Beta This part of GOV.UK is being rebuilt – find out what this means

HMRC internal manual

International Exchange of Information Manual

From
HM Revenue & Customs
Updated
, see all updates

Compliance: Risk Management Process

Compliance: Risk Management Process

For those Financial Institutions with a Customer Relationship Manager (CRM), as part of the normal relationship management activity, a CRM should seek to understand how a business intends to meet its obligations under the legislation and the systems and processes that it has put in place.

Areas of difficulty or particular risk could form part of the discussions about business systems and governance and the CRM should work with the company/entity to identify and deal with any risks that could lead to non-compliance.  It is also envisioned that compliance with the legislation could form part of any Business Risk Review carried out with the business. 

CRMs will be able to call on support from Governance Specialists in Large Business  (LB) and Audit Specialists in both LB and Local Compliance to help them to understand and address any issues identified.

For those Financial Institutions where there is no CRM, compliance activity will follow a risk based approach and will focus on those Financial Institutions where information indicates they are potentially in non-compliance with the legislation.

Any audit of systems and processes, of either Customer Relationship Manager (CRM) or non CRM businesses will encompass a review of whether or not a Financial Institution is able to correctly identify its account holders and meets its reporting obligations.