CFP TECHNOLOGY FZCO (“FZCO”) has a responsibility to satisfy itself that it and its outsourced functions are properly run and have appropriate corporate governance. One of the ways in which this is achieved is to set policies for each fundamentally affected area of business, especially those subject to regulatory scrutiny.
It is a fundamental principle of FZCO that it will maintain the level of record-keeping required to comply with the regulatory and statutory requirements applicable to its business activities. This archiving policy sets out FZCO’s approach to archiving its records, which should ensure that FZCO complies with both its legal and regulatory obligations.
For many reasons, FZCO considers it important to provide its staff with clear guidance on its archiving procedure.
The Minimum Compliance Standard
A record is defined as encompassing documents that are essential to us in carrying out our business and serving our customers as well as complying with accounting, financial reporting, legal, tax, Anti-Money Laundering, Customer Due Diligence, and other regulatory requirements as may be required from time to time. It can include any piece of paper relevant to a customer, past or present e.g., customer application forms, letters, memos, reports, hard copies of e-mails, mandate cards, payment advice, etc.
There is a multitude of different statutes and regulatory retention periods depending on the type of product and the type of record in question from 3 to 7 years. Therefore, as FZCO’s customer files will be electronic and could contain a combination of these records, it has been decided that the retention period will be ad infinitum electronically and no less than 10 years, from the last involvement, for all types of records. This approach will ensure that FZCO addresses the requirements of all the various regulatory and statutory requirements applicable to its business. This is in excess of the statutory requirements.
No member of staff, at whatever level, has the authority to conceal, discard, delete, destroy, or alter any document with the intent, or believed intent, of
- violating legal, financial reporting, or compliance obligations, or
- obstructing an investigation or legal proceeding.
If a member of staff feels that he or she is being asked to do something contrary to this policy they have the obligation to refuse, and to report this in accordance with FZCO’s whistle-blowing procedures.
If there is any doubt regarding the archiving of any document, the Compliance Director/Officer
should be contacted for guidance.
Certain company documents (i.e. Certificate of Incorporation and Memorandum and Articles of Association) must be kept indefinitely with the company books at the registered office address. Data protection legislation stipulates that data should not be kept any longer than is necessary and therefore e-mails should be deleted as soon as reasonably practicable after the work stream in question has been concluded. Hard copies should be made of all e-mails that require retention and stored in a secure place. Hard copy e-mails should be scanned to the relevant customer file and archived in accordance with the above.
This policy must be reviewed by FZCO’s Head of Compliance every year to ensure its alignment with appropriate legal and regulatory requirements as well as best practice compliance standards, the local whistle-blowing procedures, and its continued relevance to FZCO’s current and future operations. Every 12 months the Board must issue an up-to-date policy for FZCO. Any interim change to this policy must be proposed to the Board and, if agreed upon, requires the written approval of members of the Board.
APPENDIX 1: USEFUL INFORMATION SOURCES
The New Federal Law No. 15 of 2020 Regarding Consumer Protection – Article 4, s. 5
Protecting the privacy and security of the customer data and not using it for promotional and marketing purposes.
Data Protection Law DIFC Law No. 5 of 2020