Today has been a lovely day in the coffee culture of St Peter Port, meeting and catching up with people, discussing contracts, plans and ideas, before returning home to work on some clients. Working from home allows me the time and space to not only work on engagements but also on ideas, while also being able to attend to the evening meal, taking breaks to collect fresh vegetables and herbs from the garden before slow cooking for the family. It suddenly struck me that a compliance framework is very similar to a recipe. You wouldn’t just throw random ingredients that look good into a pot and hope for the best — at least not if you wanted it to be edible and the same goes for compliance frameworks.
1. Ingredients (Policies & Procedures) Any recipe starts with a list of ingredients — the must-haves. In compliance, these are your policies, procedures, and controls that have been carefully designed to meet the expectations of regulators, clients, and stakeholders. Without them, you can’t “cook” a compliant organisation
2. Method (Processes & Workflows) The step-by-step instructions in a recipe are your workflows. They guide your team on how to use each ingredient in the right sequence — whether it’s onboarding clients, undertaking client transactions, or reporting breaches, complaints or suspicious activity. The method ensures consistency and clarity.
3. Measurements (Risk Appetite & Tolerances) A pinch of chilli adds flavour; too much overwhelms. Similarly, defining your risk appetite ensures the right balance between flexibility and control. While regulations set the boundaries, your organisation can tailor its approach to suit its unique palate.
4. Timing (Monitoring & Review) A good chef knows when to stir, when to simmer, and when to serve. In compliance, that’s your ongoing monitoring and periodic reviews to make sure the framework is still effective and the business can demonstrate its compliance to the regulatory framework and its appetite and objectives. It helps catch issues early, before they “burn” or for the sauce to curdle.
5. Presentation (Reporting & Audit) Even the tastiest meal needs to look appetising. Your reporting and audit trail present your compliance efforts clearly, demonstrating your compliance with the desired regulatory and business outcomes and your competence to regulators, stakeholders, and auditors.
The secret ingredient?Culture Without a shared commitment to doing the right thing — backed by the right resources, experience, and mindset, even the best-designed framework will fall flat. Culture binds it all together
If you’d like to chat about how to get the right ingredients or refine your recipe to make it more palatable for the Stakeholders and Regulator, feel free to reach out: sara@tspgsy.com and please have a look at our website https://technicalspecialistpartners.com/ and see what our menu can offer you.
In today’s fast-paced regulatory environment, Guernsey financial institutions must ensure they are not only compliant but also adaptive to ever-evolving domestic and international standards. The Guernsey Financial Services Commission (GFSC)Handbook provides a critical framework for ensuring Guernsey financial institutions uphold the highest standards of governance when countering financial crime, countering the financing of terrorism, and countering the Financing of Proliferation (CFC,CTF,CPF or Financial Crime) when undertaking their business activities. One of the most crucial sections, Chapter 8, delves into enhanced customer due diligence (ECDD) measures required for high-risk business relationships and situations. This blog will explore these ECDD measures and how organisations can align their operations and compliance frameworks with the Guernsey regulatory expectations set out in Chapter 8 of the GFSC Handbook.
Understanding the GFSC Handbook: A Regulatory Pillar
The GFSC Handbook is a guiding document that helps regulated entities in Guernsey comply with legislative and regulatory requirements, specifically around CFC, CTF, CPF and operational soundness to prevent and detect financial crime. By addressing both international and local standards, the Handbook covers areas such as:
Corporate governance
Risk management
Due diligence
Customer relationships
Transaction monitoring
However, when dealing with high-risk scenarios, standard measures are often insufficient. Chapter 8 is designed to mitigate risk in such situations through ECDD, enhanced monitoring, and enhanced reporting requirements to provide for effective corporate governance.
The Importance of Chapter 8: Enhanced Measures for High-Risk Situations
Chapter 8 of the GFSC Handbook specifically addresses scenarios where standard due diligence may not suffice to adequately mitigate risks of high risk business relationships. In such situations, Guernsey financial institutions and their directors and controllers are expected to employ ECDD measures to ensure robust risk management. These high-risk situations may arise from the following:
High-risk customers: Individuals or entities from jurisdictions with weaker CFC, CTF, CPF frameworks or with susceptibility to financing of terrorism or proliferation activities, politically exposed persons (PEPs), or clients involved in industries with higher susceptibility to financial crime.
