CSA Annual Conference & Exhibition 2014 Presentation slides ...

CSA Annual Conference & Exhibition 2014 Presentation slides Plenary sessions & Stream 1 Preparing your business for FCA authorisation

CSA Annual Conference & Exhibition 2014 presentation slides The CSA Annual Conference & Exhibition 2014 was held at Crowne Plaza Heythrop Park on 10 & 11 September 2014. The presentation slides from the plenary sessions and Stream 1 – Preparing your business for FCA authorisation – are contained within this document.

Content Plenary session FCA address Susan de Mont, director of credit authorisations, FCA View slides

Stream 1 SYSC Gillian Tiplady, CSA regulatory and corporate counsel Claire Aynsley, CSA head of regulatory compliance and standards View slides

Stream 1 CSA L5 Diploma in Compliance Risk Management Stephen Morley, CSA Robert Bell, RB Compliance Consultancy Ltd Dr David Hutchinson, CSA Board Director View slides

Stream 1 FCA approved persons – who, what, when and how? Gillian Tiplady, CSA regulatory and corporate counsel View slides

Stream 1 Approved persons – the interview process Julie Pardy & Julia Kirkland, Financial Services & Training Partners (FSTP) Gillian Tiplady, CSA regulatory and corporate counsel View slides

September 2014

CSA Annual Conference 2014 Plenary sessions & Stream 1 slides

CSA Annual Conference & Exhibition 2014

CSA Annual Conference 2014

FCA address Susan de Mont Director of credit authorisations, FCA [email protected] CSA Annual Conference 2014

FCA Restricted

The FCA’s approach to authorising debt collectors and debt purchasers CSA Annual Conference 11 September 2014 Susan de Mont Director of Credit Authorisations

[email protected] 12

FCA objectives • FCA strategic objective – make markets work well • 3 operational objectives: • Securing an appropriate degree of consumer protection • Promoting effective competition • Market Integrity

[email protected]

13

Problems identified in the debt collection sector •

Data quality from seller – who is the debtor, what is the situation with the debt – e.g. disputes, accuracy etc.

•

Communications with clients – clear, fair and not misleading, especially misleading debt collection letters

•

Broader communication – distressed customers – what we expect of firms including being aware of their broader responsibilities around mental health and mental capacity

•

Awareness of the breadth of the scope of the debt collection regulated activity. This includes field collection and customer visits.

•

Finally, how far debt collectors signpost to debt advice

[email protected]

14

How we intend to raise standards: • A more pro-active and judgement based approach • Greater appetite for pre-emptive intervention • Focus on consumers and consumer outcomes • Addressing underlying causes • Encouraging firms to do the right thing rather than tick boxes • Firms expected to resolve issues promptly • Focus on senior management and boards

[email protected]

15

Threshold conditions • • • •

• •

Legal status – firms must have certain legal status to carry on certain activities (not Applicable to FCA-only regulated firms including limited permission firms); Location of offices – ‘mind and management’ (eg directors audit function etc) must be in the UK if firm is incorporated under UK law; Effective supervision – review business model and structure of firm (limited application to limited permission firms). In most cases, firms should have a UK establishment; Appropriate resources – firms must demonstrate appropriateness of financial resources, skills/experience, management and systems and controls (modified for limited permission firms re: financial resources); Suitability – Assess competency and integrity of staff/management eg criminal records checks. Firms should have consumers’ interests at the heart of the business; Business model – Assess firm’s business strategy against FCA’s operational objectives (doesn’t apply to limited permission firms)

[email protected]

16

Business model analysis How we look at culture • • • • • •

Response to regulatory issues; Consumer experience; Product and service design’; Decision making; Market behaviour; Remuneration structures.

