Moonstone Monitor 29 May 2008 : Compliance Reports
Details of the annual FSB Compliance Report was published in the Government gazette on 16 May 2008, but was not yet available on the FSB website at the time of going to press.
A written report for the reporting period, conforming to the prescribed format, or in the prescribed electronic format determined by the Registrar must be submitted by the dates as indicated hereunder:
* Category I authorised FSP without a compliance officer - 28 February 2009
* Category I authorised FSP with a compliance officer - 15 August 2008
* Category II authorised FSP – 31 October 2008
* Category III authorised FSP – 31 October 2008
While those Cat I FSP’s without a compliance officer (sole proprietors) may sigh with relief at only having to submit their returns next year, they need to bear in mind that they still have to keep records for the full period from the last report until then. Those of you making use of the Moonstone Support Service for Sole Proprietors will be invited to a workshop to assist you with the completion of the report. If you would like to know more about this service, please contact Deon or Theuns on 021 883 8000.
Those Cat. I FSP’s with an internal or external compliance officer have the least time available to prepare with only two and half months left. While Moonstone Compliance clients need not do anything (that’s why you have a CO!), internal CO’s are advised to obtain a copy of the new report as it differs from last year’s one. Should there be sufficient demand, we will run a workshop for internal CO’s prior to the submission date. Enquiries about our full compliance service can be directed to Michelle Rabie at 021 883 8000.
We will publish copies of the document which appeared in the Government Gazette on our new website next week and let you know when it is available. The problem is that they “grey areas” are not as effective as it should be in the scanned document, while the electronic versions of all the returns are still being tested and not yet available.Risk Management
Risk management? What risk management?
This was the response from a number of participants at our recent market survey conducted amongst a number of selected brokers.
The 2007 FSB Annual Report contained the following two questions regarding risk management:
Q 8.5.1: “Does the FSP have and employ appropriate risk management resources, procedures, systems and controls within the contemplation of sections 11 and 12 of the General Code of Conduct?”
Q 6.1: “Is the compliance function established as part of the risk management framework of the business of the FSP in compliance with section 17(3) of the Act and Regulation 5?”
The broad nature of not only these questions but also the whole concept of “risk management” as such, left many FSP’s uncertain as to how they should address it. The Regulator does after all not provide a definition of what is meant by “risk management” nor provide guidelines as to what the framework should look like within which “risk management” should take place. However there are general guidelines and principles which can throw some light on the subject.
It should be noted that the requirement is to “manage” risk, not eliminate it. This is an acknowledgement of the fact that certain risks at least are inherent in any business and need to be constantly managed and cannot always simply be eliminated or avoided. The emphasis falls on “managing risk” on an on-going basis.
Risk can be defined generally as an event that could possibly have a negative impact on the objectives of a business. In the process of establishing a risk management framework that is appropriate and effective for your particular business, consideration should be given to the following guidelines.
1. You need to identify the risks that you face in your business. It may vary from one FSP to another; a Category II FSP may for instance be exposed to other types of risk than a Category I Short Term Insurance broker. It may relate to the business premises that you use, personnel issues, the legislative environment that you are subject to, your client base and the maintenance thereof, the product providers that you are contracted to, or the operational and financial infrastructure of your business.
2. Once you have identified and listed your risks you should ask yourself what the probability would be for any particular risk to occur. What will the impact be on your business in the form of reputation or financial damages?
3. It is important to subsequently rate each risk as a high, medium or low type.
4. Now you need to consider control measures to manage those risks. What are the practical steps that you need to take in your business to avoid or minimise as effectively as possible the impact of any of the risks that you have listed, should it occur?
5. As with all plans it would be a waste of valuable time if you do not monitor the effectiveness of the plan on a regular basis.
6. Proceed to record the risk management plan for your business in writing in accordance with the guidelines as set out above, and remember to review it from time to time.
What are the typical risks for my particular type of business? There cannot be a standard set of risks for everyone; even two brokers who are similarly licenced and have the basically the same type of business, may not face all the same type of risks. One of them may for example hold PI cover, employ the services of an external compliance practice and be technologically properly equipped, while the other does not.
The FAIS Act and the Code of Conduct contain some basic guidelines as to what may be required in terms of the risks to be managed. Section 11 of the General Code provides that a provider must effectively apply the procedures and appropriate technological systems that can reasonably be expected to eliminate as far as possible the risk that clients, product suppliers and other service providers as well as representatives will suffer financial loss as a result of theft, fraud, dishonesty, bad administration, negligence and professional misconduct or culpable omissions.
Noticeably one of the questions in the Annual Report referred to above enquires whether a compliance function is established as part of the risk management framework of the business. This stems from the realisation that failure to establish a proper compliance function representsone of the highest risks that a business in the financial services industry faces.
In order to maintain the licence that you have been issued with and which serves as your passport to continue conducting business and staying in the industry, you have to comply with all the relevant legislation that governs the industry. If you do not know how to achieve this, approach a reputable compliance practice to assist you; it is part of managing a risk that every provider is exposed to.