The Model Office Blog

Remote working and managing compliance risk

[fa icon="calendar'] Aug 7, 2020 11:53:38 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAWG, FAMR, MiFIDII, SMCR, Data, GDPR, Chatbot, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, resilience

[fa icon="comment"] 0 Comments

One of the biggest concerns the FCA are banging on about is business resilience through the pandemic we face. It is clear that the regulator expects firms to take full accountability for their own governance, risk and compliance (GRC) affairs and align this with building systems and controls that will identify monitor, manage operational and financial resilience.

 

The pandemic has now brought a new way of working and with it the application of existing and new technologies that can streamline business management practices. With remote working the new norm, we also have challenges in ensuring our staff are aligned, engaged and also are happy, mental health is also a concern when we have to isolate and remove ourselves from the social interaction a workplace brings.

 

Enforcing regulatory compliance can be challenging enough when your workforce is in the office, but when dispersed this is a huge challenge.

 

So what can we do to ensure we keep our finger on the GRC pulse, encourage a resilient and positive working practice and culture?

 

  1. Communicate, communicate, communicate: Employing clear processes, systems and controls that engages all stakeholders is essential. This means everyone knows the risks and challenges faced but most importantly, how they are managed and the part they and others play. The Senior Managers and Certification Regime (SM&CR) is a huge help here, firms should already have their roles, responsibilities and delegation strategy mapped so everyone knows who does what, when and how
  2. The art of collaboration: The has never been a more important time to ensure your C-suite, compliance, operations, teams are working together around GRC. By streamlining working practices around remote working challenges and opportunities, this can enable effective and efficient identification of risks that can impact business resilience. We can also reduce admin and duplication and get the messages we need across quicker to staff and clients alike.
  3. Be security minded: Cyber-risks are on the up during the pandemic, so we have to ensure that operational systems and controls are in place to protect our business practices across, client communications, asset and document management and data security. Remote workers could be the ‘weakest link’ here, as they are working with new systems and technologies, so mandating specific cyber-risk proofed platforms such as back office, e-mail encryption and document protection will be crucial.
  4. Get onboard the same train: All staff need to be of the same understanding when it comes to compliance, resilience and risk management. So ensure you’re up-to-date with your training and competence programme, again the SM&CR and conduct rules training will help here
  5. Automate and streamline: Technology isn’t magic, but built and implemented well it’s a great enabler platform for your business to work more effectively around GRC, keeping staff engaged and happy and your business resilient across constant operational and financial risks.
Read More [fa icon="long-arrow-right"]

The FCA and Your Financial Resilience

[fa icon="calendar'] Jul 31, 2020 10:30:17 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAWG, FAMR, MiFIDII, SMCR, Data, GDPR, Chatbot, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, resilience

[fa icon="comment"] 0 Comments

The FCA’s Final Guidance assessing adequate financial resources places a specific spotlight on retail investment adviser firm’s (RIA’s) financial resilience. The minimum standards the regulator uses to protect consumers, reduce market disruption and minimise harm and assess firm’s sustainability are called threshold conditions.   

 

Threshold conditions and Financial resilience

The assessment of appropriate resources under threshold conditions considers:

  • the nature and scale of a firm’s business model
  • the risks to the continuity of the services provided
  • the impact of other members of the firm's group on the adequacy of its resources
  • To assess if a firm has adequate financial resources, we consider if a firm:
  • has the ability to meet its debts when they fall due
  • For firms, other than those with limited consumer credit permissions, we also consider if a firm has:
  • taken reasonable steps to identify and measure its risks
  • appropriate systems and controls and human resources to measure risks prudently at all times
  • access to adequate capital to support the business, and that client money and custody assets are
  • not placed at risk
  • resources which are commensurate with the likely risks it faces

With a pandemic to manage through, the FCA are obviously concerned at firm’s who sit outside formal prudential standards for adequate financial resources, for instance Internal Capital Adequacy Assessment Process (ICAAP) requires banks boards to regularly assess and mitigate risks and ensure adequate financial capital is retained to manage these risks.

