As I sit here at a Compliance Symposium in Wellington, listening to industry experts discuss the merits of compliance, I realise how many areas of business this topic actually covers.
Sometimes we forget how far compliance reaches - privacy and data protection, staff, customer and membership data security, boardroom governance, human resources, tax, auditing and fraud, accountancy, employment law and much, much more.
Here at the Professional IQ College, we pride ourselves on delivering high quality Level 5 distance learning that enables brokers and advisers to meet the regulatory obligations of the new regime. But is it enough to meet compliance? Seemingly not!
Each of you collect personal and private data from your clients for your business activities. How many of you are aware of the Privacy Act and its requirements? Did you know there are 12 information privacy principles?
Principles 1 to 4 govern the collection of personal information.
Principle 5 governs the way it is stored.
Principle 6 gives individuals the right to access information about themselves.
Principle 7 gives individuals the right to correct information about themselves.
Principles 8 to 11 place restrictions on how people and organisations can use or disclose personal information
Finally, principle 12 governs how “unique identifiers” such as IRD numbers, bank accounts etc can be used.
Refer to www.privacy.org.nz for more detail. One cautionary tale - British Airways got fined £180m for failing to secure their loyalty programme!
How secure is your email service? When was the last time you changed your password? Best practice is to change it every 90 days, especially if you use the same password for more than one application. Like me, you probably have multiple passwords. At last count, I have over 60 individual passwords. If your phone was stolen, how easy would it be for someone to access the data you have stored on it? If it is someone else’s personal data on there and it is accessed without authority, you could be liable. When was the last time you backed up your telephone data? The damage to your brand’s reputation after a data breach could amount to a significant loss of money as well.
Do you accept credit cards payments? If so, do you have PCI DSS? The Payment Card Industry Data Security Standard is a set of security standards designed to ensure that ALL companies which accept, process, store and transmit credit card information maintain a secure environment. Refer to www.pcisecuritystandards.org for more information.
Do you hire temporary staff, especially migrant workers? Are you aware of the minimum wage rate of $17.70 per hour? New visa rules just introduced put the emphasis on companies to apply for a licence to bring migrant workers into New Zealand. Compulsory accreditation is now required in advance. No accreditation? No visa.
Demonstrated compliance, record-keeping especially around payroll and minimum rates of pay, including holiday pay, working hours and adherence to visa conditions will all be high on the agenda of any visit by the Labour Inspectorate team.
And then there is education and training. As you would know, under the new forthcoming legislation, all Financial Advisers (and some Nominated Representatives) are required to meet the outcomes of Level 5.
For those of you who already have the old National Certificate, you are “grand-parented” straight through. However, it is worth noting, the FMA (at time of licensing) might ask what you have done to bridge the gap between the old certificate and the current New Zealand Certificate in Financial Services.
This is where the Professional IQ College’s bridging programme comes in. It allows you to demonstrate your compliance by showing you have upgraded your knowledge to the latest competency versions. Please visit www.professionaliq.co.nz or contact us for more information.
The college has been steadily increasing its enrolment numbers all year. However, as I have confirmed by speaking with many of you, I estimate only around 20% - 25% have actually started their Level 5 journey.
It makes no difference whether you complete Level 1 or Level 2 and there is certainly no need to repeat anything if you have only done Level 1. The FMA is only interested in you completing Level 5; the version is immaterial. It is something we advise you to do now and get out of the way. You will have many distractions coming your way over the next couple of years - disclosure, licensing, FAP decisions, Culture and Conduct reviews, to name a few.
Getting your Level 5 compliance requirements out of the way early will let you focus on some of these bigger issues when you need the time to do so.
Compliance might seem somewhat tedious, but it is nothing compared with the consequences when something goes wrong!
Act from a position of strength and preparedness; after all, isn’t that the very crux of the financial services industry. Take your own advice, minimise the risks and attend to this today!
