The following Speech by Debbie Gupta, Director of Life Insurance and Financial Advice Supervision at the FCA, delivered at Money Marketing Interactive Conference 2019, Harrogate addressed the thorny issue of Improving the suitability of financial advice – Fact finding and reporting

The full speech is linked below, and the following extract provides some thought leadership on financial advice – Fact finding and reporting

The foundation of suitable advice is getting to know your client and understanding their circumstances and motivations. In practical terms, this means:

1. Spending sufficient time getting detail on a client’s needs and objectives provides a secure foundation for the advice process.
   1. A good fact-find records the client’s objectives – why it’s their objective and what achieving their objective means for them. So, for example, instead of recording the client wants flexibility, record something more specific such as the client wants to semi-retire, set up a part-time consulting business, and this will give them more free time to spend on their allotment.
2. Capture and record essential information. Although COBS 9 and 9A may not give you a list of what this means, it is better to record everything that is relevant to the advice being given.
   1. For example, we still see DB transfer files where the adviser has not recorded details of other pensions, the state pension due, or the client’s expected income in retirement. This is essential information.
3. Capture and record soft facts.
   1. They add context and help tell the story. Most importantly they demonstrate how your advice is right for the client.
   2. A recent case contained a fact-find which recorded the client’s heath as good. When we fed back to the firm our rating of unsuitable, the firm challenged this. Why?
   3. From reviewing the file we could see the client had a hereditary heart condition and was concerned as family members had died early.
   4. This was a main motivation for the client but was not recorded anywhere.
4. Think about different fact-finds for different clients or different types of advice.
   1. Make sure you are asking the appropriate questions and recording sufficient detail. For certain types of advice, more detailed information on expenditure will be necessary.
   2. For example, advice on drawing an income in retirement is likely to need more detailed information than for a client in their 30s wanting to switch ISAs.
   3. That detailed information should demonstrate that you have considered essential and non-essential spending, and how this might change in the future.
5. Consider recording client interactions.
   1. This isn’t a requirement, but we have come across many firms who have invested in this. New and innovative technology means this is not a prohibitively expensive option. Recordings provide the most robust evidence available for a firm to make its case in the event of a complaint. Even if you aren’t recording the meeting, your client’s voice should still come through the fact-find loud and clear.
   2. Consider using the client’s own language and phrase. When we looked at the advice given to British Steel scheme members in 2017, this was very evident. The files where the client’s genuine feelings were recorded in their own words often resulted in better quality advice. This is because the adviser could understand and empathise with the client and tailor the advice to the individual client. Under challenge, or scrutiny, it helped explain the context in which the advice was given, and provided insight into what the client really wanted and needed.
6. Be brave. Challenge clients. Offer alternatives.
   1. It’s not your role just to follow client orders. Clients may have misunderstandings or misconceptions. Advisers should challenge these misconceptions and correct the client if there are misunderstandings. For example, many clients will have little understanding of longevity or the effects of inflation. The client may have based their initial decisions on false assumptions.
   2. The workings and role of the Pension Protection Fund (PPF) are a mystery to most clients, and we have seen the PPF presented as an option to avoid at all costs. But this is not a fair reflection of the significant value it provides to many people. Challenging misconceptions and client education is core to good advice. It is valuable. You are the experts. You will always know more than your client. And we expect your expertise to support your clients in this way. It is what we expect of the services you are paid to provide.

So that summarises some of the do’s based on the practice we have observed.

What about the don’ts? Here are my top 7 tips on what not to do.