Customer outcomes are key [email protected]

17

How we will be proportionate a) Systems and controls • •

3 staff – do not need 30 pages on monitoring, compliance and training 100 staff – we would expect a lot more detail about how a firm’s policies are adhered to

b) Extent of business plan, dependent on size and complexity of business c) Fees – Vary greatly depending on size [email protected]

18

Your application

[email protected]

19

Getting ready for authorisation

[email protected]

20

Conclusion • The FCA is committed to delivering higher standards • That means more stringent checks on firms’ behaviour, culture and competency • We are committed to helping firms through the process by being clear, transparent and proportionate • Use the tools we have made available www.fca.org.uk/creditready

[email protected]

21

Stream 1 sponsor:

SYSC Gillian Tiplady

CSA regulatory and corporate counsel

& Claire Aynsley

CSA head of regulatory compliance and standards

[email protected] CSA Annual Conference 2014

Preparing your Business for FCA Authorisation - SYSC Gillian Tiplady, CSA Regulatory and Corporate Counsel Claire Aynsley, Head of Regulatory Compliance and Standards [email protected] CSA Annual Conference 2014

SYSC – Governance, Risk and Management Purposes • to encourage directors and senior managers to take appropriate practical responsibility for how their firms deal with regulated matters; • to amplify Principle 3; • to encourage firms to vest responsibility for effective, responsible organisation in specific directors and senior managers; and • to create a common platform of organisational and systems and control requirements for all firms.

[email protected]

SYSC 1.1A: Application • Not all sections of SYSC apply to all firms • There are further sections that are disapplied for sole traders • There are provisions on proportionality that affect how SYSC operates depending upon the scale and complexity of your business (comprehensiveness and proportionality rule), SYSC 4.1.2R.

[email protected]

SYSC 4.1 General Requirements SYSC 4.1.1R “ A firm must have robust governance arrangements which include a clear organisational structure…” Consider: • an organisation chart, • a clear division of responsibility, and • supported by job descriptions.

[email protected]

SYSC 4.1 General Requirements SYSC 4.1.1R “ A firm must have robust governance arrangements which include a clear organisational structure with well-defined, transparent and consistent lines of responsibility ….” Consider that apportionment of responsibilities is important enough to be a controlled function in its own right (CF8). It is a basic function of senior management and good corporate governance.

[email protected]

SYSC 4.1 General Requirements SYSC 4.1.1R “ A firm must have robust governance arrangements which include a clear organisational structure with well-defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to ….”

[email protected]

SYSC 4.1 General Requirements SYSC 4.1.1R “ A firm must have robust governance arrangements which include a clear organisational structure with well-defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to and internal control mechanisms including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.” [email protected]

Comprehensiveness and Proportionality

SYSC 4.1.2 R “For a common platform firm, the arrangements, processes and mechanisms referred to in 4.1.1R must be comprehensive and proportionate to the complexity of the risks inherent in the business model and the firm’s activities must take into account the specific technical criteria described in 4.1.7R, 5.1.7R, SYSC 7 and 19A.” SYSC 4.1.2A G “Other firms should take account of the comprehensiveness and proportionality rule above as if it were guidance and as if “should” appeared in that rule instead of “must”.”

[email protected]

Business Continuity The following is drawn from SYSC 4.1.6 R and SYSC 4.1.7R. • Firms should take reasonable steps to ensure continuity and regularity in the performance of regulated activities. • Firms should employ appropriate and proportionate systems , resources and procedures. • Firms should establish and maintain an adequate business continuity policy aimed at preserving its activities and data in the event of an interruption to its systems.

Contents of a business continuity policy • Resource requirements, eg people, systems and arrangements for obtaining these. • Recovery priorities. • Communication arrangements for internal and external contacts, customers, regulator etc. • Escalation and invocation plans for implementing the business continuity plan. • Processes to validate the authenticity of information affected by the interruption. • Regular testing of the plan. [email protected]

Risk Management SYSC 7.1.2 R A … firm should establish, implement and maintain adequate risk management policies and procedures, including effective procedures for risk assessment, which identify risks relating to the firm’s activities, processes and systems, and where appropriate, set the level of risk tolerated by the firm. [email protected]

Further details • There will be a full analysis of SYSC in Compliance Guide 4 due out in early October to be supported by a webinar. • Contact us at [email protected]. • Contact me directly at [email protected].

[email protected]

CSA L5 Diploma in Compliance Risk Management Stephen Morley

CSA head of Learning & Development

& Robert Bell

RB Compliance Consultancy

& Dr David Hutchinson CSA Board Observer/NOCN


CSA Level 5 Diploma What is the course: • Accredited qualification in compliance risk management • Designed for senior compliance professionals or board members / high potential • Designed for both FCA and non-FCA regulated firms


CSA Level 5 Diploma What is the course: • Lasts one year (four units, monthly sessions) • Between units students must undertake self-study to prepare for seminars • Quarterly assessments plus a reflective journal


CSA Level 5 Diploma • More education???? • Do we really need it????

