SYSC326 assists client assessment of internal controls and regulatory compliance. Support readyness planning for and response to regulatory visit (including the FCA Systematic Anti-Money Laundering Programme ('SAMLP')) and assurance test response to regulatory review (e.g. s166 remediation).
Financial sector firms must maintain policy and procedure, designed to ensure compliance with regulatory requirements.
The FCA expects firms to consider operational risk events, including financial crime risk, when establishing and maintaining systems and controls.
SME support to review policy and procedure implementation, within a retained business and/or via out-source providers (e.g. service centres).
Reviews should be planned and executed by staff with requisite knowledge and skills, particularly when testing financial crime systems and controls.
Senior management should have access to relevant and timely information, on compliance with internal controls and regulatory standards.
SYSC326 advises on financial crime compliance assurance and provides SME support to assist client delivery of controls testing.
Risk-appetite and tolerance is informed by using findings of compliance assurance reviews, delivered with relevance to the operating environment.
Assurance outcomes can be used to inform stakeholders and regulators, on adequacy and effectiveness of the financial crime framework.
Fact-based reports with review findings and recommendations can be used to inform senior management risk-appetite and tolerances.