compliance manuals & guides · grc solutions offers a library of compliance resources prepared...

Compliance Manuals & Guides

GRC Solutions Compliance Services for Financial Institutions

As at July 2019

GRC Solutions offers a library of compliance resources prepared and regularly updated by senior experts in the relevant areas of law and practice.

GRC Solutions’ Compliance Manuals and Guides are designed to provide comprehensive support to financial services governance, compliance and risk officers, company secretaries, senior managers, directors, and other profes-sionals in carrying out their day-to-day operations. They also provide support for those occasions when an unusual or unfamiliar situation arises.

The Manuals and Guides cover

relevant legislation

requirements and policies of regulators

relevant case law and case studies

relevant requirements of external dispute resolution schemes

best practice

In cases where the law or practice is unclear or unsettled, the considered opinions of our experts are included to provide guidance and assistance.

The GRC Solutions library of resources also contains document suites, ready reckoners and other tools.

GRC Solutions employs an in-house team of financial sector experts, including practising lawyers, who draft and maintain the Manuals and Guides and other resources. In some cases, products are drafted or reviewed by expert practi-tioners from legal, accounting, or compliance advisory firms.

Most of these resources are available for purchase on an annual subscription basis. Some, instead, are included in our annual Compliance Services package.

To complement these resources we also offer

a suite of interactive, online training products

regular compliance forums

ACL and AFSL Responsible Manager workshops

day and half-day workshops

webinars

tailored training delivered on-site

GRC Solutions compliance resources are prepared with a particular focus on the needs of the mutual banking sector, but executives and staff in other, re-lated financial services businesses will find many of them equally valuable.


A

B

C

D

E

F

G

M

P

Q

R

S

T

W

A

B

C

The GRC Solutions’ AML/CTF Compliance Manual provides detailed guidance on financial institutions’ obligations under Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) legislation. Practical help is given on how to collect and verify ‘know your customer’ (KYC) data for different types of customers. The manual deals with the various reports that must be submitted to AUSTRAC, as well as providing information on how to develop and implement an AML/CTF compliance program.

AML/CTF Compliance Manual

The APRA CPS 510 Governance Compliance Manual addresses the corporate governance rules applying to ADIs under APRA’s Prudential Standard APS 510 Governance. It is designed to assist directors and senior managers of mutual ADIs to maintain a robust corporate governance regime consistent with the Standard. The Manual includes commentary and resources covering APRA’s Remuneration Policy and Board Remuneration Committee requirements.

The GRC Solutions Anti-Discrimination, Harassment and Bullying Guide is designed to assist employers to develop, integrate and review their processes and procedures for addressing workplace harassment, bullying and discrimination consistently with legislative requirements. The Guide provides a comprehensive summary of Commonwealth regulation as it relates to discrimination, harassment and bullying in the workplace. It incorporates sections on complaints handling and preventative measures employers can take, including practical tips, a precedent policy and incident report formats. The Guide also includes many case studies relating the law to real world situations.

APRA CPS 510 Governance Compliance Manual

Addressing Discrimination, Sexual Harassment and Bullyingin the Workplace

In conjunction with Arctic Intelligence, GRC Solutions offers a cloud based easy to use platform, designed to guide your institution to AML/CTF compliance. The platform will help ensure that your institution’s AML/CTF obligations are being met and its ML/TF risks are being managed. AML Accelerate key features are:

• ML/TF Risk Assessment

• Full Audit Trail across the entire risk management process

• Breach and Incident Management

• Ongoing notifications of AML regulatory changes

• Customer Due Diligence Standards

• AML Operating Manual

• Glossary & Reference Docs

• AML Program Template (AML Accelerate version)

AML Risk Assessment Platform – AML Accelerate

As at July 2019

Included value resource within the Annual Compliance Services package 5

A

B

C

D

E

F

G

M

P

Q

R

S

T

W

A

B

C

The GRC Solutions Australian Privacy Principles Compliance Manual is a comprehensive resource designed to assist financial institutions to understand and comply with their obligations under the APPs as set out in the Privacy Act 1988.

