Simple marketing idea for Christmas

This year, we included a little something that went out with our company Christmas card and a couple of clients asked what it was for...

The card holder is made of a durable rubber and can accommodate a couple of business cards - never get caught short again....

HMRC Notifications

HMRC are tightening their grip on Financial Advisers and those clients with offshore assets.  

Firms have until 31 August 2017 to issue the following to any UK tax resident that has received advice about offshore income or assets. This would include :

• A source of relevant foreign income
• A source of employment income
• An Asset
• A Financial Account

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/557296/client-notification-letter.pdf

Should HMRC identify any client that has undeclared offshore assets and they have not been provided with a copy of the circular then the fine will be £3000 per incident for the Firm

Might be an idea to issue these circulars via email and keep a record 

Guidance to sending out the client notification letter may be found at 

https://www.gov.uk/government/publications/client-notification-income-or-assets-abroad/notes-on-how-and-when-to-send-the-client-notification-letter

How to handle an FCA Regulated Complaint - part one

The Financial Conduct Authority has issued detailed rules on how businesses should handle complaints and these may be found in the DISP section of the FCA handbook.

The DISP rules apply to all FCA Regulated businesses and include details of the Financial Ombudsman Service (FOS).

Complaints come in all shapes and sizes - and Firms need to be able to identify and respond promptly - staff need to be aware of their responsibilities and the correct escalation process within the Firm.

The FCA glossary defines a complaint as :

"any oral or written expression of dissatisfaction, whether justified or not, from, or on behalf of, a person about the provision of, or failure to provide, a financial service or a redress determination, which :

• alleges that the complainant has suffered (or may suffer) financial loss, material distress or material inconvenience; and

• relates to an activity of that respondent, or any other respondent with whom that respondent has some connection in marketing or providing financial services or products, which comes under the jurisdiction of the Financial Ombudsman Scheme."

All regulated businesses are required to have an effective complaints handling procedure  - and staff trained appropriately. The Procedure will need to take into account

• The time limits for dealing with a complaint
• The review process including "independence" of review where possible
• For eligible complainants - details of their right to refer the matter to the Financial Ombudsman Service.

Details of the Firms procedure should be published and made available to complainants - most Firms will include this in their Terms of Business Letters / Initial Disclosure Documents at the initial point of contact.

A further copy of the complaints procedure should also be made available when the complaint is acknowledged.

So you have received a complaint what to do next I hear you ask?

Collect the full facts of the case - is it "our" complaint?

If it is our complaint then are you required to notify your PI Insurer immediately?

Is the matter something that can be resolved quickly?  Where the "issue" can be resolved within three working days then a "Summary Response Communication" needs to be issued and details of the FOS scheme provided.  For Lloyds of London Insurance Complaints then details of the Lloyds scheme need to be provided.

Where the complaint relates to a Third Party then the case should be sent on to the Third Party and a response sent back to the Complainant - explaining that the matter has been referred to [name] at [Firm].  Records should be kept of the complaint - and included with other data as part of a root cause analysis review.




Compliant Solutions Limited - experts in helping Financial Services Businesses deal with the business challenges of Financial Conduct Authority Compliance - for help contact ian@compliantsolutions.co.uk

Staying safe - a few suggestions

FCA Regulated business owners are acutely aware of the need to protect the personal data of clients.

Firms will hold confidential customer information about finances / wealth / medical details and the like.  Such information would be of great interest to those with a criminal intent - and as a result Regulated Firms need to be able to reassure customers that their personal data is safe.


Here are a few questions that may be of use:


Does your Firm have a designated person responsible for the maintenance, storage and destruction of customer data?

Does your Firm have written procedures for the storage and destruction of both hard copy and electronic customer data including its secure disposal?

Does your Firm have arrangements to shred obsolete paper records?

If using laptops, does your Firm employ any additional controls around their use?  Are files encrypted to ensure that they cannot be accessed by people outside of your Firm should the laptop be lost or stolen?

When disposing of obsolete equipment do you ensure that any data on the device has been removed?

