Analysing the business and then mapping onto the requirements will produce solutions that make sense for you and are efficient and effective.
The range of services covers financial services regulation (FCA or DPB), ISO27001 information security certification and ISO9001 quality mangement certification. In each of those areas the solutions that are implemented will be a good fit for the organisation and avoid bureaucracy.
ISO27001 information security certification
There is an increasing interest in ISO27001 certification for professional service firms. Irrespective of whether you wanted me or someone else to help, the important thing is to avoid any consultant who might come in and lay a whole standard set of things on top of what you are already doing. The security arrangements that you already have in place will satisfy some, if not many, of the requirements of the ISO27001 standard and a sensible first step will be to carry out a gap analysis. In some areas you will have nothing extra to do, in others there may be simple track changes to your existing policies - but there could be some areas that are not covered at all and including those might improve your security arrangements. A free initial meeting will establish the overall position.
Regulatory policy and procedures
Everything I do will be based on creating policies that are right for your organisation. Splitting the material between the different roles will minimise the amount that people have to read and focus their attention on the things that matter to them. Building the regulatory requirements into normal business processes will reduce the amount of ‘special’ things that people have to remember to do.
I can cover all areas including Training & Competence, Conflicts, TCF (Treating Customers Fairly), Remuneration, Capital Adequacy and Liquidity, Gifts & Entertainment and Personal Dealings.
Before implementation you may need to test and refine the policy with a number of individuals or groups within your organisation. This can involve liaison with individuals with differing views. I have experience of working with individuals at all levels to reach final agreement on a policy.
The FCA requires that each firm records the various roles and responsibilities. From a business perspective you will want to manage your company in a way that avoids silos and encourages ‘co-operation without duplication’ between business and corporate functions. For instance, the compliance function needs to work hand-in-hand with HR on training and competence and with IT and Security on data security. I can advise on your arrangements and put in place documentation to satisfy the regulator.
Anti-Money Laundering (AML)
I am experienced in anti-money laundering and other areas of financial crime prevention such as fraud prevention and anti-bribery and corruption.
You may find yourself on the receiving end of what seem like unreasonable requests for documentation from banks and insurance companies. For example, they may want passports and documentation from each of the trustees of a pension scheme. If it seems unreasonable - then it probably is. I have successfully negotiated with banks to remove the need for individual documents so that all that is required is evidence of the approval of the pension scheme. My advice to you, and if necessary to banks, will be based on a detailed understanding of the guidance from the JMLSG (Joint Money Laundering Steering Group).
FCA or DPB authorisation
If you are not yet authorised then I can work with you to prepare for authorisation, make the application and put in place the necessary arrangements. From a business perspective you will already be worrying about many of the things that the regulator is also concerned about and so by starting with what you already do as a business it will be possible to make best use of what you already have and avoid unnecessary bureaucracy.
It is important that you understand what counts as regulated work and what doesn’t. You may be able to provide many of your services without the need to be authorised. If you do need to be authorised, then knowing the boundaries between regulated and non-regulated work will help to keep your authorisation fees at a low level.
Are the policies, procedures, roles and responsibilities that you have in place sufficient? I can provide guidance on that and also look to identify inefficiencies.
The requirements will often not be prescriptive but will be principles-based. That is good in that it allows you to put in place arrangements that are right for your firm. However it does mean that you need to be able to justify your position. I can review your interpretation of the guidance and your judgement and check that the evidence in your documentation is sufficient to justify the approach you are taking. Being able to justify your judgement is particularly important if your business is not familiar to the regulator.
Every company will be involved in routine operational matters – and every company will occasionally find itself in a situation where its internal resources are unable to meet those requirements. I am able to act on a one-off or interim management basis to keep things going.
Whether it is to do with the FCA returns (Gabriel, ONA, fee tariff, RDR, close links and controllers) or any other operational matter, I can help.
I can help you to create a risk-based plan for your internal audits. Often it will be the case that you will have internal resources that can carry out the audits and I can provide training that may help with that. Alternatively you can outsource the audits to me. From time to time you may identify particular areas that would benefit from a fresh pair of eyes to look at them and so it may be desirable to use me for those one-off investigations.