Find out more about how ComplyPortal’s Monitoring module can make your compliance management much easier and efficient.

As a regulated firm, compliance monitoring is a necessity. However with regulators such as the FCA continually tightening and introducing new regulations, Compliance Officers and teams are finding the manual and time-consuming ways of managing their Compliance Monitoring a harder and harder task. At ComplyPortal, know that digitising compliance helps to remove elements of human error while ensuring that your important – but potentially repetitive– compliance tasks are completed. This frees up Compliance Officers and teams to use their all-important human skills and expertise to tackle more nuanced compliance tasks.

Who is it for: regulated firms monitoring Governance, Risk, and Compliance

Key features:

• Monitoring questionnaires digitised and scheduled out for the whole year
• Records of completed monitoring activities
• Reminders of monitoring tasks that are due or upcoming
• Full reporting and audit trail to help with regulatory reports and internal audits
• Assignable tasks to groups or individuals
• Configurable to meet a your firm’s bespoke Compliance Monitoring requirements

How it benefits you:

All your past, present, and future compliance monitoring activities can be housed in one place using our Monitoring module – making it much easier to keep track of and manage compliance tasks. ComplyPortal makes life easier for those using the system, saving Compliance Officers and teams up to 10 hours per month on Compliance Monitoring. ComplyPortal’s cloud-based solution means you can monitor compliance remotely from your home office, supporting work-from-home needs and keeping the entire team on the same page. ComplyPortal can be used to stay on track on mobile and tablet devices as well as PCs.

The Compliance Perspective:

“Monitoring is essential for an effective Compliance Function. However, for many Compliance Teams it is a challenge to know what to monitor and appropriate scheduling of their monitoring tasks. The current regulatory requirements are dynamic and always changing, so software solutions like ComplyPortal can help. ComplyPortal can become a member of your team and will be there to support not only your monitoring tasks but also the recording of evidential information that can support the monitoring and other business requirements.

“The beauty of ComplyPortal is that it has been built by Compliance staff for Compliance staff to make Compliance simple. That means it has exactly the right tools, mechanisms and resources to stay on top of CMP tasks in one straightforward platform, with options to customise the platform to suit your firms needs and requirements. As technology is constantly evolving, every Compliance Team should look to implement a tool which makes CMP oversight and administration simpler and more efficient. This will allow for more time to focus on other areas of the business and your companies growth” – Joseph Burke – Consultant, Complyport

Find out more about our Monitoring module and the rest of the ComplyPortal platform at: complyportal.uk/modules

About ComplyPortal – Compliance software since 2011:

First developed in 2011 by compliance professionals for compliance officers, ComplyPortal offers workflow, automation, and several modules to help firms with control and regulatory compliance monitoring.

ComplyPortal simplifies financial services regulatory compliance management on an easy-to-use cloud-based comprehensive compliance platform. It enables compliance officers, risk officers and senior management to keep track of their firm’s regulatory responsibilities and workflows. Our platform includes the following modules, among others:

• Monitoring: a year-round schedule pre-populated with monitoring questionnaires to ease compliance processes.
• Registers: lists controlled by the Compliance officer, but easy for staff to view.
• Risk: map and control risk areas to effectively identify and manage risk for your firm.
• Training: access our LMS platform for all Compliance and Governance Training

CLICK HERE TO GET STARTED!

A Q&A with ComplyPortal’s Client Service Analyst

Describe your job in three words.

Challenging, Fun, Satisfying.

How did you get into your current role?

I was looking for an opportunity to test myself in a new environment and moving into compliance technology was an ideal opportunity to do so

What is the best part of working for ComplyPortal?

Working with a great team, where we are all available to help each other out—teamwork gets the job done.

What is your favourite part about your role?

Creating something that exceeds a client’s expectations and knowing that we’ve left them satisfied with their experience of the ComplyPortal platform.

What are your thoughts on the role of technology and compliance?