Complex or unusual transactions: Large transactions that are inconsistent with the customer’s known profile or operations, or where the source of funds or rationale for the transaction is unclear.
Higher-risk products and services: Financial services that pose higher risks, such as correspondent banking, nominee services, and some services involving virtual assets.
Enhanced Customer Due Diligence (ECDD)
One of the critical components of Chapter 8 is ECDD, which goes beyond standard customer identification and verification processes. ECDD measures may include:
Additional documentation: Guernsey Financial institutions must collect more extensive documentation to verify the customer’s identity, business activities and rationale, and the source of their funds and wealth of their beneficial owners .
More in-depth investigations: Guernsey Financial institutions are required to dig deeper into a client’s background, including reviewing ownership structures, past transactions, and financial history (source of wealth and source of funds).
Regular updates: Ongoing due diligence must be performed more frequently, ensuring that any changes to the customer’s profile are promptly captured, investigated, and where required that documentation is obtained to confirm the continued legitimacy of the business relationship.
Key Requirements under Chapter 8 of the GFSC Handbook
To successfully implement Chapter 8, Guernsey Financial institutions need to address several critical areas:
Customer Due Diligence (CDD) and understanding and documenting the rationale of the business relationship and its components.
Under Chapter 8, financial institutions must enhance their CDD and while documenting and clearing demonstration the rationale and purpose of the business relationship. This includes verifying the identity of beneficial owners, understanding the nature and purpose of business relationships, and ensuring continuous monitoring. For high-risk customers, ECDD measures require more rigorous background checks, additional verification, a deeper understanding of the client’s source of wealth and funds, and ensuring that it the take on and continuation of the business relationship is signed off by a higher level of authority and oversight.
Transaction Monitoring and Risk Profiling
Guernsey Financial institutions must implement more extensive and frequent transaction monitoring for high-risk clients. Chapter 8 mandates continuous monitoring of business relationships to detect suspicious activities promptly. This includes having lower thresholds for transaction monitoring, greater scrutiny and documentation of transactions, activity undertaken, and their rationale, to flag unusual patterns or irregular transactions that might indicate money laundering, terrorist financing or proliferation activity.
Source of Funds and Wealth Verification, Documentation and Monitoring
Enhanced measures under Chapter 8 place significant emphasis on identifying and verifying the source of funds and wealth and holding up to date documentation on this area. This goes beyond just knowing where the money comes from; Guernsey Financial institutions need to understand how the funds were acquired, the activities that generated them, and ensure they are legitimate. For example, funds coming from high-risk jurisdictions for terrorism or industries require additional scrutiny to prevent bribery and corruption, or activities that may be linked to proliferation activities.
Enhanced Monitoring and Reporting
Monitoring business relationships is a continuous process of both day-to-day review of the transactions and verification subjects and more frequent periodic reviews of the business relationship, especially for high-risk clients. Chapter 8 requires Guernsey financial institutions to apply more scrutiny to transactions for high risk business relationships and escalate suspicious activities to the Money Laundering Reporting Officer and where necessary to the authorities, such as the Financial Intelligence Unit, or for sanctionsto the Guernsey Policy Council . Guernsey Financial Institutions must ensure they have robust internal mechanisms to report suspicious transactions regardless of monetary value, or sanctions while maintaining comprehensive documentation to support their findings.
Risk-Based Approach
Chapter 8 promotes a risk-based approach, where enhanced measures are applied based on the level of risk posed by the customer, transaction, service or product provider and any higher risk area identified. Institutions must create internal policies and procedures that reflect this principle, ensuring flexibility in responding to varying levels and types of risk.
Implementing ECDD Measures: Best Practices
To successfully align with Chapter 8 and the broader GFSC Handbook requirements, organizations should consider the following best practices:
Comprehensive Risk Assessment: Conduct regular risk assessments to identify customers, products, and services that pose higher risks. This will help prioritize where ECDD measures are necessary.
Training and Awareness: Ensure that staff at all levels are trained to recognize high-risk scenarios and know when to apply ECDD measures and what ECDD measures are required.
Technological Integration: Utilize advanced technology such as automated sanction screening and transaction monitoring, to flag suspicious activity, and conduct more thorough and continuaous due diligence.
Documentation and Record-Keeping: Hold and maintain detailed records of all due diligence processes, transactions, and enhanced measures taken. This is crucial for regulatory reporting and audits.
