IPA membership renewals deadline approaching

Licence-holder reminder: Risk-based monitoring

We remind all licence-holder members that the IPA operates a risk-based system for monitoring its licence-holders.

In determining the regularity and nature of inspection visits, analysis of the risk which any IP is considered likely to represent is evidenced. The indicators used to assess risk are fluid but may include such factors as the date of the last inspection and its outcome, the nature and volume of the work performed, the IP’s length of qualification and previous disciplinary record. Based on that assessment, an appropriate monitoring cycle is determined. A risk assessment is a confidential, discretionary decision of the IPA.


Full inspection visits

Based on a continuous assessment of an IP’s performance and record, full inspection visits take place at least once every six years (to be decided at the discretion of the IPA). Inspection visits may be conducted either remotely or by way of a physical inspection at an IP’s office. In certain instances, an inspection may take a hybrid approach where certain aspects are conducted remotely but the inspector will attend the IP’s office for a day.


The monitoring cycle

At the start of any monitoring cycle, an Inspector is appointed to each firm and is generally responsible for that relationship until the completion of the next full visit.

The monitoring cycle, whatever its length, culminates in a full inspection visit. Throughout the period, the Inspector will carry out a continuous assessment of risk and may shorten or lengthen the monitoring cycle as circumstances change and more information becomes available.

The Inspector is assisted in this continuous assessment by Analysis of Risk and Compliance (ARC) submissions (required of the IP at least every two years) and also brief mid-cycle inspections, which may take place in particular for those IPs on a longer cycle. During mid-cycle inspections, the Inspector will normally check one of the cases subject to ARC certification and one other case. There will also be the opportunity for a two-way conversation about topical issues and IPA activities. The visit will not normally last more than one day or part thereof and will be followed by a brief letter summarising any issues which, in the Inspector’s opinion, deserve further attention. If any potentially serious or systemic issue is discovered, the matter may be reported for further consideration or taken into account in reviewing the risk assessment.

The risk assessment procedure will also take account, among other things, the IP’s compliance with the IPA’s administrative requirements, including the promptness and accuracy of bond returns and self-certification submissions. SIP 16 submissions will continue to be monitored as at present, with the result submitted to the allocated Inspector for inclusion in the continuous monitoring process.


Anti-Money Laundering

The IPA must consider the risk for each firm for which the IPA is a Supervisor under the 2017 Money Laundering Regulations (MLR17) in relation to adherence to the requirements placed on IPs and their firms under the regulations.

The indicators used to consider AML risk include the number and type of appointments that are taken, the robustness of internal policies, procedures and controls required under MLR17, training provided to staff and a review of the firm’s AML risk assessment and AML training records. The Inspector will expect to see case risk assessments on each appointment and that these assessments are regularly reviewed.

Where the IPA is the firm’s Supervisory Authority under MLR17, it is likely that the Inspector will need to meet with the Nominated Officer(s) to review the firm’s AML policies, which will allow a review of the firm’s AML risk assessment to be undertaken.