1. Don’t provide templated objectives for the client to tick. Each fact-find should be as individual as the client.
2. Don’t use shortcuts and assumptions. The information you use should be up to date and accurate – for example, calling the scheme trustees to clarify the early retirement factors, or waiting a few more weeks for a state pension forecast.
3. Don’t approach this with bias. Think about the language you use and the way things are presented to the client.
   1. We have seen a number of instances of bias, especially in DB transfers. In one case, we saw an adviser paint a picture that DB pensions are old fashioned and restrictive as the client has no freedom or control and that utilising the pension freedoms is nothing but positive.
   2. Let me be clear. Our view is that the starting presumption for financial advisers should be that transferring out of a DB pension is unlikely to be in the consumer’s best interests. So consider the way you present information and whether this could be influencing the client to take a certain course of action rather than giving them what they need to make an informed decision.
4. Don’t see fact finding as just a regulatory requirement. It is essential to demonstrating suitability and the best way to demonstrate you fully understand your client. It also provides you with cover for your recommendations and advice.
5. Don’t rely on the same fact-find you have used for years. Times change and your fact finding should change with it.
6. Don’t rely on ‘I just know my client’ as a reason not to record key information. One of the most effective safeguards in the event of a file review/complaint is a robust file. This is a file which captures all the client information and can clearly demonstrate why the recommendation meets the client’s needs and objectives.
7. Most importantly, don’t give advice if the client is unable/unwilling to give you all the information you need. If this information is missing, you will struggle to demonstrate and evidence that your advice is suitable. And that is a regulatory requirement!

Matching your recommendation to a client’s attitude to risk

I’ve offered some top tips on fact finding and recording. Now let me turn to what we’ve learned about evidencing that your recommendation is aligned to the client’s attitude to risk.

1. Your client’s ‘voice’ should still come through the fact find loud and clear.
2. One of the main causes of unsuitable advice is where the risk level of the recommended solution does not match the risk the client is willing or able to take.
   1. We still see advice where the proposed solution is not aligned with the client’s attitude to risk.
   2. If you’re dealing with a client considering a DB transfer, we expect you to consider investment risk. This can sometimes be a slight discrepancy in asset allocation. But we also see files where cautious investors are put into unregulated and non-mainstream investments.
3. We expect to see an alignment between the client’s attitude to risk and your recommendation, including an assessment of how prepared they are to give up a guaranteed lifetime income for one which comes with no guarantees about value or sustainability. Make your records clear.
   1. For a client considering a DB transfer you will be also be assessing their attitude to transfer risk.
   2. We consider this assessment should be binary: yes, they have the attitude to accept the risk of transfer, or no they don’t.
   3. We don’t think the client’s attitude to transfer risk can be measured in percentage terms or using a scale such as cautious, balanced or adventurous.
4. Consider the limitations of the tools you use and the outputs they give.
   1. Third-party providers are increasingly providing risk profile questionnaires, cashflow modelling tools, model portfolios and asset allocation tools for advisers.
   2. It’s important that there is due diligence undertaken to understand the limitations of these tools. And to make sure all the inputs and outputs are aligned. There’s a real risk of miscalibration without such due diligence.

Evidencing the client’s attitude to risk should include separate assessments of all relevant factors, before they are combined to given an overall attitude to risk:

1. Attitude to risk – the client’s emotive response to risk. How do they feel?
2. Capacity for loss – the client’s ability to take risk. Can they afford it?
3. Risk need – do they need to take a risk to meet certain objectives? And should they?
4. clients’ risk tolerance and ability to bear losses – We have seen some comments in the trade press about whether capacity for loss is a valid metric to use. Our suitability rules require firms to consider clients’ risk tolerance and ability to bear losses. So we would expect to see this in every file. For example:
   1. We have seen evidence that a client is heavily reliant on a product or investment to meet their income throughout retirement, and cannot afford to lose any value. But this was not evidenced as the clear driver for the recommended solution.
   2. 2 clients may have the same benefits from a DB scheme but very different financial circumstances. The client who has significant other assets has a higher capacity for loss. This is because the income from the scheme is one of many sources of income. The other client has no other assets and the DB scheme is their main source of income in retirement. Their capacity for loss would be very low. Capacity for loss in each case would be evidenced and assessed differently, even though the clients present as similar.
5. Aim for consistency. We would expect to see a clear link between the information given to the client such as asset allocation and the recommended funds/portfolio.
   1. For example, where a firm sets out the type and proportional split of assets someone would be investing in, we expect to see a recommendation in line with that risk score. But we are seeing evidence that it is not.
6. Consider the client’s knowledge and experience. This may sound obvious, but it demonstrates understanding. Remember, the client should be able to understand the nature of the risks that they are signing up to and for DB transfers, the benefits of what they might be giving up. Consider how to do this bearing in mind the client’s knowledge and experience.
   1. For example, descriptions with financial jargon may be inappropriate for those with less knowledge and experience. Diagrams, graphs, etc showing ‘what if’ scenarios could be more effective.
7. Make sure the scenarios that you use are realistic and effective. It is hard to assess if the risk profile is suitable if all the scenarios shown are positive. It is much more effective to stress test people’s reactions to a negative scenario.

