SERVICES | Associated Compliance

SERVICES

services

In a nutshell, our primary role is to facilitate the effective management of the compliance risk in our clients’ departments and divisions through, inter alia, the following:


Setting organisation-wide policies and standards for compliance.

Providing advice on compliance-related matters.

Monitoring the level of compliance on an ongoing basis.

Establishing and maintaining working relationships with relevant stakeholders.

Providing assistance to minimise the damage to the organisation’s reputation/image in cases where material transgressions occur.

Reporting to Key Individuals, audit committees, line management and regulators.

Facilitating the compilation of a compliance manual in conjunction with relevant staff and other role-players. The manual is based on the standards and norms provided by the Compliance Institute of Southern Africa, but customised for the specific environment in which our clients function.

The manual addresses:

The risks that fall within the scope of our appointment.

The material objectives and aspects of the applicable regulatory requirements.

The applicable legislation, rules and regulations and where appropriate we focus on the “spirit of the law”.

Click here to view our e-brochure.

Comprehensive description of what we do

FAIS Compliance Services

We will:

Assist the company in the compilation of an appropriate compliance risk management strategy as part of its overall risk management strategy.

Deliver and update as appropriate a compliance manual which will be produced electronically and will be the guide to compliance services. It will contain:

 

–  Explanatory Notes

–  Example Documents and Guides

–  FSCA Directives, Guidance Notes and Board Notices

–  How monitoring will take place

Perform monitoring visits and compliance checks in accordance with a predetermined frequency to assess the extent the company as a whole has met the legislative requirements of FAIS. This is achieved by checking the company’s policies, procedures, strategies and financial services delivery records. Where aspects of non-compliance are found, recommendations will be provided which, if followed, will assist the company to become FAIS compliant.

Immediately provide recommendations to the appropriate nominated person, which will include recommendations as to how any non-compliance issues can be rectified.

Where necessary, prepare a written report in respect of the compliance status after each monitoring visit which will be delivered to the appropriate nominated person within seven days of the monitoring visit.

Provide the company’s appropriate nominated person with a quarterly compliance report which will highlight overall compliant and non-compliant issues and where appropriate will provide recommendations for improvement.

Compile and submit the annual compliance report to the Registrar as required by Section 17 (4) of the FAIS Act.

Amend details of the company’s license profile with the Financial Sector Conduct Authority (FSCA) as and when required and within the timeframes as detailed in the conditions on the company’s FAIS license subject to that information being provided to the Compliance Practice by the company within a reasonable time.

Maintain a Representative and Key Individual register on behalf of the company subject to the provision of accurate information being provided to the Compliance Practice by the company as changes occur.

Assess the Fit and Proper status of the company’s Representatives and Key Individuals based on the definitions detailed in the Regulation and on information provided by the company.

FICA Compliance Services

We will:

Deliver and update as appropriate a compliance manual which will be produced electronically and will be the guide to compliance services. It will contain:

  • –   Explanatory Notes
  • –   Example Documents and Guides
  • –   FSCA Directives, Guidance Notes and Board Notices
  • –   Details of how monitoring will take place

Perform monitoring visits and compliance checks in accordance with a predetermined frequency to assess the extent the company as a whole has met the legislative requirements of FICA, which will be achieved by checking the company’s policies, procedures, strategies and financial services delivery records. Where aspects of non-compliance are found, recommendations will be provided which, if followed, will assist the company to become FICA compliant.

Immediately provide recommendations to the appropriate nominated person, which will include recommendations as to how any non-compliance issues can be rectified.

Where necessary, prepare a written report in respect of the compliance status after each monitoring visit which will be delivered to the appropriate nominated person within seven days of the monitoring visit.

Provide the company’s appropriate nominated person with a quarterly compliance report which will highlight overall compliant and non-compliant issues and where appropriate will provide recommendations for improvement.

Binder/Outsourced Agreements Compliance Services

We will perform compliance checks of the entity(ies) to which Outsourced/Binder facilities have been provided in accordance with a predetermined frequency to assess the extent the entity(ies) as a whole meet the requirements determined by the Regulations and Directives imposed by the Financial Sector Conduct Authority (FSCA) and the conditions detailed in the relevant agreement(s).

We will:

Investigate the extent to which the entity has performed in terms of the standards and requirements of the Outsourced/Binder agreement(s), including but not limited to:

(1)   contract and capacity of contract signatories

(2)   duration and expiry

(3)   frequency of activity required vs the frequency of activity provided

(4)   level and standard of service

(5)   correlation of fees charged against services provided

(6)   type and frequency of reporting

(7)   sub-outsourcing

(8)   warranties and guarantees in place.

Check the entity’s operational ability.

Check the entity’s financial soundness.

Check the entity’s competence.

Check the entity’s governance, risk management, and internal controls.

Check the entity’s compliance with applicable legislation.

Check that the entity’s systems management controls are in accordance with standards.

Immediately provide recommendations to the company, which will include recommendations as to how any non-compliance issues can be rectified.