Does the Firm have up to date anti virus & firewall software on all devices?

Does the Firm have a policy of regularly updating all security updates on all software and devices?

Do you require passwords to be a minimum of eight characters / symbols and changed regularly?

Do you reuse the same password for different platforms / areas?

If the Firm has a  wireless network (wifi) have you implemented a password protocol ?

If a member of staff leaves do you remove their access authorizations promptly?

Are all staff reminded of their personal responsibilities to keep data confidential and not to make unnecessary copies ?

Does the Firm have procedures in place to test that back-up systems operate correctly?

Does the Firm have a Disaster Recovery Plan ? When was it last tested?

Does the Firm use third parties to provide support ?  Were the vetting procedures (Due Diligence) adhered to?

Does the Firm permit remote access by third parties / staff ?

Compliant Solutions Limited - experts in helping Financial Services Businesses deal with the business challenges of Financial Conduct Authority Compliance - for help contact ian@compliantsolutions.co.uk

Cyber risks - the Internet of Things

As more and more adverts on televison  and the Internet extol the virtues of being able to control your heating / lights / washing machine / CCTV  etc from your phone I wonder how many have thought of the potential for cyber attacks?

All of these devices use The Internet of Things to connect devices together - with factory set passwords - often hard coded so that they cannot be changed.  As personal computers are starting to become more secure other, less protected devices are becoming targets - with a view to enabling a third party to take them over and potentially bombard targets with traffic.   Were a hacker to start using your gagets to spy on you - potentially collecting valuable data along the way.

Often, business owners will take their work home - and with cloud based storeage the days of having to carry boxfuls of files have long gone.    Many will have spent considerable sums on having a robust defense in the Office including firewalls / anti virus software / Policies and procedures on Internet / Data useage etc.  

Is the home "safe as houses?"...something to think about.....






Compliant Solutions Limited - experts in helping Financial Services Businesses deal with the business challenges of Financial Conduct Authority Compliance - for help contact ian@compliantsolutions.co.uk

All change (again) for disclosure requirements

The Financial Conduct Authority have published a further policy statement - this time about removing ineffective disclosure requirements.

Policy Statement 16/23 sets out the planned changes which take affect from 1st February 2017.

The FCA will allow Firms to continue to use the Combinded Initial Disclosure format - but the use of the Key Facts logo will have to be removed. The FCA have confirmed that "old stock" may be used up.

The objective of these further changes is to enable consumers to be able to make an informed decision about the services that they are subscribing to.

Within Annex C of the Policy Statement the FCA have also made a change to the Consultancy Charging and remuneration requirements.  From 27 March 2017 Firms will need to take reasonable steps to ensure that its repesentatives, when making contact with an employee with a view to giving a personal recommendation on his/her employer's group personal pension / stakeholder scheme inform the employee that :

The Firm will be providing a personal recommendation on the GPP / Group Stakeholder scheme provided to the employer

Whether the employee will be provided with a personal recommendation that is restricted to the GPP / Group Stakeholder scheme provided by the employer ir the recommendation will also cover other products

That the employee will have to pay an adviser charge (if applicable) unless the employer is paying the consultancy charge / fee


Compliant Solutions Limited - experts in helping Financial Services Businesses deal with the business challenges of Financial Conduct Authority Compliance - for help contact ian@compliantsolutions.co.uk

....and a few more things to think about

Another weekend - another headline (this time in the Financial Times) that a major cyber attack had taken place. Traffic to hundereds of websites including the FT and Twitter was disrupted - with millions of users unable to gain access. Not good if your business site had been attacked.

For those businesses that are dependant upon the Internet this must be of concern.  Financial Instituions are driving more and more of their services "on line" - leaving Customers exposed should a denial of service attack take place - simplistically put, this would involve a software virus taking over thousands of computers and then inundating a website with requests and causing the server to crash. 

SMEs are unlikely to be the target of such attacks - but we all now are reliant upon third party suppliers - Banks / Insurers / Investment Houses etc and should their systems be subject to such an attack then we all would be affected. 