Regular Reviews and Updates: Chapter 8 requires ongoing monitoring and re-assessment of business relationships inclusive of the verification subjects, so Guernsey financial institutions should regularly review their procedures, especially when regulatory changes occur or there are changes to the business plan and sphere of operation.
Conclusion: Staying Ahead of Compliance Obligations
Complying with Chapter 8 of the GFSC Handbook requires a proactive and well-structured approach by the Directors and relevant senior employees in managing high-risk scenarios. Guernsey financial institutions must be vigilant in applying enhanced customer due diligence, monitoring, and reporting, ensuring that all procedures meet the stringent regulatory requirements of the GFSC. By adopting best practices, leveraging technology, and promoting a culture of compliance, Guernsey financial institutions can better manage higher risks and maintain a strong relationship with regulators and stake holders in the Guernsey regualtory framework.
Staying compliant isn’t just about ticking boxes—it’s about detailing the approach to risk, applying the measures and documenting their effectiveness in protecting the local and international financial system from abuse in order to safeguard the reputation of your business and third-parties that provide services to you and your clients.
By carefully and proactively integrating the ECDD measures detailed in Chapter 8 of the Handbook, Guernsey financial institutions can navigate the financial crime risks posed successfully, maintain compliance with GFSC rules and regulations, reporting requirements, and better protect themselves from investigations, enforcement actions and financial crime while providing products and services to those business relationships and persons who are high risk.
Stay ahead of the curve—ensure your compliance regarding Enhanced Due Diligence and high risk business relationships are up to date!
Join us at Technical Specialist Partners in fostering a culture of integrity and accountability by contacting us at hello@technicalspecialistpartners.com to discuss your requirements and the services that we can provide. Together we can build a compliant and ethical work place.
Some times there are some things that are more important than Compliance, and that is now and it’s YOU.
We find ourselves in a reality that was unthinkable at the start of 2020 and our best laid plans for the year have disappeared in the tempest that is Covid 19. Many of us are now working from home which adds new stresses and strains that we were not prepared for, and that we are now having to deal with. As someone who has worked remotely for several years I wanted to share some tips to help you stay productive motivated and most importantly safe and well.
Firstly define your work and down time hours and try to stick to them. You need to be flexible but don’t let work take over from your need for down time and self care. Make sure that your colleagues know when you are working and when not to disturb you. Once you finish for the day turn your email off, it can wait till tomorrow and if urgent your firm will be able to contact you.
Ease yourself into your day, have a morning routine to prepare yourself for work. I take the time to make a cup of tea, have breakfast and catch up on the news, but be careful of the media overload and anxiety it can cause. I take my tea and either look or sit outside enjoying the dawn, breathing and just centring myself, sometimes with a quick yoga or Kayak session.
Make sure that you have a separate and dedicated workspace and that it doesn’t invade your personal space.
Have a plan for the day and stick to it but stay flexible and adaptive in your approach. I start by reading through emails and prioritising tasks and jobs to ensure that my plan for the day is as good as it can be. Once done I like to send an email to my colleagues letting them know I am online and can be contacted.
Make sure you schedule breaks throughout the day, I normally take 5 minute breaks every hour or so. This allows you to give your mind a break and recover and refocus. This is the same as any physical training where breaks from activity are needed to refresh the muscles and keep performance up. Your work space at home may not be conveniently designed for prolonged periods of computer work. Get up and move, stretch and get a drink or snack, lessen the strain on your body as well as your mind.
Have lunch, you need this to refuel and switch off completely, try to do this away from your work space to negate your work taking over this personal time. I often try to include an element of physical exercise outside as well as experimenting with recipes and varying my lunch from day to day. Lately I have got back in to sea swimming which is energising and refreshing, but do what makes you feel good and takes your mind off work and any negativity, it is about what is good for you and what is needed to leave your refreshed and motivated.
Have an end of the day routine to ease yourself in to your personal time. Try to finish your tasks and don’t start a new task if you won’t be able to complete it by the end of the day. I finish the day by catching up on emails and notifications and start to plan for tomorrow. Let your colleagues know that you have finished for the day. Review what you did during the day, try not to be overly self critical of your performance, you can’t change what has been, focus on tomorrow and be kind to yourself.