 

So, we now have a framework that requires RIAs to implement and evidence Governance, Risk and Compliance (GRC) strategy to assess and manage across:

 

Systems, controls, governance and culture:  Here the FCA are interested in conduct i.e. behaviours that drive good outcomes across the firm’s purpose, competent leadership, staff competence and incentives. Plus, employ sound risk management across systems and controls such as whistle blowing or complaints handling. What drives all this is individuals accountability and responsibility, something RIAs should have addressed under the Senior Managers and Certification Regime (SM&CR)

 

RIAs are also now expected to employ a system to identify, monitor and manage risks and employ a quantified risk appetite strategy which is communicated, understood and followed across the firm. Policy and procedures are then required to ensure the risk function is resourced, has appropriate controls, manage conflict of interests and outsourcing risks.

 

Identify and assess the impact of harm: Here RIAs should place a specific focus on conduct and competence, ensuring the right people are in the right place with the right skills and responsibilities. Firm’s need to ensure they can compensate consumers for losses and thus the issue of the Financial Services Compensation Scheme (FSCS) and ability to fund applies here. It’s worth noting that the majority of payments made by the FSCS is against solo regulated firms are those firms not subject to detailed prudential standards discussed above.

 

Continuity of service is also a key area and thus RIAs need to evidence investment in people, processes, systems and controls. Advice suitability is front and centre here, particularly around pension transfers for example.

 

Monitor and manage the potential depletion of financial resources: As I have written extensively on the need for RIAs to balance their charging strategy and move away from the industry wide reliance on ad-valorem charging to client paid fees, the issues we have witnessed during adverse market conditions such as the financial crises and current Covid19 means that there is a risk of depletion of income that can adversely affect the firm’s financial stability. Firm’s need to keep clients close, box clever and shift a percentage of fees to direct charging. This can stabilise cashflow in the short and long term.

 

Business model strategy and sustainability: Whenever I speak at public events, I tend to ask the question how many firms have a bonafide 10-year busines plan. Very few put their hands up! Just as it is so important for clients to have a long-term financial plan, RIAs need to employ a strategic plan that can ensure strengths, weaknesses, opportunities and threats are covered, stress testing is in place and all staff are aligned to this company strategy. This will ensure the FCA have confidence is RIA ability to manage financial resilience across the business and their client needs.  

 

Wind down planning:  Preparing for worst case scenarios is crucial, after all, it is those adviser firms who ensure their clients have adequate life insurance who are providing a holistic service, so RIAs also need to ensure that their business strategy incorporates their own demise if this is an unavoidable outcome of the pandemic.

 

How can firms deal with all this?

 

We need to avoid overwhelm and ensure firms continue to conduct the good work they are doing, so here we would argue that risk diagnostic assessments can help to ensure GRC strategy incorporating operation and financial resilience activities.

 

So, employing technology is a good start, this can ensure RIA’s gain specific management information and data to ensure their business resilience strategies are aligned to their rules and also to their clients and stakeholder needs. At Model Office for example, we have made our Financial Resilience Diagnostic free of charge so firms gain heat mapped dashboards and assess the strengths of their firm’s financial ratios and cashflow. You can sign up and download it for free here.

 

We have also developed an Action Tracker, Compliance Diary system that allows firms to automate audit actions and provides alerts to ensure stuff gets done and identify, manage and monitor risks.

Read More [fa icon="long-arrow-right"]

Appropriate Advice, Culture, Competence and Conduct

[fa icon="calendar'] Jul 10, 2020 10:30:41 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAWG, FAMR, MiFIDII, SMCR, Data, GDPR, Chatbot, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting

[fa icon="comment"] 0 Comments

  1. Examine your firm’s culture. At Model Office we benchmark your firm’s culture, conduct and competence against the rules and your peers so you know that you are meeting the FCA’s standards on suitability which essentially is all about culture. And although a recent piece of research from the regulator suggests that measuring your corporate culture may not be the magic solution many businesses hope for, implementing actions that move you towards a more compliant culture can only have positive effects.
  2. Part of this cultural overhaul may involve making compliance procedures more central to your processes. This might mean giving everyone accountability for compliance.
  3. Encourage greater collaboration between Marketing and Compliance. Often, people are tempted to shortcut the correct processes due to a desire to speed materials to market or avoid labour-intensive manual edits. Closer working between your Compliance team and Marketing – or other – teams producing promotional materials can help to create a clearer understanding of what’s acceptable and will be approved without the need for time-consuming revisions.
  4. Re-familiarise yourself with the FCA’s 6 consumer outcomes – many of which centre around suitability and fairness. Work towards meeting these and more suitable advice should be a natural result.
  5. Ensure your marketing and communications materials are a fair and accurate reflection of your products. For regulated firms, robust and consistent Compliance team reviews are central to this. 
    Mandating approvals before financial promotions are published will reduce the changes of non-compliant materials reaching the market. 
    Some firms have found that introducing an element of 
    automation can help here, making the Compliance approval process non-negotiable as well as simpler, faster and more robust.
  6. Keep control of your financial promotions. Sign-off is essential, but when it comes to having rigour around your marketing activity, it’s not the whole story. If a ‘rogue’ advert or promotion is issued by mistake, are your processes geared up to respond?