Having up to date anti virus software therefore is essential - does your business have a policy on internet usage ?   Viruses are typically spread via e-mails with attachments / links - decent anti virus software. 

What about memory sticks? Often, individuals may save / carry data on such a USB drive - could your data be stolen? Is the date held securely - password protected / encrypted?   Most operating systems offer to scan a memory stick before opening - how often do you "skip" that step? - might be worth changing your practice going forward.

When was the last time you reviewed your data security policy?  

Compliant Solutions Limited - experts in helping Financial Services Businesses deal with the business challenges of Financial Conduct Authority Compliance - for help contact ian@compliantsolutions.co.uk

The Robots are coming - Fintech and Cyber Crime

Driving in to work this morning I heard a report that ransomewhere attacks were up significantly and that businesses in the City of London were a primary target.

Having recently attended an informative workshop that focused on this growing risk to businesses I thought that it might be useful to remind people some of the obvious (and less obvious) risks.

How many businesses have a robust disaster recovery plan in place ?

When was the last time that it was tested? The recent problems with SSP software house highlighted how dependent many businesses are on software solutions - many businesses struggled.  How would you have coped?

That said, my previous plan failed several years ago - I had an office and my house was 1/2 a mile away.  A local electrcity sub station was put out f action by vandals and we lost power at both premises.

During the July 2005 bombings in london one of our clients plans overlooked the fact that staff may not be able to get home in the event of a disaster.

Still happy that your plans stack up and are robust?

How many businesses keep their data backed up - off and on site?  What checks did you do regarding the supplier(s)  that you are using - how secure are they holding your data?

Anti virus software - keep it up to date

Passwords - don't leave them on a post it note on your PC - something that I recently came across when visiting a client recently.

Data encryption -  how secure is the content of your emails?  Just imagine how many people would get to see / read that post card that you send home from your last Holiday - the same applies to e-mails only this time read by robots....

PC screens - How many times have you been able to see the contents of a poorly positioned screen when walking by an office window?  Could someone read the contents of your screen(s) from outside?

As more and more businesses are looking to develop automated systems we are moving into a world where the Robots take over.

Something to think about......

If you would like a copy of our checklist of businesses drop me a line...ian@compliantsolutions.co.uk

Capital Adequacy For IFA practices and the use of subordinated loans

PS15/28: Capital resources requirements for personal investment firms (PIFs) is essential reading for the owners of Directly Authorised IFA practices.  New capital requirements will apply from June 2016 and will result in all Firms having to review and potentially increase the amount of assets set aside to meet the new minimum capital requirements.  

For PIFs (Personal Investment Firms) the new requirement will be the greater of £20,000 or 5% of the Firms Investment Business annual income.

Where the Firm has permission to manage portfolios of, deal as principal in, or hold client money for life policies the capital requirement increases to 10% of the Firms Investment Business annual income.

The Financial Conduct Authority have confirmed that Small Firms will have an interim minimum capital requirement of £15,000 or 5% from June 2016 rising to £20,000 in June 2017.

Subordinated Loans: Personal Investment Firms

The repayment of a subordinated loan remains the same as previously, meaning that the loan may only be repaid where the firm holds 120% of its capital requirement once the loan has been repaid.

By way of example:

Turnover £200,000

Subordinated Loan £20,000

Minimum Capital requirement: £24,000 (£20,000 x 120%)

Capital and Reserves: £40,000

Here, as the 120% threshold has been reached the Firm could consider seeking permission to reduce the subordinated loan by up to £16,000  (£40,000 - £24,000).

From June 2017 Personal Investment Firms will be restricted as to the maximum amount of a subordinated loan may be included in the capital adequacy calculations:

([Amount of a firm's capital and reserves] – [Intangible assets and preference share capital]) x 400%

For any amount of the subordinated loan exceeds this calculation, the excess must be treated as a liability against the calculation of own funds.

The revised rules do not provide a list of how this capital requirement must be held or detail how certain assets have to be revalued (depreciated).

For more help contact us at www.compliantsolutions.co.uk