This is an area that is critically important for all financial services firms but where we see many making basic mistakes from record keeping to content specificity during our reviews.
Training must not be a “tick box” exercise – it is the foundation to a firm’s overall culture.
Training should be designed appropriately for the firm’s operations, compliance obligations and risks and should be well executed and documented.
The values of online vs face-to-face training should also be considered.
6 Financial crime arrangements
Firms not completing financial crime risk assessments, or conducting one as a one-off initial exercise that hasn’t been revisited either recently - or in some cases since the firm’s inception is another pitfall.
A thorough understanding of its financial crime risks is key if a firm is to apply proportionate and effective systems and controls.
7 FCA reporting
Three key issues that pop up over and over again in firms’ regulatory reporting include:
- Incorrect Gabriel schedule – often these have been set up the wrong way or amended incorrectly. Firms should regularly review their schedules.
- Erroneous fixed overheads requirements calculations – There are two different calculation methods, use the correct one.
- Wrong controllers and close links reports – it is important to provide the right information. Also, senior managers must understand the impact of decisions on group
structure.
8 Financial planning – Firms often neglect this area. The FCA expects that firms:
- Undertake financial forecasting – Have a three-year outlook in place.
- Consider capital and liquidity – Evaluate the impact on all financial resources – not just capital – and non-financial resources when assessing risks.
- Create a wind-down plan – Have a proportionate plan for winding down the business in a way that doesn’t cause harm.
9 ICAAP – The Internal Capital Adequacy Assessment Process (ICAAP) should never be a tick-box exercise. Key elements of a strong ICAAP approach include:
- Culture created by the Board – The ICAAP process must be owned by the Board and delegated downwards, with clear lines of reporting and escalation.
- Risk management framework embedded in ‘business as usual’ – Have a risk management strategy set by the board, with its own risk appetite, detailed assessments of risks, policies and procedures.
- Complete Pillar 2A capital assessment – Thoroughly assess and quantify Pillar 2 capital requirements, considering risks not fully captured in Pillar 1.
- Relevant stress and scenario tests – Scenarios should be linked the risks assessed as material to the firm, where base case financial plans are flexed based on the impact such risks could have on the business over time.
10 Regulatory change – The Investment Firms Regulation and Directive is coming.
