Compliance Services

What the FMA may look for?

FMC entities must meet the FMC Act eligibility criteria for the period of their licence. The FMA monitors licensed entities and, while they may not engage regularly with all licensed entities, they expect entities to review their compliance on an ongoing basis, and strengthen processes and controls where and whenever possible.

The following areas may be examined as part of a monitoring engagement:

• Whether or not the Compliance Assurance Programme was developed with a risk-based approach that focuses resources on the most significant risks, and how those risks are assessed and prioritised.
• Whether or not the Compliance Assurance Programme is fit for purpose. For example, a very long or complex document may not be necessary or even practical for a small entity with only a few staff.
• How often the document is updated and whether it has version control and a review date. We may also look at what triggers reviews, for example auditing and regulator engagements.
• Evidence that the Compliance Assurance Programme is implemented and integrated into the business, functions as designed and is effective.
• How findings and exceptions are reported, and how they are then escalated and remediated.
• Evidence that the oversight body is using reporting from the Compliance Assurance Programme to challenge management and aid decision-making.
• That roles and qualifications of staff executing each function are clearly defined. For larger entities this may include whether the Compliance Assurance Programme covers assurance at the three lines of defence.
• That those using the Compliance Assurance Programme should understand its purpose.
• That the Compliance Assurance Programme has been approved and the approval is documented.
• Whether compliance documentation includes an obligations register and how this relates to the Compliance Assurance Programme.
• Whether the Compliance Assurance Programme is a stand-alone document or integrated into the compliance programme.
• That records of testing include details of how and when it was conducted, and the results.
• What information is provided to the oversight body and how it is used.

Design

In our experience the design of your Compliance Programme is fundamental to meeting your licence obligations. Your Compliance Programme will detail the processes, policies and controls for your business and will be based on the FMC Act, FMC Regulations, Conditions and requirements placed on your licence by the FMA.

Your Compliance Programme is the foundation for which your Compliance Assurance Programme is built on.

Testing effectiveness

A Compliance Assurance Programme is developed based on your Compliance Programme and details the processes, policies and controls that are to be tested to ascertain your compliance.

To meet testing standards you will need to be able to demonstrate by documentary evidence that you have followed your processes, policies and controls.

Our approach

We understand that businesses operate in different ways, even though they may have the same licence, that is why it is important to design a Compliance Programme based on your business processes, policies and controls as this is what will be tested in your Compliance Assurance Programme.

We can assist you with these programmes, either by being part of your working group to assess processes, policies and controls or by externally reviewing your current programmes.

As it is important for you to form a good working relationship with whoever you engage, we offer an initial free consultation to discuss your requirements and for you to assess whether we would be a good fit to work with your team.