In addition to providing commentary on the APPs in the Manual, there are a number of resources prepared in conjunction with national law firm, HWL Ebsworth Lawyers. These are:

1. comprehensive Privacy Compliance Checklist

2. template Privacy Policy

3. template Privacy Notice

4. template Permission to obtain & disclose credit and personal information

These resources incorporate requirements mandated by both Part IIIA of the Act, and the Australian Privacy Principles.

Australian Privacy Principles Compliance Manual

Provides a step-by-step description of business transfers between mutual ADIs under the Financial Sector (Business Transfer and Group Restructure) Act 1999 and the Transfer Rules. It focuses on the important legal and compliance obligations of directors and senior management in the mergers’ context.

The Ready Reckoner consolidates regulatory notification requirements for 40 types of unilateral changes relevant to retail banking and finance into one 12-page schedule, plus notes and instructions. The Ready Reckoner is intended to assist compliance personnel of financial institutions to locate these requirements more easily.

Business Transfers for Mutual ADIs

Change Notification Requirements Ready Reckoner

This manual covers:

• The cross-industry standard on risk introduced by the Australian Prudential Regulatory Authority (APRA) in January 2015 as it applies to ADIs

• How APS 111 is integrated with CPS 220 to ensure ADIs maintain adequate levels of appropriate quality capital to meet their risk exposures

• How boards of customer-owned ADIs can actively seek the right risk culture for their business in the context of prudent capital management

• Checklists. timelines and flow charts, including sample risk appetite statements, offer an integrated approach to risk-managing your capital position and actions as set out in your ICAAP.

Capital and Risk Management for Customer-Owned ADIs


A

B

C

D

E

F

G

M

P

Q

R

S

T

W

C

The Manual provides an overview of the CRS regime. It shows how CRS impacts Australian financial institutions, and discusses the key CRS compliance themes (customer identification, reporting and governance). It is organised as follows:

Part A. CRS Overview

Part B. Key CRS Concepts

Part C. Identifying Residency

Part D. Due Diligence

Part E. Reporting to ATO

Part F. Ongoing Monitoring of Accounts

Part G. CRS Compliance

Common Reporting Standards Manual

Our Credit Act & Code Compliance Manuals Suite is a comprehensive guide covering all aspects of the National Consumer Credit Protection Act & Code regulatory regime. It includes detailed commentary, checklists, precedent forms and statutory notices. The Manuals are organised as follows:

Manual 1: Forming A Consumer Credit Contract.

Manual 2: Managing A Consumer Credit Contract.

Manual 3: Terminating and Enforcing A Consumer Credit Contract.

Manual 4: Credit Licensing Compliance Manual.

Credit Act & Code Compliance Manuals Suite

The GRC Solutions Corporations Act Compliance Manual is a substantial resource for directors, senior managers and compliance staff, with a focus on the information needs of customer-owned ADIs. It includes commentary, practical tips, and extensive precedent resources covering the company constitution, membership and share capital, company administration, directors and members meetings, the AGM, financial reporting, directors’ duties, insolvency, and ASIC’s powers.

Corporations Act Compliance Manual

As at July 2019


A

B

C

D

E

F

G

M

P

Q

R

S

T

W

C

The Credit Reporting Compliance Manual is a comprehensive resource designed to assist financial institutions to understand and comply with their credit reporting obligations under Part IIIA of the Privacy Act 1988. In addition to providing commentary on credit reporting provisions in the Manual, there are a number of resources prepared in conjunction with national law firm, HWL Ebsworth Lawyers. These are:

1. comprehensive Privacy Compliance Checklist

2. template Privacy Policy

3. template Privacy Notice

4. template Permission to obtain & disclose credit and personal information

These resources incorporate requirements mandated by both Part IIIA of the Act, and the Australian Privacy Principles.

Credit Reporting Compliance Manual

The Credit Code Standard Documents consists of a suite of loan forms, personal property security forms, notice forms, and related commentary. This highly-regarded resource has been used by the majority of customer owned financial institutions for many years, and is regularly reviewed. The Standard Documents are available for use by subscribers under a Copyright Licence Agreement.

Included in the suite are Standard Documents consisting of:

• A set of contract Terms and Schedules for use in documenting continuing credit and fixed sum loans regulated by the National Credit Code

• A set of contract variation and related notices, consistent with National Credit Code requirements

• A set of related personal property security documents and notices (see Personal Property Security Standard Documents)

Credit Code Standard Documents Suite

The great majority of customer owned financial organisations subscribe to the industry’s Customer Owned Banking Code of Practice (COBCOP). This Manual addresses subscribers’ obligations under the Code, and includes practical implementation advice. It also explains how the COBCOP relates to other regulatory requirements.

Customer Owned Banking Code of Practice Compliance Manual


A

B

C

D

E

F

G

M

P

Q

R

S

T

W

D

E

F

Our Financial Product Advertising Compliance Manual provides practical, straightforward guidance to your organisation’s legal obligations as they relate to financial product advertising and promotional activities. The Manual covers general form and content requirements, including extensive commentary on the prohibition of the misleading and deceptive conduct. Specific requirements applying to particular types of products and sales techniques relevant to retail banking and consumer credit are also addressed. The Manual includes several case studies, and features an extensive Implementation Checklist.

Financial Product Advertising Manual

Provides information on what financial institutions need to do in order to finalise deceased members’ / customers’ accounts.

The Guide is designed to assist customer-owned and other retail banking institutions to deal with various legal issues that arise when a customer dies. It provides an outline of the recommended processes and procedures you should adopt on the death of a customer.

Dealing with Deceased Estates

The ePayments Code Manual is a comprehensive resource designed to assist Code subscribers to transition to and maintain ongoing compliance with the disclosure, unauthorised transaction liability allocation, account switching, mistaken internet payment, complaints-handing and other requirements of the Code.

ePayments Code Compliance Manual

This Manual is designed to assist customer-owned financial institutions to understand and comply with the Foreign Account Tax Compliance Act, US tax avoidance legislation aimed at stopping tax evasion by US persons using overseas accounts.

The FATCA Guide to Due Diligence for Pre-existing Accounts (dated Oct 2014) continues to be available online to subscribers of the FATCA Compliance Manual. It remains a useful resource, particularly given some extended timeframes for conducting due-diligence on pre-existing accounts.

FATCA Compliance Manual

Under the FATCA IGA, all ADIs with assets of less than $US175m have the option to choose “Local Bank” status under the FATCA IGA regime. If they do so, they will be subject to very limited compliance obligations.

The free Guide helps institutions with “Local Bank” status to maintain compliance with their limited obligations.

FATCA Local Bank Status Guide

As at July 2019


A

B

C

D

E

F

G

M

P

Q

R

S

T

W

D

E

F

Manual 1: Financial Services Licensing Manual

This manual covers AFS Licensees’ general licence conditions and obligations, and how to comply with them.

Manual 2: Financial Services Compliance Manual: Basic Banking Products

This Manual focuses on the financial products and services most relevant to medium and smaller customer-owned ADIs. It sets out the full range of obligations such ADIs may potentially face in providing basic banking and general insurance products and related services.

Manual 3: Financial Services Compliance Manual: Conduct and Disclosure

This deals with the range of conduct and disclosure requirements that an ADI must comply with when issuing and arranging financial products, providing financial advice, and in the ongoing management of customer accounts.

Financial Services Compliance Manual Suite

The Fit and Proper Compliance Manual assists ADIs to comply with APRA’s Prudential Standard CPS 520 applicable to persons responsible for the management and oversight of an ADI.

