Generic Risk Assessment

Risk Based Self Assessment Questionnaire Name of authorised firm: To be completed by:

/var/www/apps/pdfcoke/pdfcoke/tmp/scratch2/15062829.doc

Financial Services Commission

Table of Contents 1. Financial Soundness and Capital.................................................................................. ........4 2. Environment.............................................................................................................. ............4 3. Business Plan............................................................................................... ........................5 4. Controls............................................................................................................................ .....5 5. Organisation.................................................................................................................... ......6 6. Management ...................................................................................................... ..................7

Published by: Financial Services Commission PO Box 940 Suite 943 Europort Gibraltar Tel: Fax:

(+350) 40283 (+350) 40282

E-mail: [email protected] Http: www.fsc.gi

2

Financial Services Commission

The purpose of this questionnaire is to assist the Financial Services Commission in assessing the risks being faced by your business. Please provide comprehensive responses to the questions below. Please also supply the following (unless already held   by   the   Financial   Services 

Commission):     A B C D E F G H I J K

Current staff organisation chart including reporting lines. Current group and ownership structure. A copy of any staff handbook or personnel policy statement. Copy of internal procedures manuals.  (State if no manuals exist.) Compliance manual or statement. Copy of your manual setting out your KYC procedures and due diligence processes for new and existing clients. Copy of standard customer agreement/mandates. Description of your complaints procedures. Standard employment contract for use in your business. Copies of service level agreements held in respect of all outsourced functions that your firm might have. Business continuity and/or disaster recovery plan.

If in any response you consider that the information has previously been supplied, please state so and confirm whether any changes have occurred. Questions are generic in form and apply to all authorised firms, irrespective of industry type and size. Replies together with level of detail should be commensurate with the size and nature of business of the authorised firm. Where a firm feels that a particular question is ‘not applicable’ then we would ask the firm to mark their response "n/a" with a brief explanation.

3

Financial Services Commission

1. Financial Soundness and Capital Objective: • To determine the adequacy of the firm’s financial resources and establish the sustainability of the firm’s earnings. 1.1

Should more capital be required in the business, what steps would you take to ensure that this is in place? What support is likely to be provided by existing shareholders in this respect? Provide a statement of what capital has been raised from which shareholders in the past.

1.2

What other sources of capital would be available to the business?

1.3

Provide details of the firm’s fee structure/margins/premium policy guidelines* (*delete as appropriate).

1.4

Provide details of the firm’s business plan, budget and projected profitability for the year together with the assumptions underlying these projections; include an analysis of how the firm is currently performing against the budget. Advise who is responsible for planning/budgeting and how frequently budgets are prepared and reviewed.

2. Environment Objective: • To determine the nature, extent and degree of risk, in the business environment of the firm. 2.1

Has the firm had more than 20% of new business revenue generated by one client in the last year? – If yes, provide details.

2.2

If appropriate to your business, explain how management and staff ensure that customers are given suitable advice and given the choice of products adequate to their circumstances. What steps are taken or procedures followed in order to ensure that customers understand the risks involved in product purchase? Is there documentary evidence to support these procedures? Is contract documentation and product literature provided to the client?

2.3

What have been the main business challenges faced by the firm in the last few years?

2.4

Provide a description of computer systems the firm uses. or updates planned in the near future?

2.5

Provide an account of the impact which process and system failures would have on the operation of the firm (i.e. customer/user complaints, system downtime and processing errors) and explain what procedures are in place to minimise the impact of such possible failures.

4

Are any changes

Financial Services Commission

3. Business Plan Objective: • To determine the firm’s business profile and the strategies adopted to achieve its objectives. 3.1

Provide details of the firm’s business plans for the next 12 months.

3.2

Does the firm foresee a change in the business plan, in the market place or in the economic environment that would significantly impact its projected profitability? What action is envisaged to manage this change?

3.3

Explain the long and short term goals of the firm and what levels of group business the firm receives.

3.4

Provide details as to the composition and characteristics of the customer base (e.g. financial literacy, financial means), with details of the type of customer concerned (e.g. HNWI, affluent, middle of the road, lower market, and for wholesale customers, are they e.g. small business, institutional). Include the concentrations of customers by nationality, and by sector if appropriate. Alternatively, if clients are profiled, explain the categorisations and how many clients fall in to each category.

3.5

Explain what proportion of new business is taken up by repeat and multiple product sales, and the methods for obtaining these. Provide details on the proportion of new business which come from new customers and the methods for obtaining the same (e.g. Mail-shots, advertising).

3.6

Provide details of the degree to which intermediaries are used, and the nature of the firm’s relationship with these.

3.7

What forms of advertising and marketing are currently being employed?

4. Controls Objective: • To determine the adequacy of internal systems of control, procedures and risk mitigation strategy. 4.1

How is staff remunerated - commission, fees, bonus, salary only? Describe in detail the remuneration policy (and bonus scheme, if applicable) of the firm.

4.2

If the firm holds or controls client monies or assets, provide a description of the controls and procedures applied to safeguard these. Provide details in respect of the extent to which client monies might be held or controlled by a third party.

4.3

Provide details of the firm’s management information systems, including details of the various reports, their timeliness, accuracy and distribution. Who reviews these reports?

4.4

Describe how the internal audit/compliance function is organised (include methodology, coverage of reports and independence of the function) and 5

Financial Services Commission

provide an explanation of the steps taken to address exceptions or failures identified arising in reports. 4.5

What controls are in place to ensure that staff members carry out their duties properly?

4.6

Describe how the firm takes instructions from its clients, including how the firm ensures that these are acted upon in a timely, correct and efficient manner.

4.7

If appropriate, describe the nature and extent of client reporting.

4.8

Describe the nature and type of records maintained by the firm in respect of its clients.

4.9

Provide details of those responsible for developing, amending and updating the business disaster recovery or continuity plan. Which Manager(s) is/are accountable for the plan?

4.10

Advise of the nature and extent of anti-money laundering training provided. Provide details as to the type of materials used for training purposes.

4.11

Outline the structure of the IT function within the organisation, including resources, reporting lines and segregation of duties. Does the firm have an IT policy committee?

5. Organisation Objective: • To determine the suitability and effectiveness of the organisational structure. 5.1

If the firm is part of a larger group of companies, provide details of the relationship with other parts of the group. If appropriate, explain any centralised functions and the degree of control and direction/influence exercised by the parent or other part of the group.

5.2

Provide a detailed description of the outsourced functions provided by other parts of the group or third parties, how these operate and the control exercised by management over the outsourcing service provider?

5.3

To the extent not disclosed above explain how staff members are made aware of reporting lines, what their responsibilities are and to whom they report.

6

Financial Services Commission

6. Management Objective: • To determine the way in which the business is managed and corporate governance is exercised. 6.1

Provide details of the composition of the board, sub-committees and/or management responsibilities and functions. Include relevant reporting lines.

6.2

How often do the board of directors meet? Are minutes kept?

6.3

Provide a description of the measures in place to ensure that the ‘four-eyes’ principle is complied with.

6.4

What procedures are in place to ensure that there is adequate succession planning for board members and key staff, including adequate cover when a key member of staff is absent?

6.5

Have any written confidentiality rules or conflict of interest rules been issued to employees? Do these have to be signed by employees?

7