Then turn off, put your work away and start your personal time. By all means relax with a glass of wine or beer but don’t let it take over your personal time. Alcohol is a depressant and can lead to increasing your anxieties and worries, you also need to be fresh and motivated for tomorrow. If you do find that alcohol is starting to take over your life recognise that it is, take steps to regain control over it and seek help if needed.
Working from home is all about communication and as you are not in the office or able to see visual cues you need to over communicate. Communicating with your colleagues is not just to let them know when you are online but also let them know what you are working on and towards. If you need help or think you may need help ask for it, make time to understand what your colleagues have planned and are working on, and where you may be able to assist or help. We are remote and isolated but we have never been more electronically connected, use technology to interact, have video meetings and arrange team meetings where you can all interact.
Try to engage with your colleagues as you would normally do in the office. We all have that down time when we catch up on non-work related topics such as sports or television, remember keep things positive and try to avoid gossip, adding to anxieties and toxic conversations about colleagues, you may not have the whole picture and you won’t know how they are feeling or what they are dealing with. Try to schedule these conversations and interactions for your scheduled breaks as you are still on the firm’s time and should not abuse this.
You may find that a colleague uses this time to open up to you or leans on you for support. As you would do in the office make the time to hear your colleague but let others know you are unavailable and not to be contacted. Be empathetic to your colleague, what may seem trivial to you could be their whole world, support them and let them talk.
If you have concerns about a colleague let your Human Resources department know, they have the skills, training and resources to help and assist, try not to take the problems of others on your shoulders as that will also weigh you down and add to your stresses and strains. If you don’t have an Human Resources Department speak with a senior manger about your concerns, a problem shared is a problem halved, encourage and support your colleague to seek help that is out there.
Be aware of cues that may indicate someone is struggling such as them being withdrawn or making mistakes, maybe they just don’t seem like themselves. Ask them gently if there is something you can help with, strike up the conversation with them but respect their privacy, in some cases just let them know you are there and check in on them more regularly.
If you or anyone of your colleagues is struggling please know it is not a sign of weakness or failure. There are no prizes or bonuses for struggling through, you and your colleagues are part of team and together you are strong, can accomplish amazing feats and will succeed and get through this. Please remember that we are all in this together and it is OK and normal to have a bad day, feel down, anxious or frustrated. You are amazing, be kind to yourself and your colleagues, we can weather this storm together.
Stay safe, stay well and stay home.
I would be grateful to hear or have comments from readers for their tips on working from home or dealing with the day to day stresses and strains of our new day to day normality.
Are we now being regulated by international organisations and their regulators rather that our own regulators? Is our regulatory framework becoming a secondary consideration to the regulatory frameworks and group policies of international organisations that finance our community? Is this leading to the stagnation of Guernsey as a whole where compliance cost rise to meet these external influences rather than our own bespoke regulatory framework? Is our competing and partaking in business in the international or developing world inhibited? Are the policies of the international regulatory community focused on large organisations, with a one size fits all attitude to the detriment of our smaller bespoke financial service providers? Even looking outside of our Financial Service Industry have international organisations, regulators and governments lost contact with local industry and people making them unproductive, uncompetitive and restricted?
Our businesses whether in finance or outside must adhere in some degree, to the requirements of committees and boardrooms far flung from our Island, and the whims of persons who lack connection understanding or appreciation of our island economy and value. Are these institutions aware of our idiosyncrasies as they strive to achieve a mythical norm presented by scoring sheets, algorithms and public opinion of their home countries? Has the international community lost the ability or the want to differentiate between the size nature and complexity of their own and other communities, businesses and financial centres?
A thought struck me while handing over my Guernsey one pound notes for my coffee today, if we print money why can’t we loan money? Why can’t we create a bank of the Bailiwick or other funding enterprises, regulated to our own standards that are acceptable international standards and set up for the needs, development and innovation of our local businesses? Could we run a bank for the good and development of our community and its financial and non-financial businesses, lessening compliance expense faced by our businesses by focusing achieving the requirements of our regulations? Are we not best placed to understand, develop, innovate and realise the hopes and dreams of our Island community? Could we provide this as yet another string to our bow allowing us to partake and compete effectively in the international community? Rather than fit in to a box could we provide the bespoke solution tailored to our needs and requirements?