Prepare a written report in respect of the compliance status of each monitoring visit which will be delivered to the company within seven days of the monitoring visit.

Provide the company with a quarterly compliance report which will highlight overall compliant and non-compliant issues and where appropriate will provide recommendations for improvement.

Professional Bodies Codes of Conduct Compliance Services

We will:

Deliver and update as appropriate a compliance manual which will be produced electronically and will be the guide to compliance services. It will contain:

– Explanatory Notes

– Professional Body’s Guidance Notes and Information Notices

– How monitoring will take place

Perform monitoring visits and compliance checks in accordance with a predetermined frequency to assess the extent the company as a whole has met the requirements of the Professional Body’s Code of Conduct. This will be achieved by checking the company’s policies, procedures, strategies and financial services delivery records. Where aspects of non-compliance are found, recommendations will be provided which, if followed, will assist the company to become compliant.

Immediately provide recommendations to the appropriate manager, which will include recommendations as to how any non-compliance issues can be rectified.

Prepare a written report in respect of the compliance status of each monitoring visit which will be delivered to the appropriate manager within seven days of the monitoring visit.

Provide the company’s appropriate manager with a quarterly compliance report which will highlight overall compliant and non-compliant issues and where appropriate will provide recommendations for improvement.

Short-Term Insurance Act (STIA) Compliance Services

We will, in terms of predetermined sections of the STIA:

Deliver and update as appropriate a compliance manual which will be produced electronically and will be the guide to compliance services. It will contain:

–  Explanatory Notes
–  FSCA Directives, Guidance Notes and Board Notices
–  How monitoring will take place

Perform monitoring visits and compliance checks in accordance with a predetermined frequency to assess the extent the company as a whole has met the legislative requirements of the predetermined sections of the STIA which may be achieved by checking the company’s policies, procedures and strategies as well as certain transaction files. Where aspects of non-compliance are found, recommendations will be provided which, if followed, will assist the company to become compliant.

Immediately provide recommendations to the appropriate manager, which will include recommendations as to how any non-compliance issues can be rectified.

Prepare a written report in respect of the compliance status after each monitoring visit which will be delivered to the appropriate manager within seven days of the monitoring visit.

Provide the company’s appropriate manager with a quarterly compliance report which will highlight overall compliant and non-compliant issues and where appropriate will provide recommendations for improvement.

Treating Customers Fairly (TCF)

We will:

Conduct an analysis of the state of readiness for TCF using the six outcomes as the basis of providing a GAP analysis report.

Assist with, if required, the implementation of the company’s TCF strategies and procedures once the standards have been set by management.

And thereafter perform ongoing monitoring visits, if required, in accordance with a predetermined frequency to assess the extent the company as a whole is achieving its desired outcomes following the implementation of the TCF strategy and procedures.

POPIA (Protection of Personal Information Act)

We believe responsibility and ownership for privacy compliance should be that of the company, CEO, directors, executives and staff.

We will assist with, if required, structuring or guidance with the development and implementation of the company’s privacy compliance programme, strategies and procedures once the standards have been set by management.

We will:

  • Provide high level POPIA awareness training.
  • Conduct an analysis of the state of readiness for POPIA using the processing conditions, additional rights and obligations as the basis of providing a GAP Analysis / Readiness Report.
  • Conduct Data Inventory training to assist the company to undertake data inventories to assist to identify the data it holds.
  • Conduct data flow mapping to assist the company to identify where the data held is and where it is moving.
  • Assist with the development of the company’s privacy policy / statement, procedures and processes.
  • Conduct staff awareness training on POPIA and information security.
  • Assist with the development and design of operational controls for managing and obtaining consent, data transfers, third party management, physical, technical and administrative safeguards, data necessity, integrity, quality, retention, data incident / breach management and response plans.
  • Assist with and provide training on conducting data protection impact assessments as a good practice measure to identify and minimise privacy risks associated with new projects or to also review the company’s existing processing operations to identify whether there is anything that would likely be considered a high risk under POPIA.
  • Perform monitoring visits and compliance checks in accordance with a predetermined frequency to assess the extent the company as a whole has met the legislative requirements of POPIA. This is achieved by checking the company’s policies, procedures and strategies. Where aspects of non-compliance are found, recommendations will be provided which, if followed, will assist the company to become POPIA compliant.
  • Immediately provide recommendations to the appropriate nominated person, which will include recommendations as to how any non-compliance issues can be rectified.
  • Where necessary, prepare a written report in respect of the compliance status after each monitoring visit which will be delivered to the appropriate nominated person within seven days of the monitoring visit.
  • Provide the company’s appropriately nominated person with a POPIA compliance report which will highlight overall compliant and non-compliant issues and where appropriate will provide recommendations for improvement.

Related Services

Click here to learn more about AC-Proofed – quality proofreading and editing services.

Click here to learn more about AC Human Assets Services – support for our clients in their human resources needs and requirements.