As well as the regulatory requirements themselves, it considers the place a Fit & Proper regime plays in an ADI’s risk management system, how to set up a Board assessment process, and how to draft a complying Fit & Proper Policy.

Fit and Proper Compliance Manual


A

B

C

D

E

F

G

M

P

Q

R

S

T

W

G

M

P

The Garnishee and Statutory Notices Compliance Manual provides practical checklists and information on how to comply with notices, orders and other requests for information from government bodies, law enforcement agencies and courts.

Included in the Manual is material on:

• what constitutes proper service;

• compliance with privacy obligations;

• what accounts can and cannot be encompassed by a notice; and

• what happens when financial institutions do not comply with a notice.

The Manual examines in detail notices issued by ATO, Centrelink, and the Child Support Agency.

Garnishee and Statutory Notices Compliance Manual

Covers the legal principles and concepts relating to children’s capacity to enter into a contract under the law applicable in each State and Territory.

The Guide also considers common issues relating to children’s accounts including

• membership in mutual institutions,

• options for children’s savings accounts,

• customer identification, quoting TFN, access facilities,

• overdrawing,

• credit transactions, and

• marketing to children.

It also includes a state jurisdiction-by-jurisdiction summary of issues discussed in the Guide.

Guide to the Operation of Children’s Accounts

As at July 2019


A

B

C

D

E

F

G

M

P

Q

R

S

T

W

G

M

P

The Guide is designed to assist busy directors and senior managers to gain, retain and refresh the knowledge of the APRA Prudential Standards they require to discharge their corporate governance responsibilities. It focuses on practical compliance strategies and tips and mutual sector experience.

Making Sense of the Prudential Standards

Provides retail financial institutions with an outline of issues they need to be aware of in meeting their common law (and in some States statutory) duty of care as a mortgagee when exercise a power of sale over security property.

Mortgagee Sales Guide

The GRC Solutions Guide to Personal Property Securities (PPS) is designed to assist financial institutions comply with the PPS law. It covers:

• key terms and concepts used in the Personal Property Securities Act;

• the PPS Register;

• particular matters relevant to ADIs under the PPS system, including security interests in and control of ADI accounts; and

• interactions between the PPS system, and other legislation.

Personal Property Securities Guide

This Guide assists your institution:

• in dealing with members/customers who cannot be located;

• in making decisions about dormant accounts; and

• in complying with your obligation to submit an annual unclaimed money statement to ASIC under the Banking Act.

Guide to lost members, dormant accounts & unclaimed money


A

B

C

D

E

F

G

M

P

Q

R

S

T

W

P

Q

R

S

Intended to assist mutual and other retail banking institutions to meet their statutory obligations to retain documents, records and other information under a range of applicable laws. Over 100 specific retention obligations are covered.

Records Retention - a Guide to Your Legal Obligations

The PPS Standard Documents Suite consists of

• A set of PPS Act compliant security documents

• An externally legally reviewed guide to completion and use for the PPS security documents

• An externally legally reviewed set of PPS enforcement notices, together with instructions for completion

Subscribers to the Credit Code Standard Documents have automatic access to the PPS Standard Documents.

PPS Standard Documents

The Plain English Home Mortgage Memorandum and associated commentary has been prepared by leading national law firm, King & Wood Mallesons. It is made available by GRC Solutions under a licensing arrangement with KWM. The Manual contains a Memorandum of common provisions suitable for use in all states and territories, together with comprehensive commentary on using the Memorandum. Mortgage forms (coversheets) for each state and territory are also included, as well as instructions for their completion.

Plain English Mortgage Documents

The Guide to Dealing with a Power of Attorney is designed to provide staff of financial institutions with an outline of the recommended processes and procedures when dealing with a power of attorney document, or someone acting under a power of attorney.