And finally, it’s not just clients’ knowledge and experience. It’s yours too. Acknowledge and recognise the limitations of your own knowledge. Do you really understand the products and services you may be recommending? We would expect to see evidence of the due diligence carried out on products and services to mitigate this.

Improving the suitability of financial advice [Speeches Published: 19/09/2019 Last updated: 19/09/2019] = https://www.fca.org.uk/news/speeches/improving-suitability-financial-advice

Lebanese businessman Ahmad El Husseini has long helped the German arms industry win business in the Middle East.

CORRECTIV have now uncovered that he was involved in brokering a large ammunitions package, which shipbuilder ThyssenKrupp purchased from another German defence company, Rheinmetall – except that Mr. El Husseini acted as a middle man with an unclear role.

At the end of a dubious flow of money via Singapore and Abu Dhabi, about 50 million euros never arrived at Rheinmetall and is now disputed.

Further, CORRECTIV found that Mr. El Husseini also maintained excellent contacts among some German politicians. And he sent expensive wine hampers to them, including the current German President Frank-Walter Steinmeier. At the time of the gifts, Steinmeier was foreign minister and MP.

Steinmeier was involved in the German government’s decision to approve the export of two frigates to Algeria – for which Mr. El Husseini brokered the ammunition.

There is nothing to suggest that the wine hampers influenced any decisions (and that would be hard to imagine), but questions remain.

Read the new investigation: The President and the Arms Dealer. https://correctiv.org/en/top-stories-en/2019/09/24/the-president-and-the-arms-dealer/

The Information Commissioner’s Office is warning people of the risks of holding on to sensitive personal data when they change jobs or leave a company.

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/09/information-commissioner-s-office-issues-warning-about-historical-personal-details-accessed-through-work/

It follows an investigation into the actions of two former Metropolitan Police officers who – having retained their notebooks – subsequently leaked information about a case in the media.

Although the ICO decided not to take action on this occasion (perhaps because the matter was investigated under 1998 legislation), it stressed that under the tougher Data Protection Act 2018 there is a new obligation not to “knowingly or recklessly retain personal data without the consent of the data controller”.

The ICO says that anyone who uses personal information in the course of their job – from teachers, health workers, police officers to those in private business – should be aware of this law change.

Risk and Compliance considerations

1. Implement procedures for when people leave your company, retire or switch jobs – ensure their access to personal information continues to be appropriate (i.e. there is a ‘need to know’ or any extra permissions are promptly removed)
2. Promptly remove access permissions when people switch jobs – even unintentional leaks can violate privacy and damage your company’s reputation
3. Evaluate the data landscape – what electronic or physical access to personal information might someone retain (for example, in diaries, notebooks, calendars, etc.) when they leave?
4. Protect against curious or prying employees – remind everyone that the ICO takes data privacy seriously and has taken action against many individuals – consider this case
   1. Jeannette Baines / Date 06 June 2019 / Type Prosecutions / Sector Charitable and voluntary /
   2. A Restorative Justice Caseworker has been prosecuted for sending sensitive personal data to her own personal email account without authorisation.
   3. Jeannette Baines had worked at Victim Support and sent spreadsheets containing a combination of victim and offender data from her work email address to her personal email address during her last week of employment.
   4. Jeannette Baines, of Merseyside appeared before Blackpool Magistrates’ Court and was found guilty of obtaining personal data, in breach of s55 of the Data Protection Act 1998. She was sentenced to a 3-year conditional discharge, ordered to pay costs of £600 and a victim surcharge of £20.
   5. https://ico.org.uk/action-weve-taken/enforcement/jeannette-baines/
5. Examples of failures = forwarding personal information to personal emails, for selling personal data on, or simply accessing personal information without a valid business reason). Share cases of violations to keep data protection ‘top of mind’.