Please click the below icon link to MO®'s #RegTech platform and learn more about MO® today..

Read More [fa icon="long-arrow-right"]

The FCA's focus for the remainder of 2020

[fa icon="calendar'] Jun 26, 2020 9:50:31 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAWG, FAMR, MiFIDII, SMCR, Data, GDPR, Chatbot, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting

[fa icon="comment"] 0 Comments

In their latest 2020/21 business plan the FCA outlines 5 key areas of concern and risk:

Read More [fa icon="long-arrow-right"]

RegTech, Karate, Resilience, Persistence and Patience

[fa icon="calendar'] May 29, 2020 9:55:13 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAWG, FAMR, MiFIDII, SMCR, Data, GDPR, Chatbot, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, karate

[fa icon="comment"] 0 Comments

Maybe one for Facebook, our founder and director Chris Davies said, but achieving Shodan first degree blackbelt last weekend with his local karate club Tiska St Albans is testament to the ‘two P’s’ we apply to our business; persistence and patience.

Read More [fa icon="long-arrow-right"]

The FCA, The SM&CR and COVID19

[fa icon="calendar'] Apr 23, 2020 2:21:26 PM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAMR, MiFIDII, SMCR, Data, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, HRD, PII, Pandemic, COVID19, resilience

[fa icon="comment"] 0 Comments

The FCA and Prudential Regulatory Authority (PRA) have released a joint statement for dual regulated firms outlining its expectation for firms during the COVID19 pandemic. The FCA have also released a statement on solo regulations showcasing a flexible approach.

Here we cover the FCA statement on expectations for solo-regulated firms:

  1. Senior Management Responsibilities: In relation to risk responsibilities, Senior Managers (SM’s) should now consider;
  • Where the current situation might lead to emerging risks
  • How it effects existing risks along with controls used to manage them
  1. Statements of Responsibilities and ‘significant changes’ to Senior Manager responsibilities: The FCA are concerned with SM absences or change in SM responsibilities due to the pandemic. The good news is the FCA are adopting a flexible approach here and does not intend to enforce the requirement to submit updated Statements of Responsibilities (SoRs) if the change:
  • Covers multiple sicknesses, temporary changes in responsibilities due to the pandemic
  • Is expected to revert to the firm’s previous arrangements and are temporary

What does not change is the requirement for documenting allocations of responsibility (including temporary) to ensure all are aware of everyone’s responsibilities. It is also deemed good practice for firms to keep a record (running commentary) of the SM roles and responsibilities something SYSC 2.1 requires already i.e. clear on where responsibilities lie and business affairs are monitored. Finally firms should update the FCA on any SMs who are furloughed through this pandemic.

  1. Temporary arrangements for Senior Manager Functions:
  • Firms can notify the FCA if they need to modify the 12 week rule (which allows an individual to cover a SM without being approved where the absence is temporary/reasonably unforeseen and the appointment is under 12 weeks) if temporary arrangements last longer than 12 weeks to a maximum of 36 weeks.
  • Temporary roles and responsibilities still need to be documented
  • Prescribed Responsibilities (PRs) can be allocated to the individual taking the temporary role (rather than only to another approved SM)
  • Firms should still allocate a role to the most senior individual available
  1. Furloughed staff: The FCA issues a key workers in financial services statement, which stated individuals captured by the Senior Mangers Regime (SMR) maybe considered key workers. It now recognises that some SM’s maybe furloughed if unable to fulfil responsibilities (due to illness, caring for others or no current practical responsibilities):
  • A furloughed SM will retain their approval (unless permanently exiting) and not require re-approval by the FCA upon return
  • The firm is still responsible for the SM fit and proper status
  • If SYSC 26 (overall responsibility rule) applies, the firm should re-allocate responsibilities to another SM.
  • PRs should be re-allocated to another SM
  • Required functions (SMF16 Compliance SMF17 Anti Money Laundering) should be furloughed as a ‘last resort’. If replaced and temporary the firm can use the 12-week rule to arrange cover. Firms should ensure that any allocation is appropriate and complies with FCA rules (e.g. an oversight role cannot be allocated to an executive)
  • It is important to note that other SMFs are not mandatory and thus firms have flexibility to furlough individuals performing them.

