Importance Of Attestation In Regulatory Environment | Supervisory Tools By FCA

1.Do not open this examination paper until instructed to do so by the invigilator. All examination papers must be returned to the invigilator at the end of the exam.
2.With this examination paper you will find an answer book. Do not start writing in your answer book until instructed to do so by the invigilator.
3.You answers MUST be written using the answer book and extra pages provided by the invigilator; other types of paper are not permitted. After the examination, please secure any extra pages used to your answer book.
4.On the front cover of the examination answer book, please print your candidate number, course title and examination date (as above), seat number (if applicable), jurisdiction and industry sector.
5.Please insert the numbers of the questions you have answered in the table at the bottom of the front page.
6.Write in black or blue ink and start each new question on a fresh page and write on one side only. Ensure that you clearly indicate which question you are answering including any sub section such as (a), (b), etc.
7.Other than to visit the toilet, once you leave the examination hall, you will be ineligible to return during the examination. No candidate may leave the examination hall during the first 15 or last 30 minutes of the examination.
8.Candidates who copy from or merely paraphrase the course materials will be heavily penalised.
9.Please note that failure to attempt four questions severely restricts your ability to pass the examination.

FCA's Expectations for Attestations

An attestation is considered as the formal statement of the firm that it will take or has taken the required action. Attestations are used as the supervisory tool for the purpose of ensuring that regulated firms and senior managers of the regulated firms are held responsible for taking any action which is required in context of the particular issues and also focus on putting the things right in general manner, which means without the involvement of the Financial Conduct Authority (FCA).

The principles of organization business and statement of principles for approved persons impose obligations on the firm and approved persons to pact with the FCA in such manner which ensures openness and cooperativeness. In all the situations, if approved person fails to meet the requirements of the principles then there are severe consequences for the same such as penalty and fine. However, in severe situation imprisonment is also the option which is available to the FCA. This can be understood through example, in case firm failed to inform the FCA about the matter highlighted in the letter issued by the FCA, then FCA has power to take action against the approved person which is appropriate and required (FCA, 2016).

Attestation is considered as the supervisory tool, and while using this tool, FCA expects clarity, transparency, and consistency in their use. Because of the possible important effect on the individuals and firms involved in the attestations, it is necessary that attestations done by them are clear and real, which means they must be specific and achievable, and they must have demanding and realistic timelines. It is also necessary that organizations must have a clear and open communication with their supervisors, so that there must be clear and shared understanding in context of the results, FCA wants to achieve from the particular attestations, and also the details of the scope, content and timing. Open communication with the supervisors must help to address the issues that our use of attestations is slanting the prioritization of risk at firms.

As stated, FCA does not expect the fins for the purpose of creating the heavy pledge that could slant prioritization, and also considering when to ask for attestation, FCA consider the range of issues on which senior management of the firm is focus, and the issues on the basis of which resources of the firm are being applied, for the purpose of ensuring that the most important issues are those who are receiving the most attention (FCA, 2014).

Consequences of Non-Compliance

There is an increasing trend of the senior managers in the financial institutions being required to provide written attestations to the FCA or the PRA on the areas of the regulatory focus and particular supervisory actions. The use of attestations in context of the FCA and PRA, shows the clear intention on their part for the purpose of holding the senior management responsible for the regulatory issues. Therefore, it can be said that before signing the attestations, senior managers need to show the document they are attesting and regimes conducted by them before attesting the document (Allen & Overy, n.d.).

Part B

Following are the two supervisory tools which can be used by the FCA:

Early intervention powers: From the initial stage, FCA adopt the concept related to the early intervention, which actually means, engaging in any issue at earlier stage in maximum cases, before any harm cause to the consumer (Loughlin, 2014). For this purpose, FCA tries to use the supervisory tools which allowed them to intervene at the earlier stage. This approach is adopted by the FCA in the financial year 2013/2014, and it can be used in 21 different occasions for the purpose of taking action against the firms and the individuals.

This tool includes number of actions which has wide range, and this also includes the powers used by FCA under the FSMA. Following are the possible steps which include (Loughlin, 2014; FCA, 2015):

• This requires firms to send the information on immediate basis.
• Changes in the firm’s permission for the purpose of removing certain permissions.
• Putting requirements in context of the firm’s permission.
• Commissioning the report of the skilled persons.
• Getting the attestations from the senior managers of the organization.
• Restrict the financial promotions (Jamieson, 2015).

