As a regulated firm or a firm wishing to become regulated, you will need to ensure you have a robust control plan and can conduct effective monitoring of controls. In this article, we will detail what a control plan is and the steps you can take to conduct effective control monitoring.

‍

Control Plan

A regulatory control plan is a document that outlines the specific controls and processes that an organization has in place to comply with relevant laws, regulations, and policies. This plan typically includes details such as the specific regulations that apply to the organization, the controls and processes that have been implemented to meet those regulations, and the responsibilities of different staff and departments in ensuring compliance.

The purpose of a regulatory control plan is to provide a clear and comprehensive overview of an organization's compliance program. This can help to ensure that the organization is meeting its obligations and protecting itself from potential risks. The plan can also serve as a reference for staff and other stakeholders so that they can understand the specific controls and processes that are in place.

A regulatory control plan may be required by regulatory bodies, such as the Financial Conduct Authority (FCA) in the United Kingdom. In some cases, organizations may be required to submit their control plans for review and approval by the relevant regulatory body.

Control Monitoring

‍

‍

Control monitoring is a process for ensuring that an organization's controls and processes are effective in preventing and detecting misconduct and non-compliance. This is an important part of your firm's regulatory framework, as it helps to ensure that you are meeting your obligations and protecting consumers.

Control monitoring may be carried out by internal staff, external consultants, or a combination of both. It typically involves a combination of review and assessment activities, such as reviewing policies and procedures, conducting interviews with staff, and conducting on-site visits to assess the organization's practices. The results of control monitoring are typically reported to senior management and relevant stakeholders so that any issues can be addressed and resolved.

Here are some steps to take for conducting control monitoring:

1. Identify the relevant laws, regulations, and policies that apply to the organization: The first step in control monitoring is to identify the specific rules and standards that the organization needs to follow. This will help you determine what areas to focus on and what to look for when conducting the review.
2. Develop a control monitoring plan: Once you have identified the relevant laws, regulations, and policies, you can develop a plan for conducting the control monitoring. This should include details such as who will be responsible for the review, what methods will be used, and how often the review will be conducted.
3. Conduct the control review: The next step is to conduct the control review. This involves reviewing the organization's policies and procedures, as well as conducting interviews with staff and conducting on-site visits to assess the organization's practices.
4. Identify any control weaknesses or gaps: During the control review, you should look for any areas where the organization's controls and processes are not effective in preventing and detecting misconduct and non-compliance. This may include issues such as inadequate training, weak internal controls, or lack of oversight.
5. Report on the findings and make recommendations: After completing the control review, you should prepare a report detailing your findings and any recommendations for improvement. This report should be shared with the organization's management and relevant stakeholders so that they can take action to address any control weaknesses or gaps that were identified.
6. Follow up and monitor progress: After making recommendations for improvement, it's important to follow up and monitor the organization's progress in implementing them. This may involve conducting additional control reviews to assess the effectiveness of the changes that were made.

Sample Monitoring Plan

We have provided you with a sample

1. Purpose: The purpose of this control monitoring plan is to outline the specific controls and processes that will be used to ensure compliance with relevant laws, regulations, and policies.
2. Scope: This control monitoring plan applies to all departments and staff within the organization.
3. Responsibilities: The compliance department will be responsible for conducting control monitoring activities and reporting on the findings. Individual departments and staff members will be responsible for implementing and complying with the controls and processes outlined in this plan.
4. Methods: Control monitoring will be conducted using a combination of review and assessment activities, including:

• Reviewing policies and procedures
• Conducting interviews with staff
• Conducting on-site visits to assess the organization's practices

Frequency: Control monitoring activities will be conducted on a quarterly basis.

Reporting: The results of control monitoring activities will be reported to senior management and relevant stakeholders. Any issues or concerns identified during the review will be addressed and resolved in a timely manner.

Follow-up and monitoring: After any issues or concerns are addressed, the compliance department will follow up to ensure that the necessary changes have been made and that the controls and processes are operating effectively. Ongoing monitoring will be conducted to ensure that the organization remains compliant with relevant laws, regulations, and policies.

About MEMA

Our specialist team has the experience and expertise to help you. Our offering includes a regulatory business plan, a suite of compliance policies and procedures, and an IT security risk assessment. We can provide template documents and work with you to tailor these to your specific circumstances. We can also carry out a gap analysis on your current policies and procedures – and help you address any action points identified.

We will explain to you the FCA’s expectations and its recent publications and prepare a gap analysis and/ or a suitable remediation plan. Among the firms, we work with are:

• Payment initiation service providers (PISPs)
• Account information service providers (AISPs)
• E-Money institutions
• FX exchange companies
• Merchant acquirers
• Bill payment service providers
• Electronic communication exclusion businesses

If you need any help or would like a complimentary chat to understand what your business may require contact MEMA at contact@memaconsultants.com.