All FSPs must have a Governance Framework that provides for the fair treatment of customers and prudent oversight of the business. This is one of the terms of the new Fit and Proper requirements that came into effect from 1 April 2018.
The framework consists of several policies and procedures. As all businesses are different, the framework must be aligned to the complexity, size, nature and risks applicable to each business.
The Governance Requirements in s37 under Operational Ability has an extensive list of what must be included in the framework. It includes:
- A business plan that sets out the aims and scope of the business, as well as the business strategies.
- Risk management policies that include procedures to identify any risks to the FSP’s activities, systems and processes. These policies and procedures need to ensure the FSP, officers, Key Individuals, representatives and other employees comply with the FAIS Act and FICA. The risk management procedures need to include systems that safeguard the security and confidentiality of information and must include electronic data security (including internal and external cyber security), physical security of assets and records, system application testing and back-up and disaster recovery plans.
- Accounting policies and procedures to enable the FSP to record, report and deliver financial reports to the Registrar that reflect a true and fair view of the financial position of the business. The procedures must ensure the reports are delivered within the deadlines.
- Sound and sustainable remuneration policies that promote alignment of the interests of the FSP with those of its clients. The policies must ensure that excessive risk taking and the unfair treatment of clients are avoided.
- Business continuity policy that will limit losses and preserve essential data and functions if the FSP’s systems and procedures are interrupted. It also requires the FSP to ensure timely recovery of data and functions if there is any interruption.
- Recovery plan to restore the FSP’s financial situation if it significantly deteriorates. This plan should also set out the available options for the orderly resolution of the FSP if it fails.
- Monitoring plan to ensure the systems, processes and internal controls are regularly monitored and evaluated to ensure that they are appropriate. The plan must include measures to address any shortcomings or failures. There must also be measures in place to ensure there is suitable segregation of key duties and functions, particularly where the same individual performs these, which may result in undetected errors or abuse that may expose the FSP or its clients to inappropriate risks.
Meeting this Fit and Proper requirement is critical to the ongoing authorisation of your business, so do not ignore the Governance Framework. Even if you already have several of these policies and procedures in place, it is important to familiarise yourself with the new requirements. The framework can then be adopted, documented and implemented to ensure ongoing compliance in your practice.
Masthead can provide a proposal to help you implement these requirements, if needed. To find out more about the specific requirements of the Governance Framework, please click here to read our newsletter.
Cybersecurity Online Course
Your risk management policies, procedures and systems must include, “systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information…”. These security policies must show how the FSP will safeguard the security, integrity and confidentiality of information, which includes physical security of assets and records, back-ups of data and disaster recovery plans. It further requires FSPs to consider appropriate measures to deal with cybersecurity threats.
Our Cybersecurity Online Course has been designed to equip you with the know-how to identify and avoid cyberattacks. Decrease your business’ risk of becoming a victim of cybercrime by making sure every employee is aware and able to spot an attack.