Cybersecurity, regulatory change and digitalisation are the top three business risks facing firms today, according to a survey conducted by the Chartered Institute of Internal Auditors.

The survey, widely considered to be a barometer of organisations’ risk priorities, canvassed the views of 528 chief internal auditors (CIA) in different sectors across eight European countries.

• 78% of respondents cited cybersecurity as the top business risk (an increase of 18% on last year), with 59% and 58% citing regulatory change and digitalisation respectively.

“Cybersecurity is a problem we regularly see on the news from the theft of 500 million Marriott hotel guests’ personal information, to the security breach which exposed 50m Facebook user identities”, said Ian Peters of the Chartered Institute of Internal Auditors.

Quoting DLA Piper, there were an estimated 59,000 personal data breaches reported across Europe in the first eight months after GDPR was introduced.

The second spot – regulatory change – should surprise no-one. 2018 was, after all, a mammoth year for European regulation with GDPR, MiFID II and PSD2.

30% of respondents cited concerns about AML, anti-bribery and corruption and antitrust compliance. Here’s how one internal auditor at a Swedish bank saw it:

• “If we look at the number of hours we allocate for mandatory regulatory and compliance audits, it amounts to about 20% of the total number of hours and it is increasing every year. But our resources are not increasing in line with that. That’s a real challenge.”

With further regulatory change almost inevitable with Brexit, what’s the likelihood of this taking the top spot next year?

You can download the report from the IIA website. https://www.iia.org.uk/riskinfocus – https://www.iia.org.uk/media/1690707/risk-in-focus-2020-report.pdf watch the video https://www.youtube.com/watch?time_continue=8&v=q-hKuph9gSI

The following are key thoughts and actions Comsure walked a client through after a recent data breach

1. Report data violations promptly in line with data protection laws and regulatory responsibilities 
   1. there should be accountability and data security should be a priority.
2. Implement controls and safeguards to mitigate the risks 
   1. for example, by promoting a security culture, providing training, adopting extra precautions with databases, raising awareness of types of risks via refresher training, encouraging people to double-check recipients’ email addresses, and so on.
3. Don’t be complacent 
   1. ICO statistics show charity data breaches doubled in 2017/2018 with 148 reported incidents. 22% of charities also experienced a cyber breach in the last 12 months, according the government’s Cyber Security Breaches Survey 2019, with 39% experiencing at least one breach or attack a month.
4. Remember, small actions can have big consequences 
   1. simple human error can result in personal data being exposed. Think about the best ways of preventing that.
5. Create the right culture – make it clear to your team that any security breach (however minor) matters.
   1. Customers have entrusted us with their personal information so we must instil confidence and reassure them that we’re doing our utmost to safeguard it.
6. Slow down  
   1. rushing and performing semi-automated activities (eg mail mergers, automated report processing) can make us more prone to mistakes. Stop and check exactly what is being sent and to whom.

There are various reasons why compliance officers fail. Reason my range from personal to professional attributes. Below are 10 reason why compliance officers fail.

1. Pushback from the general counsel.

A very entrenched general counsel is likely to have built up a strong reputation within their company as someone who is close with and sympathetic to the sales team. The nature of the compliance officer’s job means that from time to time they will need to conduct audits, reviews and investigations of conduct across the company, often focusing on the sales or procurement functions as they are where fraud and corrupt practices typically occur. General counsels may sometimes attempt to stop the compliance officer conducting these audits, reviews and investigations to avoid upsetting the sales and procurement teams. This situation becomes even more complicated when the compliance officer reports to the general counsel; if issues arise when the general counsel and compliance officer work together the working relationship that the general counsel has with the business can be compromised. Best practice is to have the compliance officer reporting to the audit committee, both under the CEO.

2. Investigations.

Many a compliance officer – or entire compliance department – has been derailed because they have not employed a team that is focused exclusively on investigations. Compliance investigations are complex and involve a unique set of skills. More importantly, investigations will involve the compliance officer’s business partners and the people that they work with every day. For the compliance department to be effective these relationships with business partners and colleagues must be protected. Investigations need to be done carefully and often by an independent team that is either part of the compliance function or external from the organisation.

