Part 1 - The Questionnaire

Most of the requests in the first section of the examination questionnaire are informational, binary questions, or simple answers. However, you will have to provide some documentation that we provide for some of the questions:

  1. Written policies and procedures - this includes all of the policies and procedures you have, but at a minimum your 1-A/0 QC plan
  2. Your AML plan is section 1-70 of your QC plan.
  3. You will see a date in the lower right-hand corner of your plan. That is the last update.
  4. An AML audit can be internal or external. MA requires independence and that the reviewer be qualified for the job, so you will likely have to hire someone to do it externally. Or we can do it for you here
  5. We also provide AML training and training materials here
  6. This is your 2-9 IT Security Plan, Section 2-90 Safeguarding Customer Information. 

Part 2 - Additional Documentation

 

 

 

  1. Your AML plan, which was requested in #4 above
  2. This is the training resource, here
  3. This is the 2-0 Compliance Module > 2-01 Compliance Manager Duties
  4. This is the 2-0 Compliance Module > 2-80 Complaint Resolution Policies and Procedures
  5. The Audit Schedule is here for Compliance VP service users, and you can adopt the schedule below as your own since it is the minimum required schedule.
  6. Your AML Audit and CyberSecurity Risk Assessments
  7. Record Retention Schedule is in your 1-0/A QC Plan > Section 6 - Post Closing Compliance Audit

 

 

Part 3 - IT/CyberSecurity - Written Information Security Plan (WISP) Questions

 

  1. Question and Answers on IT Security - simple answers
  2. Standard IT Security Plan Inventory - as required by FTC updates 6/23 - the location of these items can be found in the 2-9 IT Security Plan using this index/rubric