Monday 23rd December 2024
Twitter Facebook Twitter LinkedIn RSS

Comsure operates in:the UK, Jersey, Guernsey

JFSC Internal Systems and Controls findings from 2014 report

JFSC Internal Systems and Controls findings for Fund Services Business & Collective Investment Funds
On the 16th June 2015, the JFSC published it’s ON-SITE EXAMINATION PROGRAM 2014 SUMMARY FINDINGS  FOR  FUND SERVICES BUSINESS & COLLECTIVE INVESTMENT FUNDS
 
THE FINDINGS were as follows
 
·         6              Internal Systems and Controls  
·         7              AML/CFT             
·         8              Corporate Governance
·         9              Certified Funds
·         10           Supervisory Review       
 
The purpose of this update is to highlight the section on 6 – Internal Systems and Controls as follows.
 
 
6      Internal Systems and Controls
 
         6.1          This category consists of five areas, namely:
          6.1.1      Compliance Function,
          6.1.2      Outsourcing and Delegating,
          6.1.3      Policies and Procedures,
          6.1.4      Operational Risk, and
          6.1.5      Manager of a Managed Entity (“MoME”) oversight of managed entities.
6.2          The Compliance Function
·         6.2.1 Approximately 19% of the findings relate to the compliance function, which includes compliance resourcing; reporting and the compliance monitoring programme.
 
6.3          Compliance Resourcing
 
·         6.3.1      The Codes require that the compliance function is able to devote sufficient time and resources in order to properly discharge its responsibilities. It is therefore a concern for the Commission when a registered person does not have an adequately resourced compliance function.
·         6.3.2      Findings highlighted lack of resource as the main reason for failure to properly implement the compliance monitoring plan and day-to-day compliance activities, such as advice and support to the business on regulatory matters and lack of oversight of outsourced and delegated activities.
 
6.4          Compliance Reporting
 
·         6.4.1 In 2014, there has been a decrease from previous years in the number of findings for failing to table compliance reports to the board for review/approval, which is encouraging.
 
6.5          Compliance Monitoring Programme
 
·         6.5.1      The Commission considers regular risk-based compliance monitoring as an essential part of a registered person’s risk control framework as it tests compliance with and adequacy of internal policies and procedures.
 
·         6.5.2      As in previous years, the majority of findings continue to be in relation to the quality of the compliance monitoring programme; its implementation and lack of underlying testing.
 
·         6.5.3 The Commission has generally seen an improvement in the quality of the compliance monitoring programmes. However, a number of registered persons are still not including sufficient detail to explain the objective and frequency of the monitoring, the scope of testing and detail on how the testing should be performed and the desired outcome.
 
·         6.5.4 There are also a number of findings relating to the lack of independent sample testing or verification by the Compliance function of monitoring undertaken by the business and this continues to be a common finding.
 
·         6.5.5 One of the most serious findings was in relation to a registered person that did not conduct any compliance monitoring for the previous year, due primarily to the departure of the registered compliance officer and other changes in compliance personnel. A small number of other registered persons conducted limited monitoring for the same reasons. In these circumstances the Commission would expect the registered person to notify the Commission, and to seek were necessary the support of external consultants to assist with the monitoring, where the compliance function is stretched or temporarily under resourced.
 
6.6   Outsourcing and Delegation
 
·         6.6.1      The Commission recognises that outsourcing and delegating functions has become a common practice and can bring benefits to registered persons and their clients. However, along with the benefits, outsourcing and delegating may present additional risks which the registered person needs to manage by ensuring compliance with the Commission’s Outsourcing and Delegation Policy  (“Outsourcing Policy”).
 
·         6.6.2      Findings in this area relate primarily to a registered person’s oversight of the outsourced/delegated function.
 
·         6.6.3      All of the service providers examined had a written service level agreement (“SLA”) in place, which is a requirement of Core Principle 2 of the Outsourcing Policy. However, the quality of the SLAs varied. Some SLAs did not fully reflect the requirements in the Outsourcing Policy whilst a small number were materially deficient.
 
·         6.6.4      The Commission found that SLAs were not always followed, for example annual reviews to assess the outsourced/delegated provider did not take place, or the annual review did take place but was not documented and presented to the board as per the requirement in the SLA.
 
·         6.6.5      Other findings relate to the registered person not conducting appropriate due diligence on the outsourced service provider.
 
·         6.6.6 There was also an example of the registered person not having sufficient capacity, i.e. skills and knowledge to be able to assess whether the outsourced activity is being performed adequately in compliance with Core Principle 3 of the Outsourcing Policy.
 
6.7          Policies and Procedures
 
·         6.7.1      Missing policies and procedures and inaccurate/out-of-date policies and procedures constitute 17% of the findings in this category.
 
·         6.7.2      Findings range from procedures not reflecting the action required in a SLA with an outsourced service provider to procedures not referring to current regulatory requirements.
 
·         6.7.3      Some procedures were neither adequate, nor fit for purpose, as they did not include key areas, for example a conflicts of interest procedure being too narrow in scope and aimed only at one part of the business such as directors rather than covering the whole business.
 
·         6.7.4      There were also missing procedures, for example the investment management process within one registered person not being documented.
 
·         6.7.5      Other findings relate to the procedures manual not being updated to reflect current regulatory requirements. For example, there was a significant change to the FSB Codes, effective 1 July 2014. A revised version highlighting the changes was issued on 24 January 2014 to afford industry a reasonable period of time to effect any changes to their policies and procedures before the effective date. However, some firms did not update their procedures manual to reflect these key changes.
 
6.8          Operational Risk
·         6.8.1 Findings relate to failure by registered persons to follow the record keeping provisions and make up 3.5% of the overall findings and inadequate business continuity provisions which represented 1.5% of the overall findings.
 
6.9          MoME oversight of managed entities
·         6.9.1 Findings relate to weaknesses in the management of managed entities such as delays in the signing by the MoME of the agreement with the managed entity, infrequent board meetings and limited compliance monitoring.
For the full list of findings please click here

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

WP2Social Auto Publish Powered By : XYZScripts.com