For those Financial Institutions with a Customer Relationship Manager (CRM), as part of the normal relationship management activity, a CRM should seek to understand how a business intends to meet its obligations under the legislation and the systems and process that it has put in place.
Areas of difficulty or particular risk could form part of the discussions about business systems and governance, and the CRM should work with the company/entity to identify and deal with any risks that could lead to non-compliance. It is also envisioned that compliance with the legislation could form part of any Business Risk Review carried out with the business.
CRMs will be able to call on support from Governance Specialists in Large Business Service (LBS) and Audit Specialists in both LBS and Local Compliance to help them to understand and address any issues identified.
For those Financial Institutions where there is no CRM, compliance activity will follow a risk-based approach and will focus on those Financial Institutions where information indicates they are potentially in non-compliance with the legislation.
Any audit of systems and processes, of either Customer Relationship Manager (CRM) or non-CRM businesses, will encompass a review of whether or not a Financial Institution is able to correctly identify its account holders and meets its reporting obligations.