In our first issue of Mastering Compliance for 2016, we discussed the 3 new sub-categories of financial products which the proposed fit and proper requirements look to implement. We now focus on the proposed requirements for operational ability and the changes it will bring should it be implemented.
The proposed operational ability requirements are very comprehensive and sets out in detail what an FSP ‘must have’. Highlighted below are some of the differences between the current and proposed requirements.
The practice of ‘rent a key individual’ is an issue for the FSB and is therefore addressed in the proposed amendments. The proposed requirement is that an FSP must, on a regular basis, assess its key individuals’ operational ability to adequately and effectively perform their functions, taking into account the nature, scale, range and complexity of the FSP’s financial services activities.
Additionally, a key individual must be able to demonstrate to the Registrar that he/she has the required operational ability to effectively and adequately manage or oversee the financial services activities of the FSP. The onus will therefore be placed both on the FSP and the Key Individual to prove that they do have the operational ability to be the key individual of an FSP and its related services.
Disaster Recovery Plan
In the current requirements, an FSP’s procedures and controls must include processes to ensure that the records of the business are backed-up and that the business has a plan in the event of any interruption which has typically formed part of the Disaster Recovery Plan. The draft Notice, has extended the recovery procedures to include a plan “for the restoration of its financial situation following a significant deterioration and viable resolution plans setting out options for the orderly resolution of the FSP in the case of failure;”. In an environment of rising costs and a struggling economy, financial risk is one that all FSPs should consider and evaluate. Deciding on a plan of action to follow should a financial risk materialise is good practice. Although this is spelt out in the proposed amendments to the fit and proper requirements, it is already encompassed in the requirement to manage risks set out in Section 11 of the General Code of Conduct.
Business Continuity Plan
Currently, an FSP is required to have a business continuity plan in place. In the proposed requirements, this has been extended to say that an FSP must “establish, maintain and apply an adequate business continuity policy which in the case of an interruption to its systems and procedures, will limit any losses, will preserve essential dates and functions, the maintenance of its regulated activities, or where that is not possible, the timely recovery of data and the timely resumption of activities.” This will require FSPs to ensure that their continuity plan extends to a policy, setting out the elements mentioned in the proposed requirements.
Although the FSB requires all FSPs to submit a business plan or strategy at application stage, and will also request this should they conduct an on-site visit, there has not been any specific section in the legislation that requires this.
The proposed requirement is that an FSP will have to establish, maintain and apply a business plan which sets out the aim and scope of the business and the business strategies. An FSP will therefore need a documented business plan that sets out the strategies and goals of the business. This is to demonstrate how they plan on growing the business and/or have a documented plan of where the business is heading. Masthead has helped many FSPs to set up a documented and effective business plan. If you would like assistance, please book your seat at the next Business Planning Seminar.
To contact your regional office click here.
Risk Management Policies and Procedures
Adequate risk management procedures has always been a requirement under the Determination of Fit and Proper Requirements as well as in the General Code of Conduct. However, the proposals provide more specific detail about what will be expected of an FSP. FSPs will have to evidence risk management policies and procedures which should include effective procedures for managing risks, the identification of risks and setting the level of risk tolerated by the FSP. It furthermore specifies, as an additional requirement, that FSPs must have effective policies which includes clear policies covering risk management and the internal controls in the FSP to mitigate those risks.
If you have not yet attended our Risk Management Plan seminar, please contact your Masthead regional office to book your seat.
In this seminar we use learnings from real life FSB on-site visits to guide you on what the FSB regards as risks.
We’ll take you through a step-by-step process to identify the regulatory and business risks in your business. We will look at risks in each area of the business including: strategic; operational; human resources; financial; marketing; advice and customers.
You will also be guided on how to rate the severity of risks, calculate the impact on your business and learn how to mitigate risks in your business.
To contact your regional office click here.
The proposed changes will create a very specific duty on all FSPs to establish and maintain the specified requirements in order to qualify as being ‘fit and proper’. The FSB is still receiving comments from the industry on the views of these proposed requirements and we will keep you updated should there be any further communication from the Regulator in this regard.