Compliance Manual
In light of the changes in the regulatory environment, not least new FSA regulation of payment institutions, the Association recommends that all companies should have a written compliance manual which summarises the key policies of the company.
As a minimum, the Association recommend that the compliance manual should cover the following issues:
Financial Crime – dealing with the risks to the business
The firm needs to demonstrate that the company has appropriately evidence risk based procedures to address the following:
- Customer due diligence checks
- On going monitoring of business relationships
- Reporting of suspicions, both within the company, and to the Serious Organised Crime Agency
- Assessment of money laundering risks and application of enhanced measures in higher risk situations
- Record keeping
- Monitoring compliance with procedures
- Internal communication of policies and procedures
- Staff awareness and training on financial crime matters
Conduct of Business policy
Needs to explain how the firm is addressing all obligations in relation to its conduct of business obligations. The policy should cover issues such as different types of contracts (framework or single transaction), fees, exchange rates, delivery times, liability in event of non performance, etc. Under the PSR’s, all firms need to demonstrate that they have a COB policy in place.
Complaints Policy
Needs to explain how the firm will handle complaints received from a customer, up to and including the point at which the Financial Ombudsman Service (FOS) may get involved. Under the PSR’s, all firms need to demonstrate that they have a complaints policy in place.
Customer Charter
The firm should indicate whether or not it has signed up to the Remittances Customer Charter. Adherence to the Customer Charter is the kind of industry ‘good practice’ which the FOS are likely to refer to in cases where it was making an adjudication on a customer complaint. A copy of the Remittances Customer Charter is included here
Data Protection policy
Security of customer data (or lack of it) is a particular focus of the FSA in terms of their regulatory enforcement programme. Firms need to demonstrate that they have a policy to deal properly with confidential customer details, customer ID’s, etc.
Firms may feel that they need support from an external advisor to cover all the issues which need to be included in the written compliance manual.
Whilst the UKMTA does not specifically recommend any professional consultancies, payment firms looking for help may like to refer to the list on the Professional Services page.
If there are any questions, please contact the Association on 0207 808 7143.