• It depends….


CSA Level 5 Diploma • FCA Regulation is just around the corner • As part of the application process FCA will look at our skills, knowledge & expertise (SYSC 5.1) • As we will learn today there are a number of rules and challenges this brings: – – – – – –

SYSC CONC FIT COND PRIN DISP


[email protected]

CSA Level 5 Diploma Diploma Syllabus FCA Requirement

Diploma Learning Outcome

PRIN 1-3

Assess how the regulator’s principles and/or rules affect the conduct of own business

SYSC 3

Determine the systems and controls that a business needs to have in place to meet regulatory requirements

SYSC 6

Evaluate own organisation’s systematic approach to mitigating risk using the ‘Three Lines of Defence’ model

SYSC 7.1

Evaluate key drivers of business risk and its interrelationship with compliance


CSA Level 5 Diploma Diploma Syllabus FCA Requirement

Diploma Learning Outcome

SYSC 7.1

Devise a process to ensure a compliant business approach to conduct risk

CONC

Assess business activities that are particularly vulnerable to noncompliance

SYSC 6.1.1

Financial Crime


CSA Level 5 Diploma Furthermore the course will: • Analyse how the regulators enforce legislation to influence governance, ethical business behaviour and conduct risk • Assess the financial implications of compliance to an organisation • Not only focused upon the FCA but equally nonregulated collection, DPA, etc. [email protected] CSA Annual Conference 2014

CSA Level 5 Diploma Assessment Methods Project / Compliance strategy for the business.

Unit 1: Legal and Regulatory Framework

Unit 2: The Role of the Compliance Officer

Unit 4: Compliance Strategy

Work based portfolio of evidence, along with entries into a reflective journal. CSA Annual Conference 2014

A single 3 hour unseen examination.

Unit 3: Monitoring Compliance

Assignment based assessment, along with entries into a reflective journal.

What are the benefits? • Qualified Compliance Officer to a professional standard • Opportunity to review current practices • Benchmark against legal and regulatory standards • Creation of a organic compliance strategy for the business


CSA Level 5 Diploma Knowledge, Skills, and Expertise = Competence

Q&A [email protected] CSA Annual Conference 2014

FCA approved persons – who, what, when and how? Gillian Tiplady


[email protected]


Approved persons – preparing your business

Why an approved persons regime? Controlled functions and approved persons Categories of controlled functions Identifying your approved person structure Preparing for application / documenting compliance • Post authorisation (new applicants/compliance) • The SIF interview • • • • •

[email protected]

Approved Persons – the rationale • As well as the organisation itself the FCA authorisation process also considers individuals who have a significant degree of influence over the business or its customers. • At and after authorisation people holding these functions need FCA approval to perform their roles. • The business must be satisfied that those it puts forward for approved persons status meet the requirements. [email protected]

What does being an approved person involve? You need to: • have FCA approval; • have an understanding of, and comply with FCA requirements; • maintain the standards of the Fit and Proper test for approved person; • comply with the Statements of Principle and Code of Practice for Approved Persons; and • alert the firm and the FCA to matters concerning the firm’s fitness and propriety. [email protected]

What is a controlled function • A role within a business that can be performed only by an individual approved by the FCA to do so. • Categories of controlled functions are to be found in SUP 10A. • An approved person is someone who has been approved by the FCA to carry out a controlled function within a business. • The controlled function relates only to the regulated activities of a firm so if you also do non-regulated activities the controlled function implications do not apply to that aspect of your work.

[email protected]

Categories of controlled function CF1 CF2 CF3 CF4 CF5

Significant Influence functions

Required functions

Systems and Controls functions Significant management functions *Limited applicability

CF6 CF8 CF10* CF10a* CF11 CF28 CF29*

Director Non-executive director Chief Executive Partner Director of unincorporated association Small friendly society Apportionment and oversight Compliance oversight CASS operational oversight MLRO Systems and controls Significant management

[email protected]

CF 1 Director • SUP 10A.6.7R “ If a firm is a body corporate (other than a limited liability partnership), the director function is the function of acting in the capacity or a director (other than non-executive director) of that firm.” • Be aware that this CF might also apply to people in parent or group undertakings who exercise a measure of control over the business. [email protected]

