In an exclusive interview with Neopay’s Consultancy Manager, Margita Layne, we delve into the pivotal role of internal and external monitoring in ensuring regulatory compliance within the financial services sector. Margita, drawing from her extensive experience as a former MLRO and Head of Compliance in the payment sector, sheds light on the challenges commonly faced by companies and explores the critical significance of internal controls. She also shares practical examples and advice for companies looking to adapt their monitoring and oversight strategies effectively in the dynamic financial industry.
Can you explain what internal and external monitoring and oversight mean in the context of regulatory compliance, particularly in the financial industry?
One of the key aspects of ensuring that the business operates within the regulatory requirements is through effective monitoring and oversight of all business activities, such as financial crime, safeguarding arrangements, financial promotions, complaints handling, business continuity, and operational resilience, among many other areas. Depending on the size and complexity of the business, oversight and monitoring can be achieved either internally by the second line of defence (Compliance) as part of the compliance monitoring plan, or externally through experienced compliance professionals.
Maintaining a robust oversight and monitoring program, whether internal, external, or a combination of both, is crucial to ensuring the business operates in accordance with regulatory requirements and internal processes. The results of the monitoring also provide vital management information to senior management, enabling them to make informed decisions on how to conduct the business by identifying any gaps or areas of improvement.
Why are internal controls, such as policies and procedures, critical for organisations in ensuring compliance with financial regulations?
Policies and procedures form a key part of effective governance within any firm. Through documented policies, firms can identify and implement applicable regulatory requirements, ensuring a clear framework and guidance for all employees on how to conduct their work. Equally, documented internal processes are crucial to ensuring that all activities are streamlined and up to date.
What are some common challenges companies face when trying to establish effective internal monitoring systems, and how can they overcome these challenges?
Some challenges, especially within smaller firms, involve difficulties in establishing an effective three lines of defence model that ensures both effective compliance monitoring by the 2nd line and further assurance by the 3rd line (internal audit). Frequently, an overlap occurs between the second and third lines of defence, or there is an absence of the third line due to the size and complexity of the business. As a result, many firms opt to outsource the internal audit function to experienced external professionals, enabling them to conduct an independent audit of the systems and controls.
How does Neopay assist organisations in developing strong internal monitoring processes and controls?
Neopay can provide tailored support and solutions to develop or enhance internal monitoring processes, systems, and controls. This involves reviewing existing plans or assisting in creating a new compliance monitoring plan (CMP). The CMP includes capturing all regulatory activities, applying appropriate frequencies and methods of monitoring (such as sampling), and assigning responsible persons. Neopay assists firms in ensuring that all aspects of regulatory compliance are encompassed within the firm’s monitoring framework. Additionally, Neopay guides firms through determining the appropriate extent and methods for conducting the monitoring.
Moving to external oversight, what role does it play in ensuring compliance, and what should companies consider when choosing external partners for this purpose?
While firms are responsible for implementing effective internal monitoring and oversight controls, conducting independent external assessments of compliance with regulatory requirements and internal processes is considered of great importance. This has become a regulatory requirement, as well as an expectation from other partners such as banks or liquidity providers, necessitating firms to undertake various audits throughout the year. These audits may include examinations of financial crime systems and controls, safeguarding, or more comprehensive compliance and regulatory audits.
Firms must ensure that they select credible partners with the appropriate level of expertise in the industry. Moreover, firms should confirm that their chosen partners can deliver audits in accordance with the required scope of work.
External audits conducted by Neopay employ diverse methods to comprehensively review the state of firms’ systems and controls. Neopay typically engages with the firms to acquire key documentation, such as policies and procedures. The process also involves conducting interviews with key members of the senior management team, as well as individuals involved in day-to-day activities (for example, subject matter experts). Additionally, Neopay tests various files to ensure that processes align with regulatory and internal requirements.
Can you provide examples of how Neopay’s external oversight services have helped clients in maintaining regulatory compliance and preventing issues?
We have assisted numerous firms in improving and enhancing their systems and controls to ensure full compliance with regulatory requirements. Through the use of various methods outlined above, Neopay is able to obtain a realistic view of the firms’ processes, systems, and controls. Consequently, Neopay can identify any gaps, inconsistencies, or deficiencies in the actual process or documentation.
For example, Neopay may find that the day-to-day activities align with regulatory requirements and internal processes; however, the documentation itself doesn’t accurately reflect all of the activities that take place. Neopay observed that firms had an effective internal and external reporting process for SARs (Suspicious Activity Report), as evidenced through discussions and sample testing. Nevertheless, there was a lack of a detailed overview of the processes, specific activities, roles, and responsibilities.
Another example we have encountered involves situations where firms have not updated their processes or documentation, or both, to reflect changes in regulatory requirements. This includes changes to high-risk third countries, as outlined in Schedule 3ZA of the Money Laundering Regulations.
Through the audits, Neopay is also able to identify improvements to the controls that may meet the minimum requirements but fall short of industry standards. For instance, this may include assessing the quality of the Annual MLRO Report.
As regulations continue to evolve, what advice would you give to companies looking to stay ahead and adapt their monitoring and oversight strategies effectively?
Firms should stay on top of their internal monitoring activities to ensure that, with changes in the regulatory landscape or internal processes, compliance monitoring and oversight remain up to date. Firms should avoid relying on templated or ‘interitated’ CMPs that may not be specific to their business activities or up to date with regulatory requirements. Monitoring plans for firms must be specific to their business model and activities, mirroring the regulatory requirements. It is also crucial that monitoring activities are appropriate and proportionate to various metrics (e.g., the number of customers or transactions). For instance, reviewing ten customer files for due diligence may be appropriate for a small firm with 100 customers, but it would not be suitable for a large company with 1000+ customers. Considering the regulator’s focus and best industry practice, firms should establish arrangements with reputable third parties to conduct external audits on at least an annual basis, complementing firms’ internal monitoring and oversight.
How Neopay can help
Neopay offers targeted support for organisations aiming to strengthen their internal monitoring processes and regulatory controls. Our consultancy services focus on crafting or enhancing compliance monitoring plans (CMPs), ensuring all regulatory activities are captured. We guide firms in determining appropriate monitoring frequencies and methods, fostering a comprehensive framework. Additionally, our expertise extends to external oversight, where we conduct independent audits using diverse methods such as document reviews, interviews, and rigorous file testing.
Our approach has proven effective in assisting clients, identifying and addressing gaps in processes and documentation. By choosing Neopay, firms benefit from a tailored, dynamic approach that ensures compliance resilience amidst evolving regulatory landscapes.
Contact our team today to find out more about how we can support your business.
Margita Layne brings over a decade of experience in compliance within financial services to her role at Neopay. Previously serving as Head of Compliance and MLRO at an industry-leading e-money firm, as well as holding various compliance and managerial positions at CFD/FX brokerage institutions and asset management companies. Margita’s extensive experience and Master’s Degree in Finance, Banking and Investments enable her to provide exceptional advice and assistance to clients in meeting their regulatory and compliance needs.