The Compliance Monitoring Plan (“CMP”)
Published December 2005
Its December 2005 and the perfect time to think about your Compliance Monitoring
Plan 2006, here are some ideas to think about. I have purposely drafted this
article for December publication, how many uses does your CMP have?
The CMP is your Compliance
Monitoring Bible, it should control you and remains the evidence that all is
well, that you know what you are doing, that you are evidencing all that you
have done and are going to do and that if you have found something wrong, then
what you found and how you addressed and solved the problem as well as,
demonstrate to the powers that be that you are highly organised, well that’s the
theory.
The CMP is a regulatory requirement I know, but to me it’s a great tool and
defence mechanism that quite frankly I could not do without. I will explain
below how my system works for me, and me for it, I hope something in the text
below helps or assists you in some way.
Firstly my CMP is paper based and filed in yellow binders, all my Compliance
files are colour coded, for example blue for approved persons, green for gifts
and entertainments blue for financial promotions ECT. The reason for this is
two fold, (1) I can grab folders I need without having to read the labels (to an
extent) and (2) more importantly, its very cool when you place your work in
front of the FSA or IAD to be audited and they can see your organisational
ability and methodology straight away (it looks good and gives a highly
organised impression of you).
The CMP is sectioned (for
arguments sake from 1 to 30), I also have the same (mirrored) sections stored
electronically in Word format on my PC.
For example, CMP section one is for T and C monitoring, my PC based Word CMP
file 1 is also T and C Monitoring. All the templates for the thirty items in my
CMP take the same format, of course what gets attached is often different, but
the frontal monitoring page remains the same and again demonstrates a uniformed
well organised system.
So for example, when monitoring T and C I do my monitoring which I record on my
monitoring form/s, once this is completed I then go to my Word file (1) and
complete the electronically held summary, I print this off, sign it, date it and
attach it to my monitoring form/monitoring evidence, and then file in section 1
of the CMP (the paper based system, in the yellow binder), in summary:
- 1. Print off monitoring forms and conduct monitoring;
- 2. Complete electronically held Summary form and print off;
- 3. Sign, date and file in correct section of the yellow CMP binder.
- T and C (annual refresher training for existing staff);
- Disaster Recovery;
- Anti Money Laundering
- Anti money Laundering Report to Senior Management;
- KYC’s – remain filed are in the correct place and were signed off;
- Monthly web site used monitoring e.g. FSA, Compliance Online, BOE Sanctions Lists etc;
- G and E;
- PA Dealing;
- E-mail monitoring;
- Telephone monitoring;
- Internet monitoring;
- Weekend and out of hours employee access monitoring;
- Complaints monitoring;
- Financial Promotions monitoring;
- Client Classifications;
- Business area’s procedures ECT ECT.
You may also introduce a new form of monitoring, for example, an external correspondence audit (company letters going out), so you would include this as anew item, thus demonstrating how your CMP keeps up to date with the times and that you review and amend it as and when required, and of course the reasons for this new form of monitoring.
Always document these changes as IAD and FSA will want to see an audit trail and that you are giving serious thought to how you work your CMP (remember, it works for you and you for it).
When I do my new year monitoring plan I produce this on a Word document (graph looking box style), for example, column one has the number I mentioned earlier (from 1 to 30), column two indicates what I am monitoring e.g. T and C, then across the top are the months of the year, this way I simply stick a cross in the box indicating the item and month I am monitoring. This Graph is very useful because it has an additional use in that; if a report is due out (say to FSA) I make sure this is noted in the relevant box, for example, on the complaints monitoring line the CMP Graph tells me the two months of the year I need to report to FSA, therefore, it is impossible for me to miss the reporting dates.
If your a small to medium firm, then you are probably the CF10 and 11, but for larger firms these roles are often split, so if you’re the CF10, then delegate the relevant sections of the CMP out, e.g. to the CF11, T and C Officer and Disaster Recovery Officer, if he or she is a different individual, or, members of your Compliance Team to whom you have given designated responsibilities to.
Don’t worry of by the end of the year your Yellow bound CMP files end up be two or six lever arch files thick, remember the more evidence there is, the better it is for you. Have separate files for each year, again this looks and is highly organised, if you can store these on sight then even better. Again giving the organised professional impression is so important.
When the FSA pay you a visit, it can only instantly win you brownie points that you can produce your current and previous years CMP (with a track record of how it remains flexible and keeps up to date). Taking FSA and/or IAD auditors to a locked cabinet, opening it and having current and previous years monitoring stored in this fashion is impressive.
Certain e-mails I receive that link in to the CMP but are not for immediate action, are filed in the CMP, this way when the designated monitoring month arrives, I can see previous issues and check they have been implemented/ resolved, or, need acting on, so in a sense the CMP is also an organiser and diary system as well.
Good luck with your plans for 2006 and , may I take this opportunity to wish you all a happy and healthy new year.
Ben Hur
Compliance Officer and MLRO NIBC Bank N.V.
Chairman the Anti Money Laundering Practitioners Forum
(MLRO’s.com).