Operational Ability of KI`s and Compliance Officers

• Operational ability refers to the:
– functional skill, capability and capacity
– of a person or organisation to
– perform certain duties, tasks and obligations
• failure by omission: a mistake, especially as a
result of a failure to do or notice something
• supervision: the responsibility of supervising
something ( formal )
• oversight - an unintentional omission resulting
from failure to notice something inadvertence
• omission - neglecting to do something; leaving
out or passing over something
• oversight - management by overseeing the
performance or operation of a person or group
superintendence, supervising, supervision
• management, direction - the act of managing
something;
• Determination of Fit and Proper Requirements
for Financial Services Providers, BN 106 of 2008
– Section 8(8)
– A key individual, in respect of an FSP, must have and
be able to maintain the operational ability to fulfill the
responsibilities imposed by the Act on FSPs, including
oversight of the financial services (regarding the giving
of advice and rendering of intermediary services)
provided by the representatives of the FSP.
FSP
• Advice
• Intermediary
services
Juristic
representa
tive
Representati
ve
• Advice
• Intermediary
services
• Advice
• Intermediary
services
• Expectation:
– Be able to monitor actions carried out by the FSP
and/or representatives
• Regardless:
– Omission – did not notice
– not having the ability to get to everyone
• Oversee:
– All operational areas under control
– Representatives
BN 127 of 2010
A person applying for approval as an external compliance
officer must(a)
have a fixed business address;
(b)
maintain the operational ability to render compliance
services efficiently, including(i) adequate storage and filing systems for the safe-keeping of
records, business communications and correspondence;
(ii) control structures, processes and procedures with reference to(aa) segregation of duties where such segregation is appropriate from an operational risk
mitigation perspective;
(bb) control of access to the premises;
(cc) access rights and data security on electronic data;
(dd) physical security of the compliance officer’s records;
(ee) business policies and controls;
(ff)
system application testing;
(gg) disaster recovery and back-up procedures on electronic data;
(hh) a business continuity plan.
• Operational ability as applies to FSP
• Must be able to delegate where necessary
• External CO/ CP
– Cat I and IV:
• to conduct regular visits
• Once a quarter: business premises, business units and/or
branches of the provider.
• Twice a year: representatives of the provider
– Cat II, IIA and III
– regular visits to the
– business premises, business units and branches of the
provider and any representative.
– The intervals of such visits may not be less than once
a month
• Cat I and IV:
– regular visits to the
– business premises, business units and branches of the
provider and any representatives,
– Once a year
• Cat II, IIA and III:
– regular visits to the business premises, business units
and branches of the provider and any representative
– once a quarter
• Same frequency as reviews
• Make recommendations regarding rendering
of compliance services
• Can render proper and appropriate
compliance services
• 1: Many
• 1: Few
• Depends on various factors, not a
mathematical calculation
• Only allowed by internal CO
• Conditions:
– Natural person employed by the FSP, subsidiary, holding company
– must also be an approved CO, unless
– Only perform compliance monitoring ito documented procedure & exercise no
judgement
• Or:
– Delegate to an approved compliance practice.
• Duties of internal CO:
– the internal compliance officer must have appropriate oversight of such other person;
– the internal compliance officer remains accountable for the rendering of compliance
services; and
– the internal compliance officer must maintain a register with the names of the persons
to whom the rendering of compliance services has been delegated, a description of the
rendering of compliance services delegated and confirmation that the requirements of
subparagraph (a)(ii) have been complied with.