CF 2 Non-executive director SUP 10A.6.12R “ If a firm is a body corporate, the non-executive director function is the function of acting in the capacity of a non-executive director of that firm.” As with CF1 directors the non-executive director function can also apply to those in parent companies. [email protected]

CF 3 Chief Executive SUP 10A.6.17R “The chief executive function is the function of acting in the capacity of a chief executive of a firm” This is more helpfully defined in SUP 10A.6.18G as: “ having responsibility, alone or jointly with one or more others, under the immediate authority of the governing body: 1) for the conduct of the whole of the business (or relevant activities); or 2) in the case of a branch in the UK of an overseas firm, for the conduct of all of the activities subject to the UK regulatory system.”

[email protected]

CF 4 Partner • If the principal purpose of the firm is to perform one or more regulated activities, every partner in a partnership business needs approval to perform the CF 4 function. • Each partner will be assumed to have responsibility for each regulated activity except where responsibility has been apportioned differently. [email protected]

CF 5 director of a small friendly society An unincorporated association is an organisation set up through an agreement between a group of people who come together for a reason other than to make a profit, eg a voluntary group.

[email protected]

CF 6 small friendly society • In a small friendly society the person or persons directing its affairs need to be approved persons. • If its main purpose is other than to conduct regulated activities, the controlled function is performed only in relation to the regulated activities. [email protected]

CF 8 apportionment and oversight SUP 10A.7.1 R “The apportionment and oversight function is the function of acting in the capacity of a director or senior manager responsible for either or both of the apportionment function and the oversight function …” In understanding this function SYSC 2.1.1R is most helpful. [email protected]

Apportionment and oversight SYSC 2.1.1R “ A firm must take care to maintain a clear and appropriate apportionment of significant responsibilities among its directors and senior managers in such a way that: (1) it is clear who has which of those responsibilities; and (2) the business and affairs of the firm can be adequately monitored and controlled by the directors, relevant senior managers and governing body of the firm.” [email protected]

Allocation of functions SYSC 2.1.4

1 Firm type

A firm which is a body corporate and is a member of a group, other than a n incoming EEA or treaty firm

2 Allocation of both functions must be 3 Allocation to one or more to the following individual, if any individuals selected from this column is compulsory if there is no allocation to an individual in column 2, but is otherwise optional and additional: (1) the firm's chief executive (and all of them jointly, if more than one); or (2) a director or senior manager responsible for the overall management of: (a) the group; or (b) a group division within which some or all of the firm's regulated activities fall

the firm's and its group's: (1) directors; and(2) senior managers

[email protected]

CF 10 Compliance oversight and CF 10a CASS Operational oversight Limited applicability in credit related regulated activities. CF 10 is applicable to debt management, credit repair businesses and those holding client money or assets. CF10a is applicable to large debt management firms. [email protected]

CF11 MLRO • The Money Laundering Reporting Officer (MLRO) is the person: “with responsibility for oversight of its compliance with the FCA’s rules on systems and controls against money laundering” (SYSC 3.2.6 IR). • A firm “must ensure that its MLRO has a level of authority and independence within the firm and access to resources and information sufficient to enable him to carry out that responsibility.” [email protected]

CF 28 Systems and Controls SUP 10A.8 “.. the function of acting in the capacity of an employee of the firm with responsibility for reporting to the governing body of a firm, or the audit committee (or its equivalent) in relation to: (1) its financial affairs; (2) setting and controlling its risk exposure and (3) adherence to internal systems and controls, procedures and policies. [email protected]

CF 29 Significant management functions • Again of limited applicability to credit related regulated activities. • Applies where a firm allocates a significant responsibility to a senior manager who is not otherwise an approved person. • For example, appointing a senior manager rather than a director or partner as Head of Risk. [email protected]

Identifying your approved person structure • How to map your organisation. • Take this simple example: – J Co is a business that collects regulated debts. It is a limited company established by John senior who now sits on the board to monitor the performance of the business which pays his a pension, he takes no part in strategy or policy. The business is run by his sons John and James and has 100 employees. It is applying for full authorisation. [email protected]

Non-executive

Justin

Executive Directors

Manager

Jude

John Snr

John Chief Executive

James Finance Director

Jack Compliance Officer

[email protected]

