The FCA are currently issuing some firms with notices of a new online review. The first email will set out what is expected of you and will give you links to FAQs and so on. A second email will provide you with the access information that you will need to log . You will also be given a deadline by which you must complete the review.
It seems likely that the review is targeted at those firms who attended the Risk Awareness Workshops a few months ago. However, even if you didn't I recommend that you check your spam folders and emails. There is a very clear message in the FCA's notice to firms and it reads as follows:-
We will work in partnership with those firms that are trying to do the right thing and creating a secure environment for their customers. At the same time, we will identify and take action against those firms that do not engage with us (for example, by not completing the On-line Regulatory Review) and are not committed to dealing with the risks that can face their firm and their customers.
There is another very clear message in the email regarding who should complete the survey:-
The On-line Regulatory Review should be completed by the individual or individuals that have overall responsibility for managing risk within your firm. External consultants or other third parties should not undertake the Regulatory Review on your behalf.
The bold and underline are those of the FCA and not me. This makes it crystal clear that being upfront and honest with your regulator means that you should complete this survey as instructed and not rely on externals to do it for you. That is not to say that you cannot take advice from external consultants. If they had wanted that restriction then it would also have been made clear.
On first view, it looks as though the survey is designed to calculate a score based on your responses. This implies that it will be scored and then too high or too low scores will probably be scrutinised and a random sample of mid range respondents may also be selected. This could result in follow up contact to verify the integrity of the responses and, where applicable, to look at respondents where the results offer indication of regulatory risk. In other words , you could get a visit!
It goes without saying that if you make an answer in the survey, you must be able to substantiate it in your records. In other words if you carry out a review each year and document it, there should be evidence of the documented reviews from the date that you started to do it in your Compliance File or wherever you keep it.
As of now, if you have received the emails and have a deadline, then make sure you deliver to it. if you haven't had the second email look out for it a few days after the first one. Check your emails and spam folders etc to make sure that it is not mislaid. if you still don't get a second email, I personally would check with the Contact Centre to make sure that you are not required to complete it rather than assume. As they say of assume...
No comments:
Post a Comment