Client Success Stories: Impactful Lending Solutions

9/12/2023

David

It is important to understand when it comes to holding your own Financial Advice Providers licence it is a licence that is held by businesses that are small and large. With this being said there is no one size fits all. A business with 1 director and 1 employee has limited resources to put towards their compliance but equally marginal risk to mitigate compared to a company with 100+ employees.

Following on from the idea above, having a licence and meeting your compliance obligations shouldn’t get in the way of you running a profitable business.

Your compliance programme should be based on:

  1. The size of your business - the amount of resource you can put towards compliance

  2. The nature and risk of the processes in your business

  3. How close the directors are to the day-to-day running of your business

So to build an effective compliance programme, you should first assess the above. If I were you I would literally write up a one pager to describe it to help people outside your business understand your approach.

The next step once the above is understood is to build your policy document, this should detail all of the processes that you carry out in your business. My advice is to ask our compliance team for the template we have built.

Each policy can be broken into three parts:

  1. Policy - this is your northern star, what are you trying to achieve with this process

  2. Process - details the actual process you follow in your business to achieve the above

  3. Control - a key step often missed, this is your checks and balances, how do you ensure your process is both being followed and fit for purpose.

After you have completed your policy document it is time to build your compliance assurance plan! Think of this plan as your safely net, this plan pulls together all of your controls, you can turn this into a calendar however it is there to help you do two things:

  1. Remind you to take an action like say complete a file review or review your record keeping policy

  2. Help you to evidence that you have completed the control

Our compliance team also has a template for the above and can help you build your plan.

The main goal for the above documentation is continuous improvement, the way to do this is to document what you do, review what you do, make changes to help you achieve your policy (or your goal)

The last two documents you need are:

  1. Business continuity plan - this document ensures in the event of a tragedy or disaster, your clients are still able to access support.

  2. Professional development plan - this document helps you to plan the training you want/need to do in the year. You can lean on the controls in your policy document for help, for a number of the policies you’ll see training as a control therefore you should make sure you have this training in your policy document.


How to make the above right sized to your business?

As above we need to assess what the right size looks like, how much time should I be sending on my compliance? You can ask a professional but the likely answer is less than you think. The key is trying to understand your obligations and when you spend time on compliance it isn't just to tick the box, actually try to understand what it is you are doing, ask questions!

If you are a smaller business you should also consider simplifying your documents & controls. Where companies go wrong is in the policy document. If you say you are doing 100 things in your document then guess what! You’ll have to find time to complete those 100 things.

A better approach is to make a written argument as to where you’ll focus your resources, that argument should be based on risk and client outcomes. You can be bold with it, for example say you are a small business and you only add an outsourced provider once every second year. For the control you could say I’ll review this annually rather than quarterly. Right there you have cut your work down by ¾. The key is to be able to fall back on a reasonable argument so you should document this.