So, it is imperative firms keep their eye on the compliance ball during this pandemic and indeed know that the FCA are building in flexibility to ensure firms have the best opportunity to continue to comply and compete.

...Live Long and Prosper...Keep well and stay safe 

Read More [fa icon="long-arrow-right"]

The FCA and COVID19

[fa icon="calendar'] Apr 3, 2020 11:02:42 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAMR, MiFIDII, SMCR, Data, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, HRD, PII, Pandemic, COVID19, resilience

[fa icon="comment"] 0 Comments

With the on-going need for firms to continue to comply and compete, it’s worth focusing on the FCA measures and strategy taken to gain insight into what measures firms need to apply during these trying times:

Financial Resilience:

Operational resilience (we cover this in our next live webinar Thursday 9th April 14:00) is a key focus for the regulator and sits as one of the 8 main areas for regulation in its 19/20 business plan. Saying that it wants ‘firms to continue operating during this challenging  period’ the FCA confirmed it intends to ‘provide flexibility to regulated firms to ensure this’. Its expectations cover:

  • Firms that have been set capital and liquidity buffers should use them to support the continuation of the firm’s activities. 
  • Firms should plan ahead and ensure the sound management of their financial resources. This might include using government schemes designed to help firms through this period to meet debts as they fall due.
  • If a firm needs to exit the market, planning should consider how this can be done in an orderly way while taking steps to reduce the harm to consumers and the markets.

SM&CR Responsibilities:

The FCA do not require a single senior manager responsible for coronavirus response.

  • SMF24 operational resilience comes into focus
  • SMF1 or most relevant staff member need to take responsibilities for key workers

Dear CEO letter:

Oh yes we have another one, but a good one! Here the FCA want to address some long overdue issues some of which make complete sense for the retail investment advice sector;  

  • Flexibility across client identify verification;
    • Accept scanned documents (PDFs)
    • Accept client selfies or videos (Social media eat your heart out) We would add linked in profile to verify professional status
    • Due diligence on ‘other’s e.g. bank account provider, agreements to access data
    • Use commercial providers
    • Additional data to triangulate evidence such as IP addresses, phone numbers
    • Verification of email/ physical address via electron codes
    • Seek additional verification once self-isolation measures lifted
  • Flexibility over 10% depreciation notification (until end September) No action taken:
    • If firm has issues at least one notification within a current reporting period
    • If a firm provides general updates (which firms doesn’t?)
    • If a firm decides to stop reporting to professional clients only

So plenty of good stuff, firm’s will really benefit from such relaxation of measures but should ensure they’ve got their finger on the governance, risk and compliance pulse.

...Live Long and Prosper...Keep well and Healthy 

Read More [fa icon="long-arrow-right"]

Pandemic Planning Checklist

[fa icon="calendar'] Mar 27, 2020 10:19:05 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAMR, MiFIDII, SMCR, Data, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, HRD, PII, Pandemic, COVID19

[fa icon="comment"] 0 Comments

We hope you're going well as we finish the first lockdown working week. Last week we went live with our COVID19 risk management webinar which you can watch here. We produced a checklist that you can apply to your business to ensure you keep things ticking over through this Pandemic outbreak.
 
We hope you find it useful:
 
1. Ensure any i mpact is factored into the business strategy, roles and responsibilities and utilise RegTech to ensure you continue to comply and compete (Model Office's Financial Stress Test diagnostic is now available for free to help assess a firm's cashflow strengths)
2. Implement a p rocess on investment decisions and capital requirements
3. Put a c lient communication plan is in place and employ a triage strategy when engaging clients. Advisers can then contact the client and assess how best to help the client
4.  Once triage is completed engage clients through virtual technology such as Skype, Zoom, Join.me and running online reviews and meetings plus use FinTech applications such as Client Portals, Cash flow modelling or Robo-Advice 
5.  Develop content led syndication across social media, blogs, opinion pieces, video to re-assure clients
6.  Assess and understand your firm’s and client’s market exposure, hold regular board/invest committees
7.  Understand the impact on Business Insurance, Rates and assess Government support
8.  Work smart with staff working from home as necessary or developing shifts to minimise travel and personal interaction for staff and use webinar tech to hold team or conference meets
9.  If consultants or Non-Exec Directors are employed and an absolute necessity to have them attend your business premises, then their engagements need to be assessed and a view taken on whether they need to self isolate for 14 days before returning having visited other 'at risk' premises. 