Non-executive

Justin

CF2

Executive Directors

Jude

CF2

John Chief Executive CF1 CF3 CF8

Manager

Jack Compliance Officer CF11 MLRO

[email protected]

John Snr

James Finance Director CF1 CF28

Documenting compliance • Record your assessment of your organisational structure. • Create or amend job descriptions for all approved persons ensuring they clearly refer to the controlled functions and APER and FIT. • Review and amend any relevant reporting lines. • Ensure all approved persons have access to the right level of information and are properly trained on FCA regulation (a skills gap analysis is useful here). • Prepare learning and development plans for all of your approved persons. • Review employment contracts, and for the future job offer procedures – what happens if an individual fails to secure approval or has it withdrawn?

[email protected]

Post authorisation • Once within the FCA regime the business will need to monitor the performance and training of its approved persons. • What succession planning do you have in relation to your approved persons. • How will you monitor compliance with APER and FIT? • How will you prepare future approved persons for the SIF interview. [email protected]

The SIF interview • The following may be called for interview: – – – – – – – – –

Chairperson; Senior independent director; Chair of risk committee; Chair of audit committee; Chief Executive; Finance director/ chief finance officer; Risk director/ chief risk officer; Compliance oversight; CASS oversight

[email protected]

Topics covered in SIF interview • • • • • •

The market in which the firm does business. Strategy and business model of the firm. Risk management and control. Financial analysis and controls. Governance oversight and controls. Understanding of the regulatory framework. [email protected]

If you need more information • Compliance guide issue 3, part two will cover FIT and APER. • Contact CSA at [email protected]

[email protected]

And finally …

Any Questions?

[email protected]

Approved persons – the interview process Julie Pardy and Julia Kirkland

Financial Services & Training Partners (FSTP) &

Gillian Tiplady


[email protected]

Preparing for the Approved Person Regime Julia Kirkland, Managing Partner Julie Pardy, Partner

[email protected]

Agenda The challenges of Approved Person Regime (APER) • Pre application requirements • Post application and ongoing requirements • How to prepare for interview


Fitness & propriety standards • Competence and capability • Honesty, integrity and reputation • Financial soundness ..….and thereafter on a continuing basis Form A includes assessment of FIT and competence

[email protected]

81

Statements of principle for Approved Persons Personal integrity Operate a compliant business

Skill, care and diligence in management

Personal skill care & diligence

Statements of Principle for APER Business organisation & control

Proper standards of market conduct

Openness & honesty with Regulators


www.fstp.co.uk

Core Competencies for SIFs • • • • • •

Continuing basis; Regular assessment of competence and capability

Market knowledge Business strategy and model Risk management and control Financial analysis and controls Governance, oversight and controls Regulatory framework and requirements [email protected]

83

The FCA Interview topics

• General responsibilities of an approved person (Statement of Principles and what those mean in YOUR role) • Understanding of the role YOU have been asked to perform • Knowledge, skills and experience that YOU bring to the role • YOUR view of the main risks facing the firm and the role YOU play in managing them • How YOU have been prepared, by your firm, to perform the role. • What is YOUR motivation and capacity to deliver [email protected]

The interview

[email protected]

Preparing interview (‘dos and don’ts) DOs • • • • • • • • • •

DON’Ts

Prepare in advance Know how you control the business Quote hard data Show you understand the question Give good examples, where relevant If you don’t know, say so Ask for clarification if jargon used Be honest Smile! Remember all the things you are proud of!

• Take in large files of papers • Be vague (may, probably, I expect) • Answer without understanding the question • Ramble • Answer others’ questions • Answer in staccato • Over-answer questions • Make it up, exaggerate, or guess! • Fidget – be aware of body language • Challenge their remit • Appear impatient, intolerant or bored

[email protected] www.fstpglobal.com

86

Who are FSTP and how can we help?

LLP with Partners and Consultants all with financial services backgrounds We provide training and consultancy across all sectors of regulated financial services from interim managers, including PM through to professional qualification support

CSA Annual Conference & Exhibition 2014


Credit Services Association 2 Esh Plaza Sir Bobby Robson Way Great Park Newcastle Upon Tyne NE13 9BA

W: www.csa-uk.com T: +44 (0) 191 217 0775 F: +44 (0) 191 236 2709