorisation is an area where many people (including FSA authorised firms) are still confused.  To be fair to them, it has changed a few times and there are several complications and clashing concepts. 

For instance, it’s common to confuse concepts like ‘High Net Worth Individual‘ and ‘Sophisticated Investor‘ with client categorisation as retail, professional or eligible counterparty.  In fact they are nothing to do with one another – many investors are both High Net Worth and Sophisticated but still retail investors.

Client categorisation is particularly important when an authorised firm does not have the permissions to deal with retail investors.  If client categorisation isn’t handled properly, the firm can end up on the wrong side of the law.

All authorised firms must categorise their clients, so to start at the beginning; who is the client?  A client is any person to whom the firm provides, or may potentially provide,  a service in the course of carrying out a regulated activity.  Even if services aren’t provided to them, a person to whom a firm communicates, or for whom a firm approves, a financial promotion is also a client (but a different kind of client and slightly different rules apply).

How a client is initially categorised depends on what sort of entity they are.  Starting at the top and working down…

Eligible counterparties include investment firms, insurance companies, authorised collective investment schemes, pension funds, governments, central banks and supranational institutions (like the World Bank and IMF). 

Professional clients include many of these same entities because eligible counterparties are only counted as such in respect of eligible counterparty business, the rest of the time, they are professional clients.  This category also includes large businesses (how large depends on the services provided), trusts with asssets of more than €10m, and pension funds with more than 50 members.

Retail clients are everybody else – most SMEs and all individuals will be retail clients.

However, a retail client can ask to be treated as an ‘elective’ professional client.  This means that they will be less well protected by the FSA’s rules and so authorised firms are required to ensure that such people qualify to make the change.  The criteria for that qualification again depend on what kind of service is being provided.

For non-MiFID business,  the firm must assess the expertise, experience and knowledge of the client to ensure that they are capable of making investment decisions and understanding the risks involved.  Firms must have in place procedures and training to ensure such an assessment is adequate and must keep appropriate records.  There must also be an exchange of correspondence between the client and the firm in order to effect the change.

For MiFID business, as well as the above, the client must be able to satisfy two of the following quantitative tests:

  • they have carried out an average of 40 significant transactions on the relevant market in the last year;
  • they have a cash and financial instrument portfolio of over €500,000;
  • they have worked in the financial sector for at least one year in a professional position which requires knowledge of the transactions or services envisaged.

For many types of regulated activity, the first of these quantitative tests is highly unlikely to be met by even the most active investor.  If so, for an authorised firm carrying out MiFID business that does not have permission to take on retail clients, the only individuals they can work with are essentially financial services professionals with portfolios over €500,000… and there just aren’t as many hedge fund managers as there once were!

Retail clients who choose to recategorise as professional always have the right to return to being retail clients.  Indeed, all professional clients and eligible counterparties have the right to downgrade their categorisations and increase their potections.

As well as in relation to the provision of regulated services, client categorisation is important to financial promotions where communications which are likely to be received by retail clients must meet higher standards than others.   If a promotion is approved so that it can be circulated by unauthorised firms, the approval must be limited to the client categories for which it is written.  It is an offence under FSMA for a communication approved for professional clients to be distributed to retail clients.

If you are at all unclear about client categorisation, StypersonPOPEcan prepare a clear and straightforward procedure for you to follow.  Please contact Simon Webber for an initial discussion on 07710 260 717 or sw@strategic-compliance.co.uk.   


Promotion of Unregulated Collective Investment Schemes

As with most types of financial services, people who are not authorised and regulated by the FSA are very restricted in how they can promote an unregulated collective investment scheme.  Unusually even regulated firms are subject to tight restrictions.  The Financial Services and Markets Act 2000 (let’s just call it FSMA), makes it an offence for anyone to promote a scheme to the public:

“An authorised person must not communicate an invitation or inducement to participate in a collective investment scheme.”

Fortunately, for regulated firms, there are a few exemptions, one set is created by Treasury Order and the other by the FSA.

Treasury Exemptions
If an investor falls into one of the categories below, a fund can be promoted to them but the promoter must ensure that the investor falls into the category before making a promotion:

  • Investment Professionals (authorised firms and investment companies);
  • Sophisticated Investors with a certificate signed by an authorised firm covering unregulated schemes; and

  • High Net Worth Companies and Unincorporated Associations.

