Financial Services Compliance Records UK

From IRMS Wiki
Jump to: navigation, search

Description of Business Function

The function of fulfilling legal and regulatory compliance obligations within bank, investment firms, UCITS firms, mortgage and home finance firms and insurance / reinsurance firms.

Basis of Retention and Disposition

The keeping of compliance documents is based upon the requirements within the Money Laundering Regulations 2007, various European Directives and the FCA/PRA Handbook. Firms should also take account of the standard 6 year period for the limitation of legal action relating to contracts under the Limitation Act 1980.

As a general rule the minimum retention period for KYC and AML records could be End of Firm's Relationship with the Client + 6 years. This is based on the Money Laundering Regulations 2007 requiring the retention of records of customer identity and the business relationship for 5 years, with an additional year added to align with the standard period for the limitation of legal action relating to contracts.

As a general rule the minimum retention period for other regulatory documents could be 6 years from the relevant triggering event. This is based on the standard period for the limitation of legal action. There are a number of retention requirements elsewhere within the FCA/PRA Handbook which this rule exceeds, particularly many of the 5 year retention requirements within the Conduct of Business sourcebook and the five year retention period within the MiFID directive, Market Abuse Directive, UCITS Directive and the Anti-Money Laundering Directive. (There do not appear to be any relevant record keeping requirements within Solvency II.) Within FCA/PRA SYSC 3.2.21, Senior Management Arrangements, Systems and Controls, the general principle is that records should be retained for as long as is relevant for the purposes for which they are made.

See also the pages on record keeping in the Isle of Man, Jersey and Guernsey.

Retention Rules Per Record Type

Please use the following formatting for each row within the table below:

|-

| Name of record type || Retention period including any trigger || The legal citations and/or other rationale for determining this rule


Record Type Minimum Retention Period Rationale
Anti Money Laundering / Know Your Client evidence for clients End of Firm's Relationship with the Client + 6 years This is based on the Money Laundering Regulations 2007 requiring the retention of records of customer identity and the business relationship for 5 years, with an additional year added to align with the standard period for the limitation of legal action relating to contracts
Appointed Representatives Current Year + 6 years Business Need and Legal Evidence (limitation period for legal action). This exceeds the 3 year requirement within FCA/PRA SUP Supervision 12.9.1, .2 and .5
Complaint Handling Complaint Resolution + 6 years Business Need and Legal Evidence (limitation period for legal action). This exceeds the 3 year requirement within FCA/PRA DISP Dispute Resolution 1.9.1
Financial Promotions End of Promotion + 6 years; Keep one copy / artefact of all physical merchandising Indefinitely Legal Evidence (aligns to the need keep records of financial promotions for up to 6 years under the FCA Conduct of Business Sourcebook); + Heritage considerations
Investigations and Audit Indefinite (minimum Audit / Investigation complete + 6 years) Legal Evidence - Indefinite retention is recommended to evidence continuous legal operation and/or due diligence in investigation of any irregularity
Regulatory Returns and Reports Current Year + 6 years Legal Evidence - 6 years is based upon the standard period for limitation of legal action within the Limitation Act 1980. There are a number of retention requirements elsewhere within the FCA/PRA Handbook (with key requirements identified within the citations below) which this rule exceeds, particularly many of the 5 year retention requirements within the Conduct of Business sourcebook and the five year retention period within the MiFID directive, Market Abuse Directive, UCITS Directive and the Anti-Money Laundering Directive. Within FCA/PRA SYSC 3.2.21, Senior Management Arrangements, Systems and Controls, the general principle is that records should be retained for as long as is relevant for the purposes for which they are made.
Senior Management Arrangements, Systems and Controls Superseded + 6 years Legal Evidence - Based on the FCA/PRA SYSC Senior Management Arrangements, Systems and Controls 2.2.1R requirement
Training and Competence Employee carries on the activity + 6 years Business Need and Legal Evidence - limitation period for legal action, aligning to the rule for Human Resources rule for keeping Personnel records. This exceeds the 5 year requirement from when the employee stops carrying on the activity within FCA/PRA TC Training and Competence 3.1.1R
Insurance Actuarial – Solvency II Evidence and Submissions Use concluded + 6 years Evidence and limitation of legal action; there do not appear to be any relevant record keeping requirements within Solvency II
Voice - Call recordings 6 months Based on FCA/PRA COBS 11.8.5.R - although as part of swap transaction audit trail please see Dodd-Frank

Citations and References

The Limitation Act 1980 c. 58, s. 5. Time limit for actions founded on simple contract.."An action founded on simple contract shall not be brought after the expiration of six years from the date on which the cause of action accrued." http://www.legislation.gov.uk/ukpga/1980/58

The Money Laundering Regulations 2007, PART 3, s. 19. .. (1) Subject to paragraph (4), a relevant person must keep the records specified in paragraph (2) for at least the period specified in paragraph (3). (2) The records are— (a)a copy of, or the references to, the evidence of the customer’s identity obtained pursuant to regulation 7, 8, 10, 14 or 16(4); . (b)the supporting records (consisting of the original documents or copies) in respect of a business relationship or occasional transaction which is the subject of customer due diligence measures or ongoing monitoring. . (3) The period is five years beginning on— (a)in the case of the records specified in paragraph (2)(a), the date on which— . (i)the occasional transaction is completed; or . (ii)the business relationship ends; or . (b)in the case of the records specified in paragraph (2)(b)— . (i)where the records relate to a particular transaction, the date on which the transaction is completed; . (ii)for all other records, the date on which the business relationship ends. . (4) A relevant person who is relied on by another person must keep the records specified in paragraph (2)(a) for five years beginning on the date on which he is relied on for the purposes of regulation 7, 10, 14 or 16(4) in relation to any business relationship or occasional transaction. http://www.legislation.gov.uk/uksi/2007/2157/regulation/19/made

MiFID directive http://www.fca.org.uk/your-fca/documents/mifid

Market Abuse Directive http://www.fca.org.uk/your-fca/documents/market-abuse-directive-mad

UCITS Directive http://ec.europa.eu/internal_market/investment/ucits-directive/index_en.htm#maincontentSec1 and http://www.fca.org.uk/static/fca/documents/ucits.pdf

Solvency II http://www.bankofengland.co.uk/pra/pages/solvency2/default.aspx and http://www.lloyds.com/the-market/operating-at-lloyds/solvency-ii