Compliance Assurance Program

License
Written By Rupert Gough

Introduction

A strong compliance process ensures we meet our regulatory and legal obligations — and deliver an excellent customer experience. This is achieved through clear policies, procedures, and controls.

Compliance means adhering to both external rules (laws, regulations) and internal expectations (codes of conduct, internal policies).

Whenever legislation changes, we implement processes to meet the new requirements. This program outlines how we do that.

Purpose

This program ensures MTG has adequate systems to:

  • Comply with the Financial Markets Conduct Act 2013, associated Regulations, and the Financial Services Legislation Amendment Act 2019

  • Follow FMA guidance, the Code of Professional Conduct, and our internal standards

  • Monitor and test the design and effectiveness of compliance processes

  • Meet licensing and record-keeping obligations

It sets out:

  • Who is responsible for compliance

  • What obligations apply

  • What procedures are in place

  • How those procedures are monitored

Compliance Commitment

Maurice Trapp Group is committed to a strong, customer-first culture underpinned by robust and compliant processes.

  • All staff are expected to recognise, report, and help resolve compliance breaches

  • We operate a no-blame policy for mistakes, but expect accountability when issues go unreported or unaddressed

Compliance Framework

Our framework includes day-to-day activities and higher-level oversight:

  1. Identify legal and regulatory obligations

  2. Record them in our Obligations Register

  3. Maintain policies and procedures aligned with those obligations

  4. Define key controls and assign a risk rating

  5. Train staff and advisers

  6. Monitor and test control effectiveness

  7. Remediate issues and improve processes

Roles & Responsibilities

FAP Licensee

  • Maurice Trapp Group (FSP107344)

  • The Mortgage Lab (FSP587228)

  • Responsible for all licensing conditions, including the annual regulatory return

Financial Advisers

  • Must provide advice that complies with MTG’s license obligations

  • File reviews are conducted according to the Compliance Calendar

Business Risk Manager – Rupert Gough

  • Maintains policies and procedures

  • Tracks regulatory change

  • Oversees staff training, testing, and reporting

  • Manages compliance registers (complaints, conflicts, breaches)

Business Owner

  • Retains overall responsibility for compliance, even where activities are delegated

Regulatory Obligations

We monitor compliance with:

  • Financial Markets Conduct Act 2013

  • Financial Services Legislation Amendment Act 2019

  • Code of Professional Conduct

  • Industry guidance, standards, and best practice

We also comply with:

  • Consumer protection law

  • Advertising and promotion rules

  • Employment legislation

  • Privacy and data protection

  • Fair trading requirements

  • Health and safety obligations

To stay current, we:

  • Read updates from FMA and government websites

  • Use legal and compliance advisers

  • Subscribe to industry news

Obligations Register

Our Obligations Register contains:

  • The rule or standard (Act, regulation, code)

  • The reference (e.g. section or clause)

  • The obligation (summary or text)

  • Linked policy or procedure

  • Assigned control(s)

  • Monitoring frequency

  • Responsible person

This register ensures all key obligations are documented, traceable, and assigned.

Monitoring & Control Testing

We test and review business processes throughout the year. Where possible, controls are tested by someone independent of day-to-day operations.

Key Control Principles

  • Controls reduce the likelihood or impact of risks

  • Higher-risk controls are tested more frequently

  • Control design and performance is evaluated using a standard Control Testing Template

Testing Factors

  • Frequency and nature of the control

  • Sample size and relevance

  • Risk rating of the process

  • Dependencies on other controls

  • Exceptions or anomalies

All findings are documented and escalated where necessary.

Control Effectiveness Scale

Each control is rated based on:

  • Design suitability

  • Operational effectiveness

  • Evidence of performance

Reports from control testing feed into SMT reports and compliance planning.

Compliance Assurance Calendar

Recurring and ad hoc obligations are tracked in the Compliance Calendar. This includes:

  • Monthly recurring checks (e.g. CPD reviews, FSPR validation)

  • Board reporting dates

  • Annual review cycles (e.g. PI Insurance, privacy, policies)

The calendar helps ensure:

  • No required action is missed

  • Staff remain accountable

  • Tasks are completed on time

Compliance Assurance Program (CAP)

The Compliance Assurance Program is our formal process for challenging and validating compliance effectiveness. It is:

  • Reviewed and approved annually by the Business Owner

  • Independently conducted (not by day-to-day process owners)

  • Risk-based and focused on high-priority areas

It assesses:

  • Design and operation of controls

  • Policy alignment and staff understanding

  • Business owner and SMT oversight

Reporting

Testing results are summarised in a report to the SMT and Business Owner. The report outlines:

  • What was tested and why

  • Results and exceptions

  • Remediation plans

For questions about your compliance responsibilities, please contact Rupert Gough.

Rupert Gough
Previous

Fit and Proper Attestation
Next

Compliance Assurance Calendar