Requests for documents and information: FCA has power to make the informal request to the firms for the documents and information, and if there is any issue in context of the confidentiality and data concern then firm has right to reject the request and rather than this they can ask that they are compelled for the documents and information in request. FCA can also require the firms to supervise the FCA for providing the documents and information which are required in reasonable manner for the purpose of exercising their statutory powers, and this is stated in the section 165 of the Financial Services and Markets Act (FSMA). There are number of   banks in which investigation is conducted by the FCA in context of the money laundering and in this they also imposed fines on number of banks.

In April, EFG Private Bank was fined by the FCA at £4.2m and one individual also because of the failure on their part in managing the risk of money laundering on their part. FCA stated that they witness this weakness in the management of the firm on continuous basis in context of the money laundering risk and this also includes the deals with the high risks customers and politically exposed persons. Authority of the FCA communicated that they are working on the preventive problem solving approach in context of the money laundering. In this case, mainly concentrate on identifying the present and possible financial crime risks. FCA also ensures that the awareness of their implications and also how to reduce the implications embedded in the firms. In this similar case, FCA also asks for the information and document, and this request of the FCA is fulfilled by the bank. For these breaches, FCA imposes £4.2m for failures in its anti-money laundering controls. 

FCA's Early Intervention Powers

It is recommended to the FCA, that they must use these tools in strict manner and increase the penalties in context of breach of the requirements stated under these tools. This enhance the reliability of these tools.

Answer 2

After the financial issues, these new provisions in the regulatory environment makes the things such as risk management and risk compliance more complicated and difficult, but this also increase the importance of this concept. On the continuous basis, there is risk of non-compliance of laws and regulations on part of the firms, and this result in the significant impairment of the reputation, value, earnings, and business opportunities. Following are two initiatives which can be used by the banking sector:

Governance, risk and compliance (GRC) professional: Banks in UK, understand the fact that efforts and expenses spending in the training, monitoring and managing controls are not providing the adequate results, and it is necessary to focus on making such corporate culture which not only support but also ensure the compliance in governance and risk management (DOF, 2018).  GRC professional is the type of certification which makes sure that the individual has core understanding of GRC processes and capabilities, and also provide the skills to participate in the governance, Performance and risk management, internal control, and right governance. Each and every risk, compliance, internal audit, and IT professional must focus on   earning the GRCP certification.

It must be noted that GRCP professional is the person who spend enough time in helping the firm in achieving the principle performance by leading and planning in context of different areas such as risk management, internal control, compliance and activities related to the ethics. Following are the most important aspects of the GRC professional certification:

• Principles, outcomes, and key terms are most important aspect of the GRC professional in which individual shows that he know how to communicate in context of the disciplines by using the language which is common and unambiguous in nature.
• Core components and activities are another important area of this certification, in which individual shows the understanding of the 4 components and 20 elements which mainly includes the capability model of the GRC.
• Relationship of GRC and discipline shows the way through which GRC includes the governance management and also the audit of strategy, performance, risk and compliance (OCEG, n.d.).

The main aim of this certification is to make sure that proper policies and controls must be farmed for the purpose of reducing the risk, to set up a system of checks and balances, to attentive the individuals when new risk is emerged, and also for managing the processes of business in such manner as they become more efficient and proactive. Professionals of the GRC certification must make efforts to meet the expectations of the stakeholders with fulfilling the business objectives while meeting the compliance requirements. A wide range of responsibilities are imposed on the professionals and impositions of these responsibilities are necessary in present environment of business.

Each and every area of the banking sector requires the GRC professional certification such as financial analysis, IT security analysts, information assurance program manager and senior IT auditor, etc. It can be said that ensuring the GRC professional certification is the profitable activity as it ensures the authenticity of the transactions and also reduce the chances of the non-compliance (CIO, 2017).

Governance, Risk and Compliance Professional

GRCP certification also acts as the model for other GRC qualifications with its board focus, and this shows:

• Knowledge in terms of the process of the essential GRC disciplines, from auditing to risk.
• Understanding in context of the GRC capability model and also its four models that are learning, alignment, performance and review.
• Competence in context of advising the key GRC controls and functions, and also integrating the GRC processes in the decided strategy of the organization (Pavlovic, n.d.).

