This part of GOV.UK is being rebuilt – find out what beta means

HMRC internal manual

International Exchange of Information Manual

Compliance: Risk Management Process

Compliance: Risk Management Process

For those Financial Institutions with a Customer Compliance Manager (CCM), as part of the normal compliance management activity, a CCM should seek to understand how a business intends to meet its obligations under the legislation and the systems and processes that it has put in place.

Areas of difficulty or particular risk could form part of the discussions about business systems and governance and the CCM should work with the company/entity to identify and deal with any risks that could lead to non-compliance.  It is also envisioned that compliance with the legislation could form part of any Business Risk Review carried out with the business. 

CCMs will be able to call on support from Governance Specialists in Large Business  (LB) and Audit Specialists in both LB and Local Compliance to help them to understand and address any issues identified.

For those Financial Institutions where there is no CCM, compliance activity will follow a risk based approach and will focus on those Financial Institutions where information indicates they are potentially in non-compliance with the legislation.

Any audit of systems and processes, of either Customer Compliance Manager (CCM) or non CCM businesses will encompass a review of whether or not a Financial Institution is able to correctly identify its account holders and meets its reporting obligations.