Compliance Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd

Who Are MSM Compliance? MSM is a national professional services business focused on the general insurance industry. Your company has engaged MSM to assist in the management of its obligations as a holder of an Australian Financial Services Licence. MSM helps to ensure that you and your company comply with your AFS Licence obligations with the least disruption to your core business.

Why Are You Reading This? To provide you with an introduction to our Compliance Policy and Procedures. It will present you with a synopsis, but not the detail. You should still take the time to read the full Compliance Policy & Procedures.

Why Is A Compliance Program So Important? As an AFS Licensee we are required by law to have an effective Compliance program. A Compliance program helps us to consistently achieve the performance that is expected by ASIC and our Customers. Compliance programs are recognised as an integral part of good management practice. Without a Compliance program we run the real and possibly catastrophic risk of not meeting our Licence conditions therefore lose our License.

Who Is Responsible For Compliance? The Responsible Manager(s) is ultimately responsible for the implementation and effectiveness of these Policy and Procedures. The Compliance Officer is responsible for the implementation and effective operation of these Policy and Procedures. It is the responsibility of all management and staff to promptly advise the Compliance Officer of failure or potential failure of our business to comply with our obligations.

Our Compliance Program A Compliance Policy and Procedures. Appointment of a Compliance Officer – identified on our Organisation Chart (CO) A Breach Register to record situations where we fail to meet our legislative or code obligations. A Compliance checking system that regularly prompts the Compliance Officer to review the way we do things across all aspects of our business. A regular (annual) review of our business by an external compliance consultant. Reporting or all breaches to the Company Board. Reporting of all significant breaches to ASIC.

Compliance Promotion Compliance is part of the way we do things and must be promoted at all levels of the business, including Requiring Responsible Managers and Staff to read these Policy and Procedures. Induction programs for all new staff, which includes training on the Compliance Policy and Procedures. Raising of Compliance Issues at our staff meetings. Providing feedback to staff on results of external reviews. Including Compliance as part of Staff Appraisals.

Compliance Monitoring, Reporting & Recording Accurate and timely monitoring, reporting & recording are essential for an effective Compliance program. It is essential that these processes be comprehensive & accurate therefore we utilise either the Compliance Checklist or Broker Compliance Control. All Compliance tasks are identified, graded and allocated to a staff member or completion. Breaches are recorded in the Breach Register. Significant breaches must be reported to ASIC within 10 business days. An external audit will usually be conducted annually. Compliance and Breach reports are tabled at Board meetings.

Breach Examples Failure of Spotters to disclose their income. Failure to nominate correct / final insurer on invoices. Failure to promptly advise clients of significant issues affecting their coverage. Cancelling a policy due to non payment without client/insurer instruction. Not refunding commission and fees if no prior notice provided to client.

Breach Examples Failure to advise ASIC of changes. Acting outside scope of AFS Licence Misleading advertising that does not clearly spell out the services available. Use words such as “independent”, “objective”, “impartial” etc. Failure to submit APRA returns on time. Failure to properly appoint Authorised Reps, Distributors and Spotters.

Breach Examples Failure to maintain cash flow budgets and to monitor cash flows Failure to have annual audit conducted Failure to have adequate P.I. cover Failure to be a member of Financial Ombudsman Service (FOS). Failure to provide clients with details of your complaints system. Failure to have a documented complaints system and register.

Breach Examples Not effectively managing / recording conflicts of interest –Insurer profit share arrangements. –Binders –Buying Group relationships –Staff incentive schemes –Premium funding deals/commissions –Referral to other related /income generating providers

Breach Examples Client Money –Not banking money on day of receipt or day after. –Trust Assets less than Trust Liabilities –Not paying insurers within 90 days –Not paying insured’s refunds within 7 days –Not advising insurers of debts over 90 days within 7 days –Not taking non client money out of Trust Account within 30 days. –Not advising U/W agents & Wholesale Brokers of their obligations when paying.

Breach Examples Client Money –Not banking money on day of receipt or day after. –Trust Assets less than Trust Liabilities –Not paying insurers within 90 days –Not paying insured’s refunds within 7 days –Not advising insurers of debts over 90 days within 7 days –Not taking non client money out of Trust Account within 30 days. –Not advising U/W agents & Wholesale Brokers of their obligations when paying.

Breach Examples Advice Disclosure –Not providing oral disclosure / warnings when quoting Retail Clients over the phone. –Not providing General Advice Warning with documentation –Not providing required information when providing Personal Advice.

Breach Examples Financial Services Guide –Incomplete / not up to date –Old FSG on website –Not providing within 5 days to new clients –Not providing to existing clients when changed –Not recording date and version no when sent to client. –No separate FSG for Authorised Reps. –Sending electronically without specific client consent.

Review & Updates Our Compliance Policy & Procedures will be reviewed on an annual basis as part of our the Business Planning process. The review will necessarily involve senior management together with input from staff where relevant. Any changes will be documented in the annual Business Plan, and will be advised to you either via or at our regular Staff meetings

In Summary You should read the full Policy & Procedures. understand your role & responsibilities in the Compliance Program be aware of what constitutes a breach and the action required by you. Identify from our Organisation Chart who our Compliance Officer is.

Where To From Here? Please take the time to read our full Compliance Policy and Procedures and if you require further clarification discuss with our Compliance Officer.