Compliance and risk team: GRC is the integrated collection of the abilities that mainly allowed the organizations to achieve their objectives, address uncertainty, and also act in integrate manner. This is the approach through which organization focus on its important capabilities that must work together for the purpose of achieving the principled performance. Those capabilities which focus on the governance and management, and it also provide the security in context of the performance, risk, and compliance activities (OECG, n.d.). Compliance and risk team is the initiative which helps the organization in adopting this approach in more effective manner. This team includes number of departments of the banking organization in its ambit such as internal audit, compliance, risk, legal, finance, IT, HR and also the appearances of the business, executive suite and the board of directors also. Following are the important areas in which compliance and risk team focused:

Resources: This is the area in which team focus on conducting the business such as it includes strategies, policies, standards, procedures, organizational structure, etc. This also includes the third parties such as suppliers, customers, etc.

Attributes of business:  It must be noted that key attributes of the business includes the following areas:

• Performance, including goals, targets, outcomes, profitability, and SLA, etc.
• Risk includes different areas such as financial risk, credit risk, market risk, strategy risk, operational risk, fraud risk, etc.
• Compliance is the third area which includes regulatory compliances, legal compliance, organizational compliance, etc.

Governance, Management, and operations: this area impose obligation on the team to setting the directions, management of the risk and resources, monitoring the performance, and ensure compliance with the entire requirement for the purpose of achieving the objectives of   the organization. It can be broadly classified into difference governance structures such as corporate, business, IT, etc.  Management of the organization involves number of stages such as planning, organizing, leading, coordinating, controlling and reporting.

Controls: for the purpose of realizing the value from the business, it is necessary to use the resources in such manner as it is effective and efficient. This can be achieved by the organization in only those situations when compliance and risk team implement and execute their control in effective manner.

Assurance: it is necessary for the team to conduct independent assurance for the purpose of ensuring that all the control are designed and operated in effective manner and compliance requirements are met on continuous and constant basis. Responsibility is imposed on the team to monitor and get the assurance in terms of the responsibility (Narasimhan, 2017).

This can be understood through example, in HSBC Holdings, risk and compliance team of the organization ensures the use of risk management framework at each and every level of the organization and it also includes all the types of risk. This team of the HSBC is responsible for regulating the governance and structure of the organization, and they are also responsible for monitoring, managing, and mitigating the risks we accept and incur in our activities (HSBC, 2018). It is recommended to the HSBC to use the GRCP certification for the purpose of ensuring risk management effective risk and governance management in the organization.

Compliance and Risk Team

Answer 4

Customer data is considered as the information collected and hold by organization in context of their customers and this information includes both basic and confidential information. It is necessary to secure this information in effective manner because leak of this information can cause huge loss to both customers and bank. This guiding document is prepared in context of the banking sector for the UK-firm regulated as Royal Bank of Scotland Group, and it mainly defines the way in which customers data is handled, stored, and disposed by the banks (Perrin, 2010). As they take the privacy and protection of the consumers very seriously, and for this purpose RBS ensures the compliance with the new General Data Protection Regulation (GDPR) and they also closely monitoring the impact of the Brexit negotiations on their privacy obligations. Following are the guidelines for the RBS: 

Comprehensive progress evaluation: the data and internet data analytics made the things already easier in context of monitoring and evaluating the progress banks, as this data has been entrusted with the personal and confidential information of the customers. With the big and huge data, it is possible for the banks to use this information for the purpose of monitoring the transactions behavior of the clients, and this also allowed them to provide the kind of resources which is need by the clients. It must be noted that this real time evaluation not only ensure the data security but also increase the profitability of the organization. As stated, volume of the banking sector increases and this directly affects the level of service offered. It is necessary for the banking organizations to reach best practices in each and every area because they are not only responsible for the funds of the clients but also for the personal information of the clients. It is not possible for the small scale databases to handle the large volume of data, and because of this it is necessary for the banks to adopt the big data. Failure on part of the bank to adopt the big data increases the chances of security failure in the organization. Switching the big data allowed the organizations to process this information in faster manner and also in avoiding any such situations which result in the security damage to the clients (Banking frontiers, 2017).

For the purpose of disposing the data in secured manner, banks can use two ways such as banks can delete the data from the magnetic media by using the software or they can physically destroyed the media in which information is stored.

Changes in service delivery: there are number of software’s such as big data which includes enormous system, but the main purpose of this system is to make the task simple. Whenever any information is entered into the system, then such information is processed and show only that must information which is required. This helps the management in completing their tasks in less time period and also reduces the costs. Big data also allowed the organizations in identifying and rectifying their issues, before such issues cause damage to the clients. There are number of times, when clients become the reasons of the issue. This can be understood through example, investors first make the decision, but after some time they change their mind. Big data help the management in changing their methods of service of delivery because some of the clients of the organization are not able to walk out. This system allowed the banks to track the credit cards of their customers and also ensure that they are not spending more amounts (Big data, 2016).

Compliance requirements and control system play important role in providing the security to the data of customers such as control system is used for the purpose of safeguarding the sensitive and important information and also have counter measure for the purpose of restricting its unauthorized use of the information. Control system of the banks helps the organization in avoiding, detecting, and reducing the security risks related to the computer data or any other type of information. This system also help the organizations in minimizing the risk related to the data loss or damage by ensuring continuous check and also by restricting any possible hateful attack on data assets (Infosec institute, n.d.). On the other hand, compliance system facilitates the check system and allowed the management to review the process on continuous basis. Compliance system of the organization must be effective in nature and executed through the computer systems, and also provide the automatic protection against the misuse or unauthorized access to the important client information. Compliance requirement facilitates the detection of the security violation and also ensure the support requirements in context of the security data.

Section B

Answer 5

There are number of firms which already have specialists units in context of handling the disclosures made by the whistleblowers of the organization. These units mainly perform the tasks such as assessing and escalating the concerns which are raised by the whistle blowers of the organization and also track the results after the issue is escalated. This unit provides the feedbacks to the whistleblowers if they are appropriate in nature. Such units of the organizations are mainly known as the integrity functions. It is necessary for the organizations to fit this department in the organization structure in appropriate manner (PRA, 2015). There are number of parts in the organization in which this department can fit such as Human Resources department. For the purpose of this answer, TESCO United Kingdom is selected, as this company is engaging in the retail industry. Whistleblowing policy of this company ensures the protection of the colleagues, customers, and business. 

The regulator:

The policy and procedural manual is designed for the purpose of enabling the employees and other important stakeholders to report any action which is inappropriate in nature. In context of compliance requirement, following are the reportable actions which can be reported by the whistleblowers:

• Any action related to the financial malpractices or any inappropriate action such as fraud, corruption, bribery, theft and concealment.
• Any person or department fails to comply with the legal and regulatory obligations, statutes and also the action which cause damage to the society or environment.
• Any breach done by the person or department in lieu of the corporate governance.
• Connected transactions are not disclosed and reported as per the regulations (FBN Holdings, n.d.).

Executed team of the regulated firm:

The board and senior management of the organization have the knowledge that the healthy internal system of the organization allowed the employees and other stakeholders of the organization to report the malpractices without any fear of getting back, clearly shows that employees and stakeholders of the company are taking their responsibilities seriously. This also helps the organization in avoiding the negative personality which might be happen if any negative disclosures are made to external parties.  Therefore, board and management of the organization are committed for encouraging the openness, accountability, and integrity in the organization. This procedure also ensures that Whistleblowers, who made the disclosure in good faith and truly believes that disclosure is true, will not face any kind of harassment or victimization in the organization (MEGT, n.d.).

There are number of firms which are taking help from the third parties for the purpose of providing the aspects of their whistleblowing projects. These third parties are engaged in running the whistleblowing hotlines which mainly pass the report to the other firms in the anonym zed form and also provide the regular management information. The main aim of these arrangements is that any whistleblower who is contacting to the third parties gets more assurance that these specialists ensure the anonymity, confidentiality and arms-length independence.

However, there are number of firms which are seeking the quality of the services, monitoring of these services, and also handling of the different aspects of the project such as those aspects which can be handled internally and those also which must be outsourced. The main responsibility in context of the whistleblower procedure is of the firm, and this also includes the services outsourced to the third parties and also meeting the expectations of the regulators.

It is necessary for the firm to focus on the communication methods, because it is necessary that whistleblowers will feel comfortable while making the disclosures. There are different ways, through which disclosures can be made such as face to face, on telephone, email, etc. There are some other whistleblowers who like to conceal their identity completely, and it is necessary for the management to make arrangements accordingly. Arrangements of the firm must be of such nature as they address all the preferences of the whistleblowers.

Firms who want to adopt the whistleblower procedure must focus on the training required by them, and the training policy of the organization in context of the compliance sector cover following areas:

• Training must be provided to all the employees of the organization in context of the laws and regulation which must be complied by the organization. This helps the employees in identifying and detects any area in which non-compliance occurred.
• Training must also be provided to the employees in different aspects of the whistleblowing such as how to report the malpractices to the relevant authority, methods used by whistleblowers while doing this. During the time of training, management can also demonstrates the same through any old incident and how such incident has been tackled.
• Management of the organization must provide training to the authority also who is appointed to deal with this issues and this training covers different aspects such as protection provided to the whistleblowers, recognition of the whistleblowers, and also steps conducted by the authority while investigating the matter. This authority is also under obligation to ensure fair hearing is conducted while dealing with the compliant (Gov.UK, n.d.).

In Tesco this approach is known as the Protector line, and it is considered as the way through which colleagues and staff can disclose the information directly to the top management. In this facilities of the confidential telephones and e-mail services are provided. All these services help the management to deal with the issues at the initial stage only (Tesco, n.d.). 

General employees of the regulated firm:

Employees and other stakeholders of the organization hold both right and responsibility for identifying and report any malpractices or non-compliance in the organization such as improper governmental activities and environment, not fulfilling the regulatory and legal requirements, etc. Employees must be ensured that they are not getting back any harassment and victimization if they are reporting the non-compliance to the authority. Employees must understand their responsibility towards the company and report such incidents directly to the relevant authority, instead of telling these incidents to the external parties. In case employees report these incidents to the external people then it cause huge negative impact on the organization.

It must be noted that, it is the right of the employees to get the protection from organization if they blow the whistle in any of these matters:

• Criminal offense conducted by any individual in the organization such as fraud.
• If there is any damage to the justice in the organization.
• Law is broken by the individual in the organization.
• There is non-compliance of the regulatory and legal protections in the organization (Jones, 2016).

Answer 6

This paper defines the training material of two objectives developed by the board of Marks and Spencer in context of the compliance requirement. This report is prepared in terms of the position of GRC professional, who is presently employed as Head of Compliance and Risk at Worldwide Business International (WBI), in the Marks and Spencer operated in the retail industry of UK:

Appointment of the staff members which include operational management roles, head of Internal Audit, and two new non-executive directors; Following are the training material for achieving this objective:

• Training for the hiring above stated professionals include wide and different areas such as required qualification, procedure of appointment, skills possessed by person, developing abilities for the relevant position, etc. It is necessary for the management to focus on each and every aspect of the hiring and staffing.
• Training must provide the information which states what kinds of people you want to hire for the particular positions. There are number of criteria which must be teach in the training period such as personal qualities, commitment level, problem solving approach, etc (Mabaso, 2012).
• Training must clarify the different ways through which they can attract the employees to apply for the position in the organization, which means ways through which they can seek more and more options to assess and evaluate for the position.
• What can be afforded by the organization is another matter which must be considered by the training session, and this include whether there is any full time or part time position, etc.
• After the selection of the individual, the most important section of any term is the procedure of appointment, which means trainers must develop the appropriate procedure for appointing the person and training for the same must be given (Community tool box, 2018).

Hiring and selection process is the most important process of the organization, because this is the only process on which base of the organization is established. Human resources are considered as the most important resources of the organization. There are number of reasons which highlight the importance of the training material in this context:

• manner in which individuals are hired in the organization play most important role in ensuring whether all the legal and regulatory terms in this context are compiled by the management or not.
• These training sessions develop interpersonal skills in the management and in the employees also who are hired through this process, and allowed them to use their skills and ability in full form.
• These developing guidelines evaluate the plan of hiring on continuous basis and allowed the management to make necessary changes whenever required.
• By proving the clear set of guidelines, management removes the chances of errors and confusion. Through these guidelines, procedure of the organization increases the transparency (NHS 2016).

In terms of Marks and Spencer, a long-running strategy has been developed by the company for the purpose of appointing the staff members and positions at management level. This strategy is considered as the family-friendly strategy for the large and diverse workforce. This strategy is based on some important factors:

• In legal aspect, M & S focus on compliance with the anti-discrimination legislation.
• In moral aspect, M & S restrict the unfair activities in the organization.
• In business aspect, M & S ensures the achievement of the business objectives (M&S, n.d.).

Changes occurred in the number of reporting lines which also includes the financial crime prevention operations; Following are the training material for achieving this objective:

Training conduct in this context is important in nature because this is the area in which number of conflicts can be occurred. Management must held the meeting with the employees of the organization for the purpose of explaining the specified business reason because of which any change in the reporting lines is changed, and management is also under obligation to deal with any such issue which arise because of this consultation meeting. However, it might be possible that resolution of this issue takes some amount of time.

If employee of the organization rejected to accept these changes, then employer has number of ways through which they can implement these changes such as employer can dismiss the employees and after that hire them under the new terms. However, this is the risky step because of which employees of the organization gets more frustrated from the employer.

Employers of the organization must conduct all the legal and regulatory requirements before conducting this action, because it becomes easy for the employers to implement all these changes in the organization.

It is necessary for the organization to conduct all these training requisites in effective and efficient manner, because this is considered as one of the important areas of the organization. Any inefficiency in this process will result in the chaos and confusion, and cause huge damage to the organization (Last, n.d.).

In context of M&S, training sessions are conducted on regular basis for the purpose of allowing the employees to be more flexible for changes. 

Answer 7

This answer discusses the corporate governance guidelines for the Mark and Spencer, as this is an international organization which is conducted its operations in different countries such as India, Australia, etc. Following are the important corporate governance structure guidelines which must be adopted by the international organizations:

Financial and operating results of the organization for each country must be disclosed by the organizations, as it is considered as the biggest responsibility of the board of directors of the organization. These disclosures ensure the shareholders and stakeholders disclosure requirement compliance and also facilitate the shareholders to evaluate their decision.

• While making these disclosures, responsibility of the board in context of financial communications must be disclosed.
• Organizations must ensure the disclosure of the transactions with the related parties.

Some non-financial disclosures are also there which must be made by the international organizations for the purpose of ensuring the effective corporate governance in the organization:

• Beneficiary ownership structure of the organization must be disclosed in context of all the interested parties, and any changes occurred in the shareholdings of the substantial investors must be disclosed to the market.
• Disclosures in context of the control structure of the organizations must also be made, and this disclosure includes the manner in which shareholders and other members of the organization can exercise their control rights (UNCTAD, n.d.)
  

References:

Allen & Overy. Supervisory tools available to the Financial Conduct Authority and the Prudential Regulation Authority. Available at: https://www.aohub.com/aohub/attachment_dw.action?key=Ec8teaJ9VaqG2hwwhvXwYF7eOOGbnAEFKCLORG72fHz0%2BNbpi2jDfaB8lgiEyY1JAvAvaah9lF3dzoxprWhI6w%3D%3D&attkey=FRbANEucS95NMLRN47z%2BeeOgEFCt8EGQJsWJiCH2WAUuQVQjpl3o%2BV2XqBW73CVB&fromContentView=1&fromDispatchContent=true&nav=FRbANEucS95NMLRN47z%2BeeOgEFCt8EGQIPHhhL8siMw%3D&uid=tQohht%2Fb7X0%3D&popup=HxapDW%2FMKd4%3D. Accessed on 18^th June 2018.

Banking frontiers, (2017). Data privacy in the banking sector: striking a balance. Available at: https://www.khaitanco.com/PublicationsDocs/Banking%20Frontiers-KCOCoverage30May17.pdf. Accessed on 18^th June 2018.

Big Data, (2016). The role of big data in the banking industry. Available at: https://bigdata-madesimple.com/role-big-data-banking-industry/. Accessed on 18^th June 2018.

CIO, (2017). The top 6 governance, risk and compliance (GRC) certifications. available at: https://www.cio.com/article/3201151/certifications/the-top-6-governance-risk-and-compliance-grc-certifications.html. Accessed on 18^th June 2018.

Community Tool Box, (2018). Section 1. Developing a Plan for Staff Hiring and Training. Available at: https://ctb.ku.edu/en/table-of-contents/structure/hiring-and-training/develop-a-plan/main. Accessed on 18^th June 2018.

Director of Finance, (2018). How regulation is transforming the banking sector. Available at: https://dofonline.co.uk/2017/12/06/regulation-transforming-banking-sector/. Accessed on 18^th June 2018.

FBN Holdings. Whistleblowing Policy and Procedure. Available at: https://www.fbnholdings.com/Whistle_Blowing_Policy_Procedure.pdf. Accessed on 18^th June 2018.

FCA, (2014). Attestations. Available at: https://www.fca.org.uk/publication/correspondence/attestations-clive-adamson.pdf. Accessed on 18^th June 2018.

FCA, (2015). Early interventions. Available at: https://www.fca.org.uk/enforcement-annual-performance-account-2015-16/8-early-interventions. Accessed on 18^th June 2018.

FCA, (2016). Attestations. Available at: https://www.fca.org.uk/about/supervision/attestations. Accessed on 18^th June 2018.

FCA. The FCA's approach to supervision. Available at: https://www.handbook.fca.org.uk/handbook/SUP/1A/4.pdf. Accessed on 18^th June 2018.

Financial Services and Markets Act- Section 165.

Gov.UK. Whistleblowing for employees. Available at: https://www.gov.uk/whistleblowing. Accessed on 18^th June 2018.

HSBC, (2018). Available at: https://www.hsbc.com/our-approach/risk-and-responsibility. Accessed on 18^th June 2018.

Infosec Institute. Data Security Controls And The CISSP. Available at: https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/asset-security/data-security-controls/#gref. Accessed on 18^th June 2018.

Jamieson, A. (2015). Early intervention on the rise. Available at: https://www.blplaw.com/expert-legal-insights/articles/early-intervention-rise. Accessed on 18^th June 2018.

Jones, A. (2016). The Role of Employee Whistleblowing and Raising Concerns in an Organizational Learning Culture – Elusive and Laudable?. International Journal of Health Policy Management, Voolume 5(1), 67–69.

Last. M. Tackling Changes to Reporting Lines. Available at: https://fleximize.com/articles/006866/reporting-lines. Accessed on 18^th June 2018.

Loughlin, D. (2014). FCA used early intervention powers 21 times. Available at: https://www.ftadviser.com/2014/07/10/regulation/regulators/fca-used-early-intervention-powers-times-igLCyk5WPiIptxtvXBQvmM/article.html. Accessed on 18^th June 2018.

Mabaso, C. (2012). The effectiveness of an induction program for newly appointed staff at coastal kzn fet college. Available at: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.925.5257&rep=rep1&type=pdf. Accessed on 18^th June 2018.

M&S, (2018). Annual Report 2018. Available at: https://corporate.marksandspencer.com/annualreport. Accessed on 18^th June 2018.

MEGT. Whistleblower policy & procedure. Available at: https://moos.scos.com.au/index.php?controller=megtattachment&id_attachment=1049&id_product=1915. Accessed on 18^th June 2018.

Narsimhan, L. (2017). GRC 101—an Introduction to Governance, Risk Management, and Compliance. Available at: https://www.capgemini.com/2017/10/grc-101-an-introduction-to-governance-risk-management-and-compliance/. Accessed on 18^th June 2018.

NHS, (2016). Staff Training and Development Policy and Procedure. Staff Training and Development Policy and Procedure, Volume 7 (1).

OCEG. What Is The GRC Professional Certification? Available at: https://www.oceg.org/certifications/grc-professional-certification/. Accessed on 18^th June 2018.

OECG. Governance, Risk and Compliance (GRC). Available at: https://www.oceg.org/about/what-is-grc/. Accessed on 18^th June 2018.

Oxford Brookes University. Whistleblowing procedure. Available at: https://www.brookes.ac.uk/nursery/policies/whistleblowing-procedure/. Accessed on 18^th June 2018.

Pavlovic, A. The top 5 GRC certifications for the quality professional. Available at: https://quality.eqms.co.uk/blog/top-5-grc-certifications. Accessed on 18^th June 2018.

 Perrin, A. (2010). Securely disposing data on hard drives and other storage media. Available at: https://www.techrepublic.com/blog/it-security/securely-disposing-data-on-hard-drives-and-other-storage-media/. Accessed on 18^th June 2018.

PRA, (2015). Whistleblowing in deposit-takers, PRA-designated investment firms and insurers. Available at: https://www.fca.org.uk/publication/consultation/cp15-04.pdf. Accessed on 18^th June 2018.

TESCO. Whistleblowing policy. Available at: https://www.tescoplc.com/little-helps-plan/reports-and-policies/whistleblowing-policy/. Accessed on 18^th June 2018.

UNCTAD. CG Disclosures. Available at: https://www.unctad.org/en/docs/iteteb20063_en.pdf. Accessed on 18^th June 2018.