3. Audit committee reporting.

One of the reasons why compliance officers fail is because companies do not put in place the correct lines for the officer to report to the vice president of finance or general counsel. This means the chief compliance officer lacks the seniority to raise issues in an impartial manner to the governance department of the company (i.e. the audit committee). Good practice has the chief compliance officer reporting to the audit committee without fear of retribution. In many companies, reporting to a committee is simply not possible from a human-resources perspective and systems perspective. In these situations, it is recommended that the chief compliance officer report to the CEO as a reporting line structure; however, the compliance officer’s strategic initiatives should be reviewed by the audit committee so reporting to the CEO is for administrative purposes only.

4. Lack of seniority.

The chief compliance officer, although often an individual contributor or leading a very small team, should be regarded as a senior executive or an officer of the organisation. This would mean the chief compliance officer would hold a title of executive vice president or perhaps senior vice president. They should be of the same level in the organisation as the chief financial officer and the general counsel. Many companies appoint a chief compliance officer just to tick the box that they have one, but do not invest in the necessary tools to make the role effective. The position is regarded as too junior; the compliance officer is not considered by the business as an effective equal business partner and is not given the amount of decision-making authority that they need to affect a change across the organisation. The role of chief compliance officer must be senior enough to warrant people responding appropriately or affecting any changes that the officer requests.

Request an introductory meeting to assess your compliance needs CONTACT US

5. Leadership pipeline.

It is uncommon for a compliance department to be as large as the finance or legal functions – the chief compliance officer is often an individual contributor, or, at the very best, leads a small team. Because compliance is such a small department it is often under-resourced and under-budgeted. The chief compliance officer is likely to be a level-one or level-two leader, as defined by Ram Charan in his book, The Leadership Pipeline. Being a level-one or -two leader but working on a management team with level-four leaders generally means that the compliance officer will be the only person on that management team that deals with people two or three levels below them in the chain. The fact that they are an individual contributor (or are leading a very small team) sometimes works against them because level-four leaders find it difficult to respect anyone who is from level one or level two. This in itself does not mean that the chief compliance officer will fail, but it does make things more difficult. Earning the respect of peer business leaders through doing other roles in the company before moving into the chief compliance officer function may be a good idea. Good practice might be to action an internal transfer from a sales, finance or marketing role to ensure that they have already built the respect before they move into the role of chief compliance officer.

6. Lack of business knowledge.

Chief compliance officer is a difficult role as it requires working in the upper layers of management and leadership of the company. As a result, a chief compliance officer is expected to have a vast array of skills in their functional expertise of law, finance, accounting, investigations and compliance. They are also expected to possess a heightened business acumen that is necessary to manage a company and effect and implement a compliance programme, sometimes in over 200 countries. It is rare than anyone will have such a comprehensive skillset and many people in executive management will look at compliance officers as lower-quality managers simply because they don’t have the business experience or acumen that is expected at a senior level of an organisation. This is often very difficult for a chief compliance officer to obtain because they usually come from the legal or finance functions of the company and have not been involved in managing a team at a sales or functional, non-functional level before. It is always beneficial for the chief compliance officer to have come from business teams where they’ve earned a level of respect and can understand the objectives of business and how to operate a business successfully. Combined with compliance, legal and finance skills, a greater and more effective compliance function can be realised. The key to being a successful chief compliance officer and not failing in that role is grasping the need to have that business acumen and providing value back to the business, not just in compliance, but in their business generally. After all, compliance goals need to be aligned with the strategic goals of the company if there is to be any chance of success.

7. Institutional awareness.

The bigger a company gets and the more it expands, the more likely it is that politics within the business will increase, and this may ultimately determine the success or failure of certain people. The alignment of people to a senior manager or CEO and their background, experiences, language or culture can play a significant part in whether they succeed in a role. Compliance officers – who are experts in core compliance skills – can sometimes miss the political alliances that exist in a business. The chief compliance officer needs to be aware of the politics surrounding them. Many fail because they are oblivious to the politics and get sidelined; essentially a form of “reverse bullying” from the business teams, particularly those that work outside in the emerging markets.

