Policies and Procedures for CMS licence holders/RFMC
What scope should the policies and procedures of a financial institution cover?
A holder of a CMS licence, including an A/I LFMC or an RFMC, must implement effective written policies on all operational areas of the holder, including the holder's financial policies, accounting and internal controls, and internal auditing (reg. 13(a)(i) SF(LCB)R; for and RFMC reg. 54A(1) SF(LCB)R read in conjunction with reg. 13(a)(i) SF(LCB)R). These policies should provide for the prudent management of significant risks from the business activities and operations of the financial institution (para. 2.1.2 Guidelines on Internal Controls).
The financial institution should implement these policies in appropriate procedures and processes documented in procedural manuals (para. 2.1.3 Guidelines on Internal Controls).
In addition, a code of conduct should state the ethical values of the financial institution and prescribe the guidelines for employees to observe when discharging their duties. The code should cover areas such as acceptance of gifts and entertainment, conflicts of interest, safeguarding of the confidentiality of information, and disclosure of and restrictions on personal investments (para. 2.2.2 Guidelines on Internal Controls) and, in addition to general guidelines, prescribe specific guidelines for the operations in functional areas such as private banking or asset management (para. 2.2.3 Guidelines on Internal Controls).