Power of Attorney Guide

Provides mutual and other retail financial institutions with a convenient resource summarising the staff qualification, skill and training obligations to which they are subject under various laws, regulations and industry codes of conduct. The Guide includes a legislation Schedule together with extended commentary.

Qualifications and Training - a Guide to Your Legal Obligations

As at July 2019


A

B

C

D

E

F

G

M

P

Q

R

S

T

W

P

Q

R

S

Provides a convenient resource summarising requirements to which financial institutions are subject under various laws and regulations when they open statutory trust accounts.

The Guide is intended to assist mutual and other financial institutions in dealing with statutory trust accounts and has a specific focus on:

• Solicitor trust accounts

• Public accountant trust accounts

• Real estate agent trust accounts

• Accounts held by registered trustees in bankruptcy

• Local government trust accounts

Statutory Trust Accounts Guide

The Schedule, published six to ten times a year, summarises recent, current and pending changes to the law and other regulatory developments. It is primarily intended for compliance & risk staff of customer-owned banking financial institutions. It is also useful to brief directors about upcoming developments.

Regulatory Schedule

The guide provides a summary of compliance reporting obligations that apply to customer owned ADIs. It covers periodic reporting obligations of ADIs as set out in:

Table 1: General - Periodic Reporting to Various Agencies

Table 2: Periodic Prudential Reporting to APRA

Table 3: Periodic Reporting to Customers

Reporting Calendar for Customer Owned ADIs

GRC Solutions’ Social Media Guide is intended to assist businesses to develop acceptable use policies and codes of conduct for participation in social media from a business perspective. It aims to highlight the key issues that will best protect your business.

Social Media Guide


A

B

C

D

E

F

G

M

P

Q

R

S

T

WW

T

The Manual provides a practical framework for directors, senior management, company secretaries and compliance staff of mutual ADIs to prepare for an unsolicited takeover offer.

Takeover Response Manual

GRC Solutions’ Workplace Health and Safety Management Systems Implementation Guide is designed to assist employers in complying with their obligations under the national WHS legislation. It also sets out steps required to implement a compliant WHS management system. As well as covering the critical components of a WHS system in a practical way, the Abacus’ WHS Guide provides sample forms, policies and procedures.

Workplace Health and Safety Guide

Financial institutions are subject to a range of interrelated obligations covering tax file number (TFN) collection and pay-as-you-go (PAYG) withholding rules. This Manual is designed to assist your organisation to identify areas where the TFN obligations and PAYG withholding rules apply to your business to enable compliance with these rules. It also provides tools for making TFN-related business decisions about specific products and services provided.

Tax File Number Compliance Manual

As at July 2019

15

A

B

C

D

E

F

G

M

P

Q

R

S

T

W

T

W

Simo BuzaninAccount Manager [email protected]

Tricia ClarkeAccount Manager (WA/SA)[email protected]

Michael FunstonSenior Manager, Legal & [email protected]

Guy GriffinSenior [email protected]

Deidre GroverSenior Compliance Training [email protected]

Nathalie NuijensSenior Consultant L&[email protected]

Liam O’BrienSenior [email protected]

Bill TarrantProduct & Events [email protected]

Melanie TonerAccount [email protected]

Compliance [email protected]

Cypriana Tshai

Compliance [email protected]

Peter Hughes

SydneyLevel 21, 1 York Street Sydney NSW 2000 Australia T: +61 2 8823 4100

MelbourneSuite 212, 838 Collins Street Melbourne VIC 3008 Australia T: +61 3 9012 8532

PerthLevel 1, 191 St Georges Terrace Perth WA 6000 Australia T: +61 8 6230 2096

New York154 Grand Street New York, NY 10013 United States of America T : +1 646 675 8109

BrisbaneLevel 7 Emirates House, 167 Eagle Street Brisbane QLD 4000 Australia T: +61 437 549 786

SingaporeLevel 14-01, 1 Wallich Street Guoco Tower, Singapore 078881 T: +65 6403 3830

grcsolutions.com.au