Looking into the last of my coffee as the rain began my mind was taken back to the ocean that I love so much, and yes we are but a drop in the ocean. The ocean has allowed us to raise some of the earliest taxes known, an anchor tax no less for the benefit of our Island and the development of our harbour in the 1400’s. The ocean was mastered by our forefathers, and none other than William Le Lacheur who imported coffee and went on to influence economic and spiritual development in South America, as I walked through the Arcade I recalled how it was financed by Guernsey ingenuity and innovation. I headed home past the Thomas De La Rue Public House, named after a Guernsey man who went from humble beginnings to founding De La Rue, who having adapted over the centuries and who have continually innovated while still printing bank notes today. These are but a few of the great historical figures that this Island has had and I could not help but wonder what these ghosts would suggest the same today, what would they think of my thoughts, would they see the potential of such ideas or a necessary to bring the development and innovation required to make the reality of tomorrow?
The ocean is vast and bountiful with a diversity of species and opportunities leading to competition and equilibrium, the loss of the equilibrium leads to the destruction of these unique habitats and species. Could the ripples of this idea radiate out to the benefit of our Island both domestically and internationally or will we be bound by the strangling nets of direct and/or indirect extra-territorial international regulation and policy? We need to look and focus on tomorrow while reflecting on the lessons of yesterday to achieve the dynamic solutions and adapt to the changing world as our forefathers did.
The current financial crisis has brought many failings to the forefront, none more so than the failings of the Corporate Governance framework in businesses. The Corporate Governance framework allows for both business objectives and ethical drivers to be incorporated into a business whilst seeking to protect both the Business, its stakeholders and investors or customers. Are failings in Corporate Governance solely as documented in the newspapers and media reports down to the Board’s greed and disregard for its stakeholders, or was the compliance framework in these businesses defunct by opaque reporting by key functions?
We have been lucky in Guernsey to have been insulated from the crisis at large, but I know from experience and we all know from the Commissions industry presentations that Corporate Governance is a key regulatory theme that will be assessed on their regulatory visits to licensees, to assess the risk and reward culture of a business and assist in mitigating these risks successfully. While it has been acknowledged by the Commission that they believe that this is a healthy area, could there be licensees that have put together a good document but the statements made by them do not resemble their Business or their Business’s current prudential business plan or their current regulatory compliance status?
What must be remembered is that any Corporate Governance assessment undertaken by the regulator on a licensee will look at a multitude of documents and reports that make up the core of any Board meeting, such as compliance reports, risk mitigation, internal audit as well as the business plan. These reports must be factual, clear and concise and encompass the whole status of the business in order that the directors can evidence their oversight and rationale for their understanding of the business. Theses documents and reports must all fall into the Corporate Governance assessment by the Board of the Business.
Has the Board questioned the effectiveness of its compliance framework, from the Compliance monitoring programme to the actual board reports it receives? Has the Board allowed the compliance function and other key functions to provide an independent review or are these key functions in fear of upsetting the Board and reporting only what they deem the Board should know or focus on? The importance of independent, full and factual reporting by these key functions is of the up most importance. It is vitally important that those of us who undertake these key roles provide effective reporting on all areas of the Business so that the Board can discharge their obligations successfully. We must not be in fear of providing reports that show areas that require action or gaps as by doing so we only assist the Board in becoming ineffective.
I have been privileged to have worked for and with Boards who have proactively sought to allow their key functions to independently report to them allowing the Board to successfully document and encompass their key functions in to their Corporate Governance framework. This has assisted the Business in the formulation of strategy, goals and effective work practices. For those licensees who I have assisted in remedial work in this area, though it has been hard to start off with the end result has been commented on by these Boards as being beneficial to their Business, optimising understanding and discussion on current and future business opportunities, obligations and assisting in evidencing of why certain opportunities were not followed up.
In my experience the failings in a Business’s Corporate Governance framework are down to opaque and ineffective reporting by the Business’s key functions leading to the blind following the blind. Where ineffective compliance reporting or monitoring has been identified during a regulatory visit the Board are often criticised and this is generally reported by the Commission as a failure in Corporate Governance. While the business of the Business is vital the understanding of the Board as to its current regulatory compliance is as important and cannot be underestimated. If the Board are aware of issues that require to be enhanced or remediated it can deal with them, most of the time hand in hand with fulfilling its business objectives, but to be effective the Board must have the oversight by effective reporting.
