Managers have individual responsibilities to help a firm to achieve and maintain compliance. Elizabeth Mills explains

As a directors or managers of the firm, you may well be an approved person and therefore accountable for your firm's activities. While we have all been wrapped up in SYSC, PRU and CASS - sourcebooks that are key to the compliance preparation - we must not forget the principles which we as individuals must comply with.

PRIN lists the 11 principles applicable to all firms which, in turn, cascade down to approved persons via the APER sourcebook. The seven principles applicable to approved persons (as individuals) complement at least one of the principles applying to the firm. So, as long as you, as an approved person, comply with your seven principles, the firm will be well on the way to compliance.

With one (or more) approved person(s) elected to take the apportionment and oversight function they will need to ensure that the various responsibilities will be allocated appropriately, and systems and controls maintained through effective supervision.

However, just because one person is responsible for this controlled function, don't forget to include your managers in the planning process.

The SYSC (senior management arrangements systems and controls) sourcebook is one that all managers will need to understand and it requires some thought and planning. Involve all your managers as much as you can in this process.

Ensure they have input into how the rules can be applied to the day-to-day operation of your business - after all, they will be heavily involved in carrying them out.

This sourcebook covers a wide area but, for the purpose of selecting a few, have a think about the following:

  • Organisation structure. Is your firm structured with clear reporting lines? Who is responsible for complaints, training, finance requirements and so on? How have you assessed their suitability to carry out the task? What happens when one of these individuals is absent?
  • Business strategy and risk management. The FSA require firms to identify, measure, manage and control all risks of regulatory concern. Think about any risks that could affect the business detrimentally and result in it being unable to meet its regulatory obligations. How are changes within the business communicated to staff, bringing them up to date with new procedures and changes in regulation?
  • How can you reduce the chance of mismanagement and fraud? How do you make certain there are always competent individuals to cover all aspects of the business at any one time? What is your contingency plan if you are unable to work from your business premises (such as disaster recovery)?

  • Management information. How is it used, or could be used, to help you review the effectiveness and compliance of your business. Information such as your complaints log, policy sales, cancellation rates and commission rates can help with effective business management and planning.
  • Of course as the list goes on it becomes obvious that the management controls we adopt and operate within our firms are going to be vital to our successful compliance. We must be very clear on the basics. On a regular basis we need to ensure that we are compliant, that we remain compliant and that we can prove it.

    Create a checklist of all the tasks/checks/ processes that must be conducted regularly in order to implement and monitor all the disciplines adopted by your firm. Use it as a working document. You may consider it unnecessary to have a dedicated audit committee but this doesn't mean the responsibility of checking your firm's compliance does not apply.

    Conduct regular and structured management meetings, for the purpose of reviewing your firm's compliance against the requirements. Identify current and potential issues and resolve them.

    And don't forget to document what you do. Your compliance manual should be an integral part of your compliance practices and procedures. Make it a discipline that it should be referred to, adhered to, reviewed and maintained. All employees should know where it is, what sections apply to them, and what each contains.

    And while you are doing this, try to keep in mind that the purpose of regulation is to install good business practices, to protect consumers and make sure we are providing a professional service.

  • Elizabeth Mills is head of HR, compliance and training at The Broker Network
  • If you have received a 'minded to authorise' letter, email: