Round Up Spring 2019

regulatory matters

Record keeping requirements The FCA has general record keeping requirements which oblige firms to retain

2. Supporting records You must also retain supporting records in respect of the relevant transaction, such as: • Information noted on the client agreement. • Know your client information. • Suitability reports. • Application forms. • File notes of meetings or telephone discussions. Records which fall under either of the above categories must be retained for: • Ongoing business relationships For five years after the business relationship has come to an end. However, records obtained specifically for anti-money laundering purposes shouldn’t be retained for more than ten years. • Occasional / one-off transactions For five years after the transaction is complete, after which, records obtained specifically for anti-money laundering purposes should be deleted. When considering the 4MLD rules, firms will need to put a system in place to ensure that these can be met. This may mean keeping a record of when the data is collected within your back office system. You should naturally consider these obligations when designing your data retention policies. Also, remember that you should only retain personal data that is necessary to the performance of your contract with the client. We would always recommend that prior to deleting any data, firms should discuss the implications with their PI insurer.

orderly records of the services and transactions they have undertaken to enable the FCA to monitor their activities effectively. There’s also specific requirements for the retention of suitability records which vary, dependent on the type of business conducted. Currently these are: • Five years Generally for investment business and related activities. • Indefinitely For pension transfers, opt outs and free-standing voluntary contribution (FSAVC) schemes, and • Three years For mortgage or insurance business. The 4th Money Laundering Directive, (4MLD), implemented on 26 June 2017, introduced new rule requirements for record keeping. Where these don’t match those of the FCA, we would expect firms to apply the higher standards. 4MLD splits client data into two categories. 1. Client due diligence records You must retain all evidence of your client due diligence records, such as: • Client ID verification documents. • Any other relevant information recorded. • Template documents used to record verification of ID in addition to sources of funds. • Electronic verification check reports. • Client risk ratings for money laundering.

5