The culture of Corporate Governance must not be seen as a tick box exercise or as a regulatory obligation that serves no practical use to a business. I would advocate that a good culture need not be expensive in time or cost but rather a tool to optimise the Business for all stakeholders. As stakeholders move from being passive the need to document and show your culture of Corporate Governance becomes more of a focal point in the overall success of your Business and its cost effectiveness, and in the next few blogs I will go more in to detail on this. An effective Corporate Governance framework adds to safeguarding a business by requiring effective reporting from the key functions allowing for the dynamism and entrepreneurial spirit that has become part of our industry to be exercised by the Board in the continual development of its products and services.
A topic of conversation that often comes up is about “how compliance has become a monster”, sapping the dynamism of a business while slowly choking the new business streams by making the business over compliant. Has the compliance function gone too far and are they now holding Boards and Directors to a compliance and regulatory ransom leading to a loss in commerciality of the Guernsey Finance Sector?
Directors constantly berate me about having board packs that have compliance reports running to some 40 pages or more, how they spend more resources on compliance matters then on the direction of the business and that the compliance function does not assist them in achieving their business objectives. To my mind there is a balance that needs redressing in order that businesses can achieve high standards of compliance, while also achieving the businesses purpose and providing products and services to their clients that are competitive in cost with other jurisdictions.
The relationship between the Board and the compliance function must be one that is symbiotic, both assisting and nurturing one another. The compliance function must undertake suitable and sufficient monitoring of its business and report its findings effectively and efficiently to the Board. This is normally done by either an exception report or in a traditional report style over 40 pages and both have their own benefits and problems.
While using an exception reporting format this allows for immediate notifications of compliance and regulatory issues to the Board. The exception report though can fail to provide the assurance to the Board that the compliance function is suitable or sufficient due to its lack of content and oversight of the business.
The traditional compliance report of 40 pages or more will ensure that the Board can assess the suitability of its monitoring programme and compliance function. The problem with the traditional Compliance report is that its size may lead to regulatory or compliance issues being lost in the pages of the document. I am also aware that in some cases the traditional report format provided so much content but actually lacked the substance required to be provided to the Board in assessing the compliance status and function, a failing for the compliance function and a regulatory failing for the Board.
The compliance function must ensure that it has a suitable and sufficient Compliance Monitoring Programme and the Board must review this document annually to ensure that they are satisfied that it meets the Business and the regulatory requirements for the risks of the business being undertaken. The Compliance Monitoring Programme is the working paper of the compliance function, it shows the testing and findings of the compliance function and allows for suitable and informative compliance reports to be generated for the Board. The compliance report’s to the Board need to be a hybrid version of the traditional report and the exception report becoming more a précis of the Compliance Monitoring Programme, allowing the Board to see the matters of concern while also being assured of the compliance status of the Business.
The compliance function is the adviser to the Board in respect of the regulatory framework, providing advice and solutions to the Board in order that they can achieve the chosen business direction. This is where the business can become choked and the dynamism and competitiveness lost due to the gold plating of a business’s policies and procedures. The compliance function must always remember that it is the Board who decide the level of risk that they are satisfied to work with and that the compliance function is there to mitigate the risk by insuring that suitable and sufficient policies are in place. The compliance function must assess the regulatory requirements applicable to the business being undertaken and ensure that the Business is meeting these minimum requirements. The compliance function must never seek to direct the Board or the Business but to inform the Board what is required and expected of them in respect of the risks that the Board have deemed as acceptable.
I do believe that in some cases the compliance function has gone too far and seeks to control the business due to their own personal views or prejudices. It must always be remembered by all stakeholders in the finance industry in Guernsey that without the business there is no compliance function and without a compliance function there can be no business. It is vital that the compliance function is able to provide the required regulatory information to the Board in a succinct and effective manner in order that the Board can discharge their regulatory duties effectively and efficiently.
It is important that the compliance function provide the Board with first class regulatory advice that is free from their own personal prejudices. This is required in order that the Board can ascertain what the minimum regulatory requirements are and how best they can meet these requirements and make business decisions that will not endanger the Business or its clients. The Board must assess on an annual basis the suitability of its compliance function, if it is not providing the Board with the required information or are making the business lack commerciality by over compliance of the policies and procedures the Board must address these matters as they are ultimately responsible for the compliance function and its suitability and effectiveness.
Technical Specialists 