For some schemes that invest in unlisted securities, authorised firms can also invite High Net Worth Individuals and Sophisticated Investors to self-certify.

FSA Rules
These allow a scheme to be promoted to investors who have undergone an assessment by an authorised firm, including:

  • individuals for whom the scheme has been assessed as suitable (usually by a financial advisor); and

  • individuals for whom an assessment of experience, expertise and knowledge has been undertaken (sometimes by a financial advisor or the scheme’s Operator).

In these cases, a fund can be promoted to a potential investor on the basis that they will be prevented from investing unless they successfully complete the assessment (which may occur after the promotion has been made).

Whichever exemption the investors fall into, the documents for the scheme must meet detailed requirements laid down by FSMA, the Treasury and the FSA. These include presenting a balance of risk and reward, carrying appropriate warnings, giving sufficient information, and always being clear, fair and not misleading.  Summary documents can be used but these also have to meet the rules and must be consistent with all of the other information given to investors.

In most cases, an FSA authorised firm can approve the scheme documents and summaries for distribution by an unauthorised person but only to the relevant categories of exempt investor.  To rely on the FSA’s exemptions, careful procedures will need to be followed by the authorised firms (see our Services For Operators).

If you would like to discuss your plans to market an unregulated collective investment scheme, please contact Simon Webber, StypersonPOPE’s Managing Director, on 07710 260 717 or sw@strategic-compliance.co.uk.

 

 


Data Security in Authorised Firms

In 2008, the FSA made “Data Security” one of their priorities and although they do not lay down rules specific to data security, they expect authorised firms to take it extremely seriously as part of their commitment to establishing effective management systems and controls, and their obligation to treat customers fairly.

The risk of damage to a firm’s reputation and the cost of dealing with lost or stolen client information is bad enough but worse still is the danger that clients may be exposed to identity theft. Even small financial services firms which hold limited data on clients can be targeted by organised criminals or casual opportunists. The greatest threat often comes from the firm’s own staff; database encryption and secure servers are pointless if somebody can take client information away from the office on a CD or accidentally leave their laptop on a train.

The first step in establishing data security, is a performing a risk assessment specific to your business. The advice from the FSA is that:

“If firms think their in-house resources or expertise are inadequate to perform an effective risk assessment, they should consider seeking external guidance.”

Once completed, the risk assessment becomes the foundations on which proper policies and business-specific procedures can be built.

“We were not convinced by firms that claimed to have detailed data security rules but were unable to produce written policies and procedures”

Of course written policies are pointless if staff are not appropriately trained in their use. Because many people wrongly assume that data security is common sense (and because, let’s face it, it’s not a subject naturally dripping with drama), it is important to be creative.

“Our experience shows that many instances of data loss occur because staff do not know or understand relevant policies and procedures.”

Of course, we hope that risk assessments, appropriate procedures and effective training will prevent data loss or theft but if the worst happens, firms must decide how to react and this will probably involve advising those affected, something which must be done carefully but swiftly.

“Firms should consider telling affected consumers exactly what data has been lost, give them an assessment of the risk and give advice and assistance to consumers at a heightened risk of identity fraud.”

For a business-specific risk assessment, help creating suitable procedures, and some effective training on data security, do please give us a call or send us an e-mail.


Anti-Money Laundering

All FSA-authorised firms are required to ensure that their businesses are not used to facilitate financial crime.  Since December 2007, many unregulated companies have joined them, becoming responsible to other regulators including HMRC and the Office of Fair Trading (OFT).

The Joint Money Laundering Steering Group (JMLSG), part of the British Bankers’ Association (BBA), has devised rules for all of these businesses to follow in their anti-money laundering efforts.  Because of our familiarity with these rules, we can prepare appropriate procedures based on your business’ exposure to the risk of financial crime.  We can tailor these to fit your existing business processes and ensure that they are easily understood, implemented and overseen.

We are able to offer the services of an FSA and HMRC-approved Money Laundering Reporting Officer who can oversee the processes we implement and report to your Board, SOCA or you relevant authority as required. 

If you would like to discuss any aspects of money laundering reporting, please call or e-mail Simon Webber, our Managing Director.