Compliance with the relevant regulations

Regulations
FBS spa is a Financial Intermediary registered in the Single Registry pursuant to art. 106 of the Consolidated Banking Law (T.U.B.) No. 67, effective from June 24, 2016, is therefore authorized to carry out the activity of granting loans to the public, recover debts sold and cash payment services in connection with securitization transactions, pursuant to Article 2, paragraphs 3, 6 and 6 bis of Law No. 130 of April 30, 1999, and articles 106 et seq. of the Consolidated Banking Law.

In compliance with the regulatory provisions laid down in the Circular no. 288 of 2015 of Banca d'Italia, the "Internal Control System" (S.C.I.) of FBS spa is characterized by 3 levels of control:
  • I° Level Line controls, performed by Operative Unit involved in business operations
  • II° Level Performed by Operative Units Compliance and Risk Management and Anti-money laundering
  • III° Level Performed by Internal audit Operative Unit.
Inside the Internal Control System of FBS are also included:
  • Board of Statutory Auditors
  • Supervisory Body established pursuant to Legislative Decree 231 of 06/08/2001
  • Audit Firm entered in the Register of Auditors (PwC)li>

Risk management function (risk management)

The risk management function:
  • collaborates in the definition of government policies and risk management process, as well as the related procedures and methods of detection and control, and verifies its adequacy in continuous;
  • continuously verifies the adequacy of the risk management process and its operational limits;
  • is responsible to develop and maintain the risk measurement and control systems; in this context it develops indicators able to detect anomalous situations;
  • constantly monitors the evolution of corporate risks and compliance with operational limits to the assumption of various types of risk;
  • constantly monitors the evolution of corporate risks and compliance with operational limits to the assumption of various types of risk;;
  • verifies the proper conduct of the credit monitoring;
  • verifies the adequacy and effectiveness of the measures taken to remedy the shortcomings found in the risk management process.

Conformity check function (compliance)

The compliance function assesses the appropriateness of internal procedures with the aim of preventing violations of mandatory rules (laws and regulations) and self-regulation (statutes, codes of conduct, self-discipline codes) applicable to the financial intermediary. To that end:
  • continuously identifies the rules applicable to the financial intermediary and its activities and measures/evaluates the impact on business processes and procedures;
  • proposes organizational and procedural changes aimed at ensuring the proper supervision of the risks of non-compliance with the identified standards;
  • provides direct flow of information to corporate bodies and other corporate functions/structures involved;
  • checks in advance and subsequently monitors the effectiveness of the suggested organizational adjustments to prevent the risk of non-compliance.
The function of regulatory compliance is involved in the prior evaluation of compliance with the applicable regulations of all innovative projects (including new products or services) that the intermediary intends to undertake as well as in the prevention and management of conflicts of interest also with reference to employees and corporate members.

Notwithstanding the responsibilities of the compliance function to fulfill the tasks provided by specific regulations (e.g., the discipline in terms of transparency of transactions and the correctness of the relationship between brokers and customers), other areas of operation of the compliance function are:
  • verification of the consistency of the business reward system (in particular staff remuneration and incentives) with the objectives of complying with the rules, statutes and any codes of ethics or other standards applicable to the intermediary;
  • advice and assistance in relation to the corporate bodies of the intermediary in all matters in which the risk of non-compliance is highlighted, as well as collaboration in staff training on the provisions applicable to the activities carried out in order to spread a business culture based on the principles of honesty, fairness and respect for the spirit and the legislation.

Internal audit function (internal audit)

The internal audit, based on an audit plan approved by the entity with a strategic supervisory function, evaluates:
  • completeness, adequacy, functionality (in terms of efficiency and efficiency) and the reliability of the internal control system and, in general, the organizational structure;
  • the adequacy, overall reliability and security of the information system (ICT audit);
  • the adequacy of the business continuity plan or the disaster recovery plan.
The internal audit also verifies the following profiles:
  • the regularity of the various business activities, including those outsourced, and the evolution of risks;
  • the correctness of the operation of the distribution network;
  • tracking compliance with business activity standards at all business levels;
  • compliance with the limits laid down by delegation mechanisms and the full and correct use of information available in the various activities;
  • the removal of anomalies found in operations and in the operation of controls ("follow-up" activities).
For these purposes, the internal audit conducts periodic checks, through investigative controls based on the audit plan. The frequency of inspections is consistent with the activities performed, according to a risk-based logic. However, random checks are also performed without prior notice. They also conduct investigations in relation to specific irregularities. Based on the results of the checks carried out in accordance with the audit plan, makes recommendations to Corporate Bodies and verifies their compliance.