8. The CEO culture.

The culture of the CEO generally sets the culture for the organisation as a whole. If the CEO is someone of high integrity there is a greater chance that the chief compliance officer will be successful in their role. If a CEO is more aggressive in sales tactics, pushing the boundaries of compliance and integrity, then the chief compliance officer will find it very difficult to change an organisation. Of course, any CEO of a large company will never admit to anyone that they are lacking integrity or pushing the boundaries of compliance; however, a good review of a CEO’s background, experience and history may reveal weaknesses around integrity and ethics that might need to be considered before a role of compliance officer is accepted.

9. Lack of budget.

Many compliance officers are a team of one whose position has been created after an investigation or other form of regulatory review has highlighted that it is necessary for the company to have a compliance function. Too many compliance officers start at companies without reviewing the budgets or even asking if a compliance budget exists. Compliance should be like any other part of the company where there is a budget for operational expenses such as head count, bonuses and travel, but also a budget for engaging outside consultants, conducting reviews, and bringing in people to support the function. Just like human resources, finance, legal, tax, regulatory and other areas of the company, compliance will need to engage third parties, will need to have monitoring software, and will need to have the tools available to build a successful compliance function in the organisation. A company’s compliance budget tells a lot about the company and its stance of compliance. Before starting a new role in compliance, a prospective candidate should check the compliance budget first – if there is no budget, if there is no proper documentation of the budget, or if the budget includes staff but no other costs then this role may not be the one for them.

10. Lack of clarity of role.

The word “compliance” can mean different things to different people. Compliance could mean tax compliance, Sarbanes Oxley compliance, anti-corruption compliance, anti-trust compliance, or may include corporate governance and company secretarial-type compliance. Many compliance officers fail because their role has not been properly defined. It is important for a chief compliance officer to understand precisely what is expected of them in their role by speaking to other people in similar positions or seeking professional advice.

To read original article please click the link below:

https://insights.redflaggroup.com/articles/leadership-challenge-why-compliance-officer-fail

OFAC has listed Iran’s National Development Fund (NDF) and Etemad Tejarate Pars Co. under the newly-enhanced counter-terrorism authority Executive Order (E.O.) 13224

To  read more click here 

The sanctions come in response to “Iran’s brazen attack against Saudi Arabia”, and the State Department’s Press Release says that evidence for the attack “points to Iran – and only Iran

To  read more click here 

The NDF reportedly provided the IRGC-QF, Iran’s Ministry of Defence, and Iran’s Atomic Energy Organisation with hundreds of millions of USD from 2017 to 2019, whilst Etemad Tejarate is said to have transferred and concealed some of the military-related transfers. OFAC . . .  To read more click here

To read original article please click here

Mauritius – THE NATIONAL MONEY LAUNDERING AND TERRORIST FINANCING RISK ASSESSMENT OF MAURITIUS PUBLIC REPORT

The Ministry of Financial Services and Good Governance has, on 29th August 2019, published the following documents:

1. Report 1  The National Money Laundering and Terrorist Financing Risk Assessment of Mauritius – Public Report;

To read public report click here

2. Report 2  The National Strategy 2019-2022 for combatting of Money Laundering (ML) and the Financing of Terrorism and Proliferation (FT & P)To read more about

To read more  click here

The National Strategy 2019-2022 is based on the findings of the National Risk Assessment (report 1), and it sets out the approach which Mauritius will adopt to tackle ML, TF and proliferation financing threats over the next three years.

The Mauritian government (Cabinet) has taken note of the National Strategy 2019-2022 for Combatting of Money Laundering and the Financing of Terrorism and Proliferation and the National Action Plan to support the implementation of the Strategy.

The National Strategy sets out the approach which Mauritius will adopt to address the money laundering, terrorist financing and proliferation financing threats for the period 2019 to 2022.

The National Strategy is based on the following main strategic themes, namely –

1. strengthening the Anti Money Laundering/Combatting the Financing of Terrorism (AML/CFT) Legal and Regulatory Framework;
2. implementing a comprehensive risk-based supervision framework;
3. strengthening the process by which the Money Laundering/Terrorism Financing threats are detected and disrupted, criminals are prosecuted, and illegal proceeds are confiscat
4. enhancing national coordination and cooperation;
5. implementing an effective AML/CFT data collection system in all relevant competent authorities; and
6. enhancing regional and international cooperation.