A good friend was recently recounting, over a couple of pints, a newly discovered burden of having a small business within the financial sector. We were sitting in a pub near to his offices where he runs his wealth management company from two small rooms. Based in the centre of a small provincial town just outside the M25, his company is just him, his associate plus two others who perform all the administration tasks for the two principals. His clients tend to be mainly high net worth individuals, many of whom are family or personal friends, and number in the “tens” rather than the hundreds or thousands. The day before he had been visited by someone from the FCA.
This hadn’t been the first time that he’d had to submit himself to one the FCA’s spot checks. He’s been in the business a long time and understands what needs to done and demonstrated in the areas of regulatory safeguards and checks and, in fact, is an avid proponent of ensuring everything is fit and proper in relation to his clients. Furthermore, also being somewhat of an ‘éminence grise’, he’d often found his views and ideas being sought by the FCA on some proposed change to a regulation or the COB, specifically how they relate to the end client.
However this visit was slightly different. In addition to the normal subjects of money laundering checks, new business, KYC, etc. and the processes for recording and monitoring these , the panjandrum from Canary Wharf dropped a completely new topic into the mix . . . ‘Business Continuity’.
Was there a ‘business continuity plan’? Was it available to all employees? What were the contingency plans if there was a catastrophe at the office? What if there were fatalities? Had third parties and clients been considered if there was an emergency? Were there off-site copies of both electronic data as well as ‘mission critical’ software applications? Was there a remote location set up to house the staff, all appropriately resourced with utilities and equipment?
And the list went on! My friend was completely bemused – he understood that if he was a large asset manager with billions of AUM then this would be an important issue, but for his more compact outfit, it felt completely ‘over the top’.
As he explained to the man, if the offices blew up, he would pop down to PC World and buy a couple of new laptops with Microsoft Office. Then he’d go home, copy the backed up documents and spreadsheets from the USB stick that he kept there, phone round, or email, his staff, the clients and suppliers. Et voila! The office would be back online within a couple of hours. Plus the coffee was better and they could all watch the test match on Sky.
Eminently sensible and practical, one would say. Except, of course, there was one thing missing – a documented policy of this – and, moreover, a policy that should be reviewed on a ‘regular’ basis. The man from Canary Wharf has decreed this and stated that he would be checking it on his next visit.
So, my friend, eager to be compliant has done as he has been told. He has a sheet of paper on which he has listed his PC World / Microsoft / home business continuity plan and once a quarter he and his associate will read it, say “OK” and then get back to work.
I was then going to mention the ‘Senior Manager’s & Certification Regime’ and ask whether he’d got that covered yet, but I resisted. It was his round and felt not a good time to provoke him with a new regulatory ‘burden’!
- 31 Jul, 2016
- 0 Comments
- BCP, Business Continuity, FCA,