Regulatory expectations:
Principal firms should review their oversight arrangements and maintain an audit trail to demonstrate compliance.
The regulators want to see firms focus attention on the following areas:
Key factors for consideration:
Firms need to understand who they are doing business with. This means that firms need to complete due diligence to have a complete picture of the risks posed to the Principal firm prior to business commencing. It also means that the Principal should ensure that they keep an eye open for any adverse media or indication of risks developing.
On a continuing basis, the Principal must monitor the activities of its appointed representatives. This means ensuring that its own controls and resources are adequate to facilitate a regular review, at least annually. Where the controls implemented by the appointed representative prove to be lacking, the Principal needs to consider whether it should trigger a notification to the FCA. In some cases, an issue could trigger a termination clause in the business contract. If so, how can the firm ensure an orderly exit from the business arrangement?
Financial assessment:
Before entering into any business arrangements, the Principal should assess the appointed representative’s viability and complete a risk assessment. When reviewing the appointed representative’s business plan, the Principal should assess the financial projections, marketing plans and business model.
Supporting evidence could also include a copy of the appointed representative’s bank statement. Once a business arrangement is in place, the Principal should monitor activities and revenues to confirm the arrangement is working as planned.
Competence assessment
The Principal is responsible for the appointed representative’s regulated activities. It is the Principal’s responsibility to assess whether the appointed representative is competent to provide those regulated activities to the clients.
The Principal should ensure that the appointed representative is working to the same standards as the Principal. The Principal may review any policies and procedures prior to engagement. If those documents do not meet the Principal’s own standards, they should request that their own standards be adopted.
Approved persons:
All appointed representatives should have at least one senior manager responsible for directing the firm’s affairs. This individual is approved by the FCA as a governing function and the Principal firm is responsible for making this notification to the FCA. In a similar vein, the Principal should assess the competence of this individual regularly, not as a one-off exercise.
How would you assess competence?
It’s good practice to treat the senior manager in the same way as your employed senior managers. For example, firms could request:
In addition, Principals need an agreed process for managing the onboarding and regular review of their appointed representatives.
Use of checklists:
Where firms use checklists to confirm tasks have been completed, these should be qualitative checks. This should not be a box-ticking exercise, but an opportunity to identify and mitigate potential risks as well as providing the assurance of an audit trail.
Firms should ensure that there is:
For example, firms should review the appointed representative’s business plan. This helps the Principal firm to understand what business activities will be completed and allows the Principal to confirm the planned regulated activities fall within its own scope of permissions. Chapter 4 of the consultation paper summarises the regulatory expectations as follows:
The consultation closes in March 2022. Whatever your view, as a Principal, you must take stock of your appointed representative arrangements. Are your processes robust enough to ensure compliance? How can you improve your oversight? How are issues escalated to the Principal firm?
Ruleguard for Third Party Oversight takes the core benefit of the Ruleguard platform – powerful rules-mapping and evidencing – and uses it to bridge the gap between a firm and its third parties. A seamless control environment between you and your third parties for genuine oversight.
Contact the Ruleguard team to learn more via 020 3965 2166 or hello@ruleguard.com
Webinars:
To register your interest or view our past events please click here.
White Paper:
Request a complimentary copy of our White Paper on Best Practice in Third-Party Risk Management click here.
Further resources:
See our blog page for further articles or contact us via: hello@ruleguard.com
Visit our website to find out more about how Ruleguard can help: https://www.ruleguard.com/platform
Contact the author
Head of Client Regulation| Ruleguard