HOW TO PREPARE FOR A DFSA RISK ASSESSSMENT. January 2014

Transcription

1 HOW TO PREPARE FOR A DFSA RISK ASSESSSMENT January 2014

2 BACKGROUND: THE NEW GLOBAL SUPERVISORY APPROACH Following the global financial crisis and failings in the wholesale markets, international standard regulators, such as the DFSA, are committed to pursuing a more rigorous supervisory approach. Increased risk aversion: The risk of poor governance and risk management has crystallised What the DFSA will focus on during inspections: Corporate governance and board effectiveness Performance of control functions Risk identification, assessment and management Supervisors want evidence that a firm and management demonstrates good standards of conduct Adequacy of capital and prudential performance Taking preventative action where there are potential risks to consumer protection or market integrity 1

3 DFSA s APPROACH TO ASSESSING RISK DFSA conducts on-going analysis of risks relating to each Authorised Firm. DFSA s risk assessment process looks at the firm s activities, any significant changes in the firm, notifications, reporting of information (e.g. via the EPRS), the results of desk based and on-site inspections and it maintains on-going dialogue with senior management. Authorised Firms classified as higher risk (e.g. CAT 1 firms, those holding client money and/or endorsed to take retail clients) will receive more regulatory attention and be visited on-site from time to time. 2

4 ON-SITE RISK ASSESSMENTS: TYPES and OBJECTIVES DFSA may make on-site visits to different types of Authorised Firms for a range of reasons. Type of Visit Information sought by DFSA Objective Periodic Visits Understand the risk profile of the firm and how it operates Ensure that the firm is complying with the DFSA s rules and standards Theme Visits Build a clear picture of how a firm (that s representative of its industry peers and captures the DFSA s target firm type for the review) approaches a specific area of regulatory risk i.e. AML Does the firm achieve the DFSA s standards? Is this an area of risk the DFSA needs to focus on more with the broader industry? Follow-up Visits Assess whether a firm has completed actions that arose from a previous visit Ensure any specific areas of regulatory risk are adequately mitigated Special Visits Usually follows a particular event or notification from an Authorised Firm. Generally, reserved for cases where DFSA believes action is needed to mitigate a high level of risk in the firm Ensure a firm is compliant and does not pose a risk to the DFSA s objectives or the firm s clients 3

5 FORMAT OF A DFSA PERIODIC SUPERVISORY RISK ASSESSMENT (ON-SITE) Preparation for a risk assessment During a risk assessment After the inspection Understand & identify regulatory risks in the business so that you can adequately explain actions taken Manage the DFSA communicate openly & proactively; show project mgt of visit; allocate the DFSA a dedicated room & accompany them within the firm Communicate key messages to management, interviewees and approved persons Ensure that previous Risk Assessment findings are incorporated into the control framework Take notes of meetings Circulate the Risk Mitigation Programme to those involved in the visit for a factual check Confirm that documentary evidence demonstrates compliance with regulatory requirements Remember that you may not be able to answer all questions at the visit but can always follow up with a letter If applicable, negotiate the timelines for delivery of the Risk Mitigation Programme Provide DFSA advance documentation requests in good time & prepare for the types of questions likely to be asked Close out meeting: Ask DFSA for a debrief to obtain feedback and understand what areas may be of concern to DFSA & clarify any misunderstandings Respond to the DFSA on a timely basis if it requests actions are taken Ensure availability of at least those in control functions (including where outsourced) & senior management for DFSA questions/interviews Review actions from DFSA interviews/key areas that were focused on and plan next steps 4

6 KEY AREAS THE DFSA OFTEN FOCUSES ON DURING RISK ASSESSMENTS Governance: Does the firm s processes/procedures and compliance documentation match what is done in day to day practise within the firm? Is there sufficient and consistent evidence of decisions by boards, committees or teams? Does the firm have formal and effective governance arrangements? Is there adequate collective consideration by senior management of the risks facing the firm? Have the Board and senior management been sufficiently involved in the capital and risk planning process? Are control matters - finance, compliance, risk and managerial matters/decisions prioritised and actioned appropriately by senior management? i.e. how fast does the firm respond to actions raised in the auditor s reports? Client Money/Assets (if applicable): Is client money segregated? Is there evidence that the client money calculations, and internal and external reconciliations are performed at the appropriate frequency? Are the client money calculations, and internal and external reconciliations subject to senior management review? 5

7 KEY AREAS THE DFSA OFTEN FOCUSES ON AML: Has the business risk assessment been completed properly and is it documented? Is the firm taking a risk based approach to assessing clients before take-on is confirmed? Are client account opening files complete? Is there post acquisition due diligence of the client base at an appropriate frequency according to risk? Is there adequate monitoring of high risk clients? Other: Is there evidence of monitoring the effectiveness of financial executions? Is there effective oversight of the front office? Is compliance monitoring carried out as specified in the documentation and are any failings rectified? Market abuse and conflicts of interest (if applicable): Are market abuse risks assessed and monitored? Is there a conflicts of interest register and is it maintained? 6

8 WHAT THE DFSA EXPECTS TO SEE DURING A RISK ASSESSMENT Governance: Evidence of robust and effective challenge by the Board and its committees Governance is aligned with the firm s commercial strategy and risk profile Good conduct is demonstrated by management and employees via culture, values, training and messaging from senior management Where significant issues are encountered by those within the business, these are escalated appropriately to senior management and from there through to the Board and its committees (as applicable) Firm is aware of the DFSA s regulatory agenda Risk Management: Strong grasp of the key risks in the firm s business and prioritisation of the significance of these risks The governance process which gives appropriate attention to the oversight and mitigation of risks i.e. tackling product risk includes assessing the suitability of types of products for different client categories and ensuring there is appropriate communication to clients and risk warnings in relation to suitability, threshold limits and restrictions on distribution Firm uses the ICAAP and aligns with its risk mapping Employees and management of the business feed significant risks up to the senior management. Senior management escalate these risks to the board and committees as appropriate Adequate monitoring of risk and re-evaluation of risks where the business launches new products and services 7

9 WHAT THE DFSA EXPECTS TO SEE DURING A RISK ASSESSMENT Client money and assets: Appropriate governance and controls, and appropriate management information Appropriate segregation of client and firm monies/assets Detailed knowledge of the DFSA s COB module, Appendix 5 within the Finance team responsible for the reconciliation Sufficient knowledge and resources within the compliance and internal audit divisions to provide oversight and challenge where necessary Timely completion of reconciliations and any discrepancies explained and if necessary corrected promptly Business model AML risk: (DFSA introduced this requirement in its AML module in 2013) Understand the key AML risk drivers within the business in terms of: Clients and their activities and all firm transactions Country or geographical areas the firm is associated with Products, services and activity profiles Distribution channels and business partners New products and business practices New technologies 8

10 THANK YOU