What makes for good policy management? It’s not just about publishing and distributing written policies to all employees. In fact, as the Australian Securities and Investments Commission (ASIC) recently highlighted, good policy management is about the implementation and supervisory controls ensuring adherence to those policies.
Here’s what to know about policy management and how to strengthen it in your firm.
Understanding your obligations
Part of an Australian Financial Services License (AFSL) holder’s compliance obligation is to maintain a robust compliance framework fit for purpose and applicable to the nature, scale and complexity of the firm. This includes everything from initial drafting to updating documents when a regulatory or business change occurs.
All AFSL holders must comply with the general obligations outlined in Section 912(A)1 of the Corporations Act. For policy management, these include:
- Taking reasonable steps to ensure representatives comply with the financial services laws (s912A(1)(ca)).
- Having adequate financial, technological and human resources to provide the financial services covered by the licence and to carry out supervisory arrangements (s912A(1)(d)).
- Maintaining the competence to provide the financial services covered by the licence (s912A(1)(e).
- Ensuring representatives are adequately trained and competent to provide those financial services (s912A(1)(f)).
Top challenges in policy management
As a firm providing regulatory compliance consulting, we see common challenges when assisting AFSL holders. These include policies:
- Not being reviewed periodically or reflecting regulatory change.
- Not being fit for purpose and reflecting actual business practices.
- Not providing clear context as to how a specific regulation translates for the business.
- Not specifying which entity the policy applies to when multiple are involved.
- Not having clear version controls to monitor updates.
- Not having clear responsibilities or failing to outline particular roles.
- Not using consistent language.
- Not being user-friendly, or focusing too much on legality and not enough on practicality.
To address these challenges and more, AFSL holders need to:
- Ensure policies are written clearly.
- Make policies easy for all employees to understand.
- Integrate policies into day-to-day operations.
- Provide evidence of how the policy is used and what controls are in place to ensure implementation and adherence.
According to Amanda Mark, Co-CEO of MIntegrity, ‘It’s about managing the upkeep of policies — making them available, user-friendly and efficient.’
A word on training
Policy management isn’t just about being able to produce copies of written policies. It’s also about supporting implementation by providing training for employees and ensuring they understand their role in keeping you compliant.
For example, compliance training should go beyond regulatory change and can be given at regular intervals throughout the year. Choose a suite of policies with a common or linkable theme and run quarterly sessions on those as reminders to your employees. Consider incorporating live examples for employees to understand how that policy and underlying obligations translate into their role.
How to bolster your policy management
ASIC expects all AFSL holders to document their compliance measures, implement them, monitor and report on their usage and regularly review their effectiveness. This means you must have robust policy management at the forefront of your compliance measures, including:
- Ensuring policies are reviewed annually (at minimum) for suitability.
- Having processes in place to capture regulatory change
- Maintaining up-to-date policies that reflect business practices.
- Regularly reviewing the business risks and ensuring the policy controls remain effective.
- Maintaining consistency in language, application, monitoring and more.
One of the best ways to do this is to leverage electronic policy management solutions. For example, we offer a Digital Regulatory Web Service, RegsWeb, that stores policies and contains a regulation library. Our software links policies to direct obligations — and, with the click of a button, readers can go directly to the applicable ASIC regulation or relevant part of the Corporations Act.
The service also assists firms in tracking their employee usage — for example, providing evidence of how long an employee reads a policy, how often they reopen it and more. This demonstrates when, how and why employees take the time to read and digest a policy; it also helps identify where training gaps may be.
RegsWeb can also be provided with full-support consulting services from MIntegrity. We assist you in keeping up with relevant regulatory changes and highlighting when a change is required. We can even perform policy updates for you.
Takeaways for the future of policy management
Streamlining one part of policy management can provide assistance to firms, so compliance resources can then focus on the most important parts: policy implementation, employee training, utilisation supervision and placement of compliance controls.
Need help getting started? Ask yourself these questions:
- Have your policies been reviewed within the last 12 months?
- What supervision ensures policies are adhered to?
- Do you have the right controls in place to ensure policies are being followed?
- Is training required to enhance employee knowledge of policies and procedures?
Image by Freepik← Back to Blog