We know that compliance spans tasks that are challenging and complex, and others that are straightforward but time-consuming. Technology plays a very important in simplifying certain tasks and processes to ensure that compliance staff have more time to spend on the more complex tasks that form part of day-to-day jobs.

What is one aspect of compliance management that you would like to improve?

Moving away from offices full of paperwork—the more processes we can digitise, the more efficient control and management of these documents and compliance processes will become.

What is the best compliance advice you were ever given?

Compliance is a large animal—do not try to eat it all in one bite.

Do you prefer cats or dogs?

Dogs.

What do you enjoy doing outside of work?

Sports, Martial Arts, Cinema.

What three things would you bring to a desert island?

My wife, our child, and a laptop with available Wi-Fi.

About ComplyPortal:

First developed in 2011 by compliance professionals for compliance officers, ComplyPortal offers workflow, automation, and several modules to help firms with control and regulatory compliance monitoring.

ComplyPortal simplifies financial services regulatory compliance management on an easy-to-use cloud-based comprehensive compliance platform. It enables compliance officers, risk officers and senior management to keep track of their firm’s regulatory responsibilities and workflows. Our platform includes the following modules, among others:

• Monitoring: a year-round schedule pre-populated with monitoring questionnaires to ease compliance processes.
• Registers: lists controlled by the Compliance officer, but easy for staff to view.
• Risk: map and control risk areas to effectively identify and manage risk for your firm.
• eKYC solution: perform comprehensive searches, including client identity verification, document authenticity, and more for a comprehensive KYC and AML approach

A Q&A with ComplyPortal’s Managing Director

Describe your job in three words?

Diligent, Reliable, Professional.

How did you get into your current role?

I was first introduced to the legal, risk and compliance industry through a litigation support service provider. My proficiency with technology and software combined with my ability to offering consulting services allowed me to thrive in this industry and move from reactive solutions for legal and investigatory services to more proactive compliance solutions over my 15+ years of experience.

What is the best part of working for ComplyPortal?

Our team – we have great team players with high integrity that can be trusted to help each other out. It is great to work at ComplyPortal where creativity and initiative is respected and everyone works together to get the job done right for our customers.

What is your favourite part about your role?

As Managing Director, I enjoy being able to execute our company’s mission to make compliance simpler. More specifically, I appreciate how quickly and continuously I can improve our offering using direct customer feedback.

What are your thoughts on the role of technology and compliance?

Technology is a must-have when it comes to meeting your compliance obligations. There is simply too much data and too many repetitive tasks to deal with managing all the necessary monitoring processes in a manual way. Using software like ComplyPortal can greatly enhance the efficiency, accuracy, and timeliness of these processes.

Do you prefer cats or dogs?

Dogs.

What do you enjoy doing outside of work?

Spending time with family.

What three things would you bring to a desert island?

An expert hunter, bug spray, and a hammock.

About ComplyPortal:

First developed in 2011 by compliance professionals for compliance officers, ComplyPortal offers workflow, automation, and several modules to help firms with control and regulatory compliance monitoring.

ComplyPortal simplifies financial services regulatory compliance management on an easy-to-use cloud-based comprehensive compliance platform. It enables compliance officers, risk officers and senior management to keep track of their firm’s regulatory responsibilities and workflows. Our platform includes the following modules, among others:

• Monitoring: a year-round schedule pre-populated with monitoring questionnaires to ease compliance processes.
• Registers: lists controlled by the Compliance officer, but easy for staff to view.
• Risk: map and control risk areas to effectively identify and manage risk for your firm.
• eKYC solution: perform comprehensive searches, including client identity verification, document authenticity, and more for a comprehensive KYC and AML approach

CLICK HERE TO GET STARTED!

On 1 March 2021, the EBA published its final report setting out revised guidelines on customer due diligence (CDD) and the factors credit and financial institutions should consider when assessing money laundering (ML) and terrorist financing (TF) risk associated with business relationships and occasional transactions under Articles 17 and 18(4) of Fourth Money Laundering Directive (EU 2015/849) (MLD4).