...and Live Long and Prosper...Keep well and Healthy 

Read More [fa icon="long-arrow-right"]

Social distancing does not mean social isolation

[fa icon="calendar'] Mar 10, 2020 1:16:08 PM / by Chris Davies posted in Benchmark, compliance, client centric, Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAMR, MiFIDII, SMCR, Data, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, HRD, PII

[fa icon="comment"] 0 Comments

Having lived through Severe Acute Respiratory Syndrome (SARS) in Hong Kong I seem to have a deja vu with COVID-19 and social distancing upon us as we move towards a period of uncertainty where the most basic of human instincts, connecting face to face to learn and explore collaboration may be curtailed for a number of weeks or even months. We are running a webinar on this Friday 20th 11am which you can sign up for here 

So here are our thoughts on how to move forwards with composure, integrity and transparency.

The world we operate in is full of risks and risk management is a pre-requisite now for firms to survive and thrive and showcase professional practice. The FCA define risk as ‘the combination of impact (potential harm caused) and probability (likelihood of issue or event occurring)’.

 There are significant benefits to risk management:

  • Improve governance across compliance, conduct, competency
  • Increase the likelihood of achieving the organisation’s goals
  • Provide assurance and stakeholder confidence and trust
  • Establish a reliable basis for decision making and planning
  • Improve organisational resilience
  • Effectively allocate and use resources for risk treatment
  • Establish enhanced decision-making which in-turn will provide benefits by way of improvements in the efficiency of organisational operations, effectiveness of tactics (change processes) and the efficacy of the overall organisational strategy

Where a national and global health and financial challenge is concerned firms now should:

  • Focus on engaging their clients and re-assuring them that services and portfolios are risk assessed, managed and monitored
  • Re-assure staff and follow NHS guidance on cleanliness of premises and social distancing
  • Employ RegTech to ensure they identify, manage and monitor risks across the business plus using technology will minimise interpersonal interaction 

Once completed, firms can then better assess a way forward with their business and clients across:

  • Review a strategy for individual contact for example it could be wise to cease handshaking, keeping a distance and limit close social contact and ensure any staff or clients with a fever, cold or flu symptoms stay home. We’re advocating the Vulcan greeting; ‘Live Long and Prosper’
  • Ensure the principles of individual cleanliness are communicated such as hand washing and not touch your eyes, nose or mouth, plus read up on WHO Q&A
  • Design and employ a triage strategy when engaging clients to find out if a meeting is necessary or not. Advisers can then contact the client and assess how best to help the client 
  • Once triage is completed engage clients through virtual technology such as Skype, Zoom, Join.me and running online reviews and meetings plus use FinTech applications such as Client Portals, Cash flow modelling or Robo-Advice 
  • Develop content led syndication across social media, blogs, opinion pieces, video to re-assure clients
  • Work smart with staff working from home as necessary or developing shifts to minimise travel and personal interaction for staff and use webinar tech to hold team or conference meets.
  • Support home working by offering guidance around daily work routine and engagement, mental fatigue and anxiety management, support tools such as computers, cellphones and webex access
  • If consultants or Non-Exec Directors are employed then their engagements need to be assessed and a view taken on whether they need to self isolate for 14 days  before returning having visited other 'at risk' premises. 

Along with SARS, COVID-19 requires a sensible and practical strategy. Business as usual should continue until we hear otherwise, but by applying some tweaks to existing practice as above will provide re-assurance to your staff and your clients.

Live Long and Prosper...

Read More [fa icon="long-arrow-right"]

Retail Investment Adviser Benchmark Study 2020

[fa icon="calendar'] Mar 6, 2020 9:29:50 AM / by Chris Davies posted in Benchmark, compliance, client centric, Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAMR, MiFIDII, SMCR, Data, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, HRD, PII

[fa icon="comment"] 0 Comments

We have now launched our second bi-annual industry benchmark report which focuses on the key trends and challenges that retail investment advice firms face.

Read More [fa icon="long-arrow-right"]

Subscribe to Email Updates

Recent Posts