Non Bank Financial Institutions Regulatory Authority (NBFIRA) published Corporate Governance Regulations in 2012 for security businesses (stock exchange, brokers, depositories, etc.). As you will observe while reading, Regulations set minimum standards when it comes to operations, administration and oversight of security businesses. This is also good guidance to growing businesses, as they cross the borders of entrepreneurial control and supervision. Following is a high level summary of the provisins of NBFIRA Regulations for security businesses.
1. The Board
- The Board shall be responsible for the operation of the securities business.
- The Board shall adopt a statement of the securities business’s strategy and objectives.
- Where the Board chooses to engage third parties or agents to carry out some of the functions for which the Board is responsible, the Board shall retain responsibility for the performance of those duties as performed by the third party or agent.
- The Board shall adopt a policy for arranging its business including audit committee, where appropriate, for oversight of financial and reporting functions.
- The Board shall adopt a business plan, a budget, a staff structure and staff complement of employees that are adequate and appropriate for the nature, scope and size of the business.
- The Board shall undertake an evaluation of the business plan, including, inter alia, the budget and staff complement at least annually.
- The Board shall adopt the procedures and controls that it considers necessary for managing the business.
- The Board shall undertake an evaluation of the procedures and controls at least annually.
2. Directors and partners
- A securities business shall have at least two directors / partners, who have the skills, experience and qualifications necessary for the business undertaken by the securities business.
- The Board shall adopt a protocol for the appointment of directors, designed to ensure that they are fit and proper.
- The Board shall adopt a policy for determining the remuneration of Board itself, the executive and staff of the business.
- The Board shall keep a register of directors and their qualifications that shall be held available for public inspection without charge at the registered office.
3. Risk Management
- The Board is responsible for the management of the risks facing the securities business.
- The Board shall assess the risks facing the securities business, arising from products, services, facilities, clients, capital and employees, infrastructure, potential for fraud and any market, credit, operational, settlement, counterparty, regulatory and legal risks.
- The Board shall adopt and document its assessment.
- The Board shall adopt policies and procedures designed to mitigate the risks it has identified, which shall be documented; and communicated to employees.
- The Board shall adopt contingency plans for maintaining business continuity.
- The Board shall ensure that the contingency arrangements are tested from time to time and no less frequently than annually.
- The Board shall conduct an evaluation of its risk assessment and the effectiveness of its risk mitigation policies no less frequently than annually.
4. Management Information
- The Board shall identify and document the information it considers necessary to assess the performance of the business, the fulfilling of its obligations, the effectiveness of risk mitigation policies, the nature and magnitude of risks, the financial position of the securities business and other matters it considers necessary.
- The Board shall consider the information regularly and in particular shall review the management accounts, major capital expenditure and the performance of the securities business no less frequently than quarterly.
- The Board shall evaluate the adequacy of the management information arrangements no less frequently than annually.
5. Internal Controls
- The Board is responsible for the policies and procedures of the securities business and for ensuring adherence to those controls.
- The Board shall adopt internal controls that are designed to ensure that the securities business is conducted in a diligent and proper manner.
- The Board shall designate a person as Compliance Officer to ensure compliance with regulatory requirements.
- The Board shall adopt a procedures’ manual that includes, inter alia, a description of the internal controls and this manual shall be provided to all employees.
- The Board shall ensure that for each employee there is job description and key performance area and person to report to.
- The Board shall ensure that there are adequate financial controls.
- The Board shall require its Compliance Officer to make a report to it and to any parent company of the securities business, when there are any disciplinary actions taken by the Regulatory Authority.
- The Board shall have appropriate arrangements for protecting against the risks involved when payments are made or accepted in cash.
- The Board shall make arrangements to segregate duties within the securities business.
- The Board shall ensure that there are adequate arrangements for securing and safeguarding the legal title to the assets of the securities business and those of its clients.
- The Board shall ensure that the information in its possession is subject to adequate confidentiality and protection.
6. Internal Audit
- The Board shall appoint an internal auditor:
- The internal auditor may carry out other functions within the securities business, provided that those functions are not subject to audit.
- The responsibility of the internal auditor shall be determined by the Board.
- The Board shall ensure that the internal auditor has sufficient authority and objectivity.
- The Board shall review the internal auditor’s report no less frequently than annually.
7. Record Keeping
- A securities business shall maintain all records reasonably required for the orderly management of the business. Schedule 1 has a list of records to be kept.
- The records maintained by a securities business shall be kept up to date
- Records shall be kept, whether in electronic or other form, duly stored and backed up.
- Records, including duplicates, shall be kept for seven years, from the date of the matter being recorded.
- Records shall be kept in a form and location that ensures that they are available to the securities business and the Regulatory Authority in a timely manner.
- The Board shall ensure that all employees are fit and proper for their roles.
- The Board shall ensure that the experience and qualifications needed for each post is documented.
- The Board shall adopt a policy that defines the training that each employee shall be given.
- The Board shall ensure that all training is carried out according to a programme based on the needs of the securities business and regulatory requirements and is properly documented.
- The Board shall determine what succession planning arrangements are appropriate and ensure that appropriate succession planning is undertaken and documented.
- The Board shall adopt an employees’ code of conduct appropriate for the nature of business which requires employees to abide by a high standard of ethical conduct.
9. Agents and third party suppliers
- Where the Board decides to employ agents or other third party suppliers to provide services for which it is responsible, it shall enter into a written agreement with the agent or supplier that will specify duties and obligations of both parties, remuneration and other terms and performance standards and performance management.
- The Board shall conduct appropriate due diligence on the agent or other third party supplier.
- The Board shall ensure that performance is regularly monitored and that there is a report to the Board, no less frequently than annually, of the performance of the agent or third-party supplier.
- The Board shall adopt appropriate contingency plans for resuming direct control of the services.
- The securities business shall make available to the public, on request, the identity of senior management and those authorized to act in the name of the securities business; the category of license held; its current-status and the scope of authorized activities.