MLD4 and a risk-based approach

The anti-money laundering directives are the key pieces of legislation which make up the current European Union anti-money laundering (AML) and counter-terrorist financing (CTF) regime. MLD4 placed a risk-based approach at the center of the regime. As the risk of ML and TF can vary, a risk-based approach helps to manage that risk effectively. MLD4 was required to be transposed into national law by 26 June 2017.

Guidelines

The greater emphasis in MLD4 on a risk-based approach meant that there was a greater need for guidance for National Competent Authorities (NCAs) and firms. Under MLD4, the European Supervisory Authorities (ESAs) were required to issue guidelines by 26 June 2017, addressed to NCAs and firms, on the risk factors firms should take into consideration and the measures they should take in situations where simplified or enhanced customer due diligence (CDD) would be appropriate. The aim was to promote a common understanding, by firms and competent authorities, of what the risk-based approach to AML/CFT entails and how it should be applied.

The Final Guidelines (JC/2017/37) were published on 26 June 2017. The guidelines have applied since 26 June 2018. Guidelines are addressed to NCAs and firms and their purpose is to clarify the supervisory expectations and to enhance the convergence of supervisory practices. Although they are non-binding, NCAs and firms to whom guidelines are addressed are expected to comply with them (on a “comply or explain” basis).

MLD5 and ESA ongoing work

On 19 June 2018, the Fifth Money Laundering Directive (EU 2018/843) (MLD5) entered into force. MLD5 was required to transpose into national law by 10 January 2020. MLD5 amended MLD4 to strengthen the fight against terrorist finance and ensure the increased transparency of financial transactions. As a result, the Guidelines needed to be updated to take account of the new legal framework. At the same time, the ESAs’ ongoing work on ML/TF risk highlighted several areas where significant differences continued to exist in firms’ approaches to AML/CFT.

The EBA’s new role

Since 1 January 2020, the responsibility to produce these guidelines (and to update them) has been passed to the European Banking Authority (EBA), by virtue of Article 3(3) of the Omnibus Directive amending Article 17 of MLD4, giving the EBA powers to lead, co-ordinate and monitor efforts to strengthen AML and CTF measures across the EU in respect of financial institutions.

The EBA launched a consultation on a revised version of the guidelines on 5 February 2020 proposing changes to reflect MLD5, as well as concerns identified by the ESAs.

The revised guidelines

On 1 March 2021, the EBA published its final revised guidelines.

General Guidelines

The EBA has provided more details to existing central parts of the guidelines, as well as adding new guidance on emerging risks:

• business-wide and individual ML/TF risk assessments;
• customer due to diligence measures including the identification of the beneficial owner and
• enhanced due diligence in relation to high risk third countries;
• TF risk factors; and
• emerging risks, such as the use of innovative solutions for CDD purposes.

High risk third countries

The revised Guidelines require firms to carefully assess the risks associated with business relationships and transactions where the customer is known to maintain close personal or professional links with a high-risk third country, or beneficial owner(s) is/are known to maintain close personal or professional links with a high-risk third country.

Beneficial ownership

Under the revised guidelines, when discharging their obligations set out in Article 13(1)(b) of MLD4 to understand the customer’s ownership and control structure, firms should:

• ask the customer who their beneficial owners are;
• document the information obtained; and
• then take all necessary and reasonable measures to verify the information: to achieve this, firms should consider using beneficial ownership registers where available.

Beneficial ownership registers – Firms should be mindful that using information contained in beneficial ownership registers does not, in itself, fulfil their duty to take adequate and risk-sensitive measures to identify the beneficial owner and verify their identity. Firms may have to take additional steps to identify and verify the beneficial owner, specifically where the risk associated with the business relationship is increased or where the firm has doubts that the person listed in the register is the ultimate beneficial owner.

