Many of the risk factors that potentially impact compliance with your AFS licence arise from how you manage your internal resources. You are required to develop compliance systems to manage these resources and to keep the details well documented and monitored.
The checklist below will help you ensure that you have policy and procedures documents on hand covering all the compliance areas:
Checklist of Policies & Procedures Documentation
If you engage Authorised Representatives then you need to have in place appropriate procedures and monitoring arrangements to ensure they do not operate outside their scope of authority.
You are required to have internal and external dispute resolution systems in place as well as procedures on how you conduct product research activities. If operating under a binder describe how you manage these activities.
Compensation arrangements (i.e. Professional Indemnity Insurance) are required as part of your licence conditions and ASIC is to be notified of any changes in these arrangements.
Details how you develop and provide mandatory documentation to clients including promotional materials. There should be a process in place to regularly check the accuracy of this information.
You should also have in place policies and procedures that address Anti-Hawking; Privacy; Conflicts of Interest, Spotter and referrers; Outsourced services (including external compliance reviews). There are a number of other important aspects such as staff procedures; business plans and how the company is generally managed and the personnel involved.
A compliance plan should be developed which addresses how the business complies with FSRA including the roles and responsibilities of various functions, such as Responsible Managers, the Compliance Officer and Complaints Officer.
Details how you manage the financial responsibilities of the company including having appropriate controls in place for client monies i.e. the trust account; determining your cash flow position and conducting regular financial viability tests.
Details how you manage representatives to ensure they do not operate outside their scope of authority. There should be in place sufficient procedures and monitoring arrangements to cover all aspects of human resources including recruitment; performance reviews; training and induction programs.
The licensee should have in place a succession plan to cover the contingency of loss or incapacity of key personnel. This includes the Responsible Manager as well as other positions identified as critical to the company.
The financial services industry is heavily reliant upon technology and you are required to have in place a strategic plan covering the adequacy, development and maintenance of such systems. There should also be sufficient procedures to cover data back up, network security and registers of software and hardware.
Depending on the size of the company there may be a need to have in place separate plans to cover Business Continuity and Disaster Recovery. These plans should focus how the remedial action will be implemented and who is responsible for what tasks. This should be tested to ensure its adequacy.
This area may be combined with Organisational Capacity documents depending on the size of the company. The risk Management plan will focus on the identification of risk, its significance and likely impact on the organisation.
All compliance procedures are to be monitored, updated and kept relevant to your business needs. Your operational manuals should be considered living documents.
When you update the document make sure to:
- Include a code or date so that the most up to date documents are in use
- Make sure they can be easily accessed by staff
- Implement activities to up date staff e.g. staff meetings, training courses or the intranet. Keep notes/files of these meetings or events
- The MD, senior manager or Board (if you have one) approves all of your documented policies during the year. Keep notes/files of these meetings or events.
The compliance measures you must implement relate to how you
- Set up and operate your financial services business
- Manage initial and ongoing customer contact
ASIC’s compliance requirements are intended to forestall risks to clients and markets in the event your business fails to maintain its efficiency and financial viability.
You will need to implement procedures that protect against abuses to consumers.
ASIC’s consumer protection goals are listed along with some of the specific compliance requirements you must address in your operational plans.
ASIC Consumer Protection Requirements
Consumers have sufficient factual information to make a decision about a financial product or service at the point of sale:
You must provide factual information about products and services through your distribution systems:
Consumers must be given good advice to help them make an informed decision about a product or service:
Consumers must not be mislead or put at a disadvantage by promotional activities: