FSA Compliance - IFA Client Data Protection Procedures

Make sure you protect yoru dataThe FSA is targeting small firms with emailed compliance questions about data protection within their firms.

Standardised data protection compliance questions are posed although some require detailed answers.  In our view, you have a good chance of receiving this email so should review your data protection compliance and security policies to satisfy FSA data protection procedures.

We have written templated data protection compliance and security procedures that encompass all questions posed by the FSA to help you comply with FSA requirements.

They are available in the Compliance Data Protection Shop.

The Data Protection compliance FSA questions are:

  • How many retail customers does your firm currently maintain on its books?
  • Does your firm hold customer data and information, e.g. names, addresses, banking details in paper format, electronic format or both?
  • Does your firm have a designated individual(s) or central area responsible for the maintenance, storage and destruction of customer data? If so, please provide names and titles of the individuals.
  • Does your firm have procedures for the storage and destruction of both hard copy and electronic customer data including its secure disposal? E.g. are paper records shredded when obsolete? Do you ensure electronic data cannot be re-used when it is disposed of?
  • Has your firm ever identified any breaches of its data security controls? If so, please provide details.
  • Does your firm utilise laptops, desktop PC’s or both for the storing of customer data?
  • If using laptops, does your firm employ any additional controls around their use? E.g. do you encrypt files to ensure that they cannot be accessed by people outside your firm if the laptop is lost or stolen? If so, please provide brief details.
  • Does your firm use the services of any third party to transmit, transfer, share or store consumer data or information? If so, please provide the names of the third parties and the reasons for their use.
  • To what extent are members of staff who need access to customer data or information vetted and are ongoing vetting measures employed? Please provide brief details.
  • If you have any further information that you believe may be useful for this exercise, please provide brief details.

Buy updated Data Protection Procedures to help with your compliance in the Compliance Data Protection Shop

Useful links:

Revolutionise how you buy compliance support Expert training solutions for you and your company Converting to a fee model was never so easy Compliance documents and templates shop Money Laundering Templates, Documents and Procedures Complaints Templates, Documents and Procedures Treating Customers Fairly Templates, Documents and Procedures Data Protection Procedures, Documents and Templates