Control through other means – Firms should also take reasonable measures to understand the customer’s ownership and control structure. The measures firms take to understand the customer’s ownership and control structure should be sufficient so that the firm can be reasonably satisfied that it understands the risk associated with different layers of ownership and control. In particular, firms should be satisfied that, the customer’s ownership and control structure are not unduly complex or opaque; or complex or opaque ownership and control structures have a legitimate legal or economic reason.

Firms should pay particular attention to persons who may exercise ‘control through other means. Examples of ‘control through other means’ firms should consider include:

• control without direct ownership, for example through close family relationships, or historical or contractual associations;
• using, enjoying or benefiting from the assets owned by the customer;
• responsibility for strategic decisions that fundamentally affect the business practices or general direction of a legal person.

Identifying the customer’s senior managing officials – Firms should resort to identifying the customer’s senior managing officials as beneficial owners only if:

• They have exhausted all possible means of identifying the natural person who ultimately owns or controls the customer;
• Their inability to identify the natural person who ultimately owns or controls the customer does not give rise to suspicions of ML/TF; and
• They are satisfied that the reason given by the customer as to why the natural person who ultimately owns or controls the customer cannot be identified is plausible.

De-risking

EBA also reiterates that there is no requirement for financial institutions to discontinue services to entire categories of customers that they associate with higher ML/TF risk (so-called ‘de-risking’). Instead, firms should balance the need for financial inclusion with the need to mitigate and manage ML/TF risk.

The EBA had launched a separate Call for Input in 2020, to understand why financial institutions choose to de-risk and therefore exacerbate financial exclusion, instead of managing the risks associated with certain sectors or categories of customers. The Call for Input received more than 300 responses by the deadline in September 2020 and the EBA is assessing the implications for its policy development in this area. The feedback gathered from this Call will potentially feed into other EBA outputs.

Electronic identification

Where a business relationship is initiated, established, or conducted in non-face to face situations or an occasional transaction is done in non-face to face situations, firms should take adequate measures to be satisfied that the customer is who he claims to be and assess whether the non-face to face nature of the relationship or occasional transaction gives rise to increased ML/TF risk. The use of electronic means of identification does not of itself give rise to increased ML/TF risk, especially where these electronic means provide a high level of assurance.

Moreover, MLD4 is technology neutral and firms may choose to use electronic or documentary means, or a combination thereof, to evidence their customers’ identity. Firms that use or intend to use innovative technological means for identification and verification purposes should assess the extent to which the use of innovative technological solutions can address, or might exacerbate, the ML/TF risks, particularly in non-face to face situations. Firms that use an external provider, rather than develop their own innovative solution in-house, remain ultimately responsible for meeting their CDD obligations.

Monitoring

Firms should put in place systems and controls to keep their assessments of the ML/TF risk associated with their business, and with their individual business relationships under review to ensure that their assessment of ML/TF risk remains up to date and relevant. The level, frequency and intensity of monitoring may be adjusted in a way that is commensurate to the ML/TF risk associated with the customer or the transactions. In high-risk situations, firms should consider whether enhanced ongoing monitoring of the relationship would be appropriate, including increasing the frequency of reviews to be satisfied that the firm continues to be able to manage the risk associated with the individual business. The guidelines list additional enhanced due diligence measures that may be of particular relevance in different sectors.

Sector-specific Guidelines

In addition, since the first publication of these Guidelines in 2017, the financial sector has evolved and existing and emerging risks have been identified. Therefore, new sectoral guidelines need to be included so as to tackle the specific AML/CFT risks of those sectors and to promote convergence in relation to the following sectors:

• crowdfunding platforms
• corporate finance
• account information service providers (AISPs)
• payment initiation services providers (PISPs), and
• firms providing activities of currency exchanges offices.

Next steps and Timing of application of revised guidelines

The guidelines will be translated into the official EU languages and published on the EBA website and will apply three months after publication in all EU official languages. Upon the date of application, the original guidelines will be repealed and replaced with the revised guidelines.

For more insight on compliance technology options and benefits, visit https://complyportal.uk/modules/ and find out how our straightforward, comprehensive compliance technology solution can help you and your organisation.

About ComplyPortal:

First developed in 2011 by compliance professionals for compliance officers, ComplyPortal offers workflow, automation, and several modules to help firms with control and regulatory compliance monitoring.

ComplyPortal simplifies financial services regulatory compliance management on an easy-to-use cloud-based comprehensive compliance platform. It enables compliance officers, risk officers and senior management to keep track of their firm’s regulatory responsibilities and workflows. Our platform includes the following modules, among others:

• Monitoring: a year-round schedule pre-populated with monitoring questionnaires to ease compliance processes.
• Registers: lists controlled by the Compliance officer, but easy for staff to view.
• Risk: map and control risk areas to effectively identify and manage risk for your firm.
• eKYC solution: perform comprehensive searches, including client identity verification, document authenticity, and more for a comprehensive KYC and AML approach

CLICK HERE TO GET STARTED!

While Europe’s financial institutions are struggling to absorb the shock caused by the COVID-19 pandemic, security risks and the frequency of Information and Communications Technology (ICT) and security-related incidents (including cyber incidents) are rising, which, in turn, has the potential to adversely impact financial institutions’ operational functioning.

The financial sector’s increasing digitalisation and the growing interconnectedness between financial institutions and third parties make financial institutions’ operations vulnerable to internal and external ICT and security risks that could potentially compromise their viability. As a result, sound ICT and security risk management are key for a financial institution to achieve its strategic, corporate, operational and reputational objectives.

For this reason, the European Banking Authority (EBA) issued its Guidelines on ICT and security risk management which entered into force on 30 June 2020. These guidelines set out EBA’s expectations on how financial institutions should manage the internal and external ICT and security risks.

Do you meet the requirements?

• Financial institutions have adequate internal governance and internal control framework in place for their ICT and security risks. The management and mitigation of ICT and security risks through an independent and objective control function, appropriately segregated from ICT operations processes and not responsible for any internal audit, and an independent internal audit function.
• Maintain up-to-date inventories of business functions and assess the operational risks related to ICT and the security risks and determine what measures are required to mitigate the identified risks.
• Requirements to implement effective information security measures, including having an information security policy in place; establishing, implementing and testing information security measures; and establishing a training programme for all staff and contractors.
• Requirements for ICT operations management including requirements to improve, when possible, the efficiency of ICT operations; implement logging and monitoring procedures for critical ICT operations; maintain an up-to-date inventory of ICT assets; monitor and manage the life cycle of ICT assets; and implement backup plans and recovery
• Requirements for ICT project and change management, including the acquisition, development and maintenance of ICT systems and services.
• Business continuity management and developing response and recovery plans, including testing, and their consequent updating based on the test results. Ensure effective crisis communication measures in place so that all relevant internal and external stakeholders can be informed in a timely manner.

If you don’t know where to start and are uncertain as to the security risks that exist in your organisation and how they should be identified and controlled, we are here to help you.

For more insight on compliance technology options and benefits, visit https://complyportal.uk/modules/ and find out how our straightforward, comprehensive compliance technology solution can help you and your organisation.

About ComplyPortal:

First developed in 2011 by compliance professionals for compliance officers, ComplyPortal offers workflow, automation, and several modules to help firms with control and regulatory compliance monitoring.

ComplyPortal simplifies financial services regulatory compliance management on an easy-to-use cloud-based comprehensive compliance platform. It enables compliance officers, risk officers and senior management to keep track of their firm’s regulatory responsibilities and workflows. Our platform includes the following modules, among others:

• Monitoring: a year-round schedule pre-populated with monitoring questionnaires to ease compliance processes.
• Registers: lists controlled by the Compliance officer, but easy for staff to view.
• Risk: map and control risk areas to effectively identify and manage risk for your firm.
• eKYC solution: perform comprehensive searches, including client identity verification, document authenticity, and more for a comprehensive KYC and AML approach

CLICK HERE TO GET STARTED!