Systems and Controls
10.1 Data Protection
ShareIn have a Data Protection Policy and Framework in respect of the General Data Protection Regulations (GDPR) and the Data Protection Act (2018). We are also registered with the Information Commissioner for data protection purposes, and our license number is ZA029742.
GDPR sets out data protection principles, individual data rights, and defines lawful bases for processing. Crucially the regulation further defines specific responsibilities for data controllers and data processors, and places obligations on controllers to ensure that their processors comply with the GDPR.
The purpose of the documents ShareIn have is to set out our commitment for protecting all personal data that we process and outlines how we implement that commitment with regards to the collection, use and storage of personal data.
10.2 Business Continuity
Every organisation can experience a serious incident that can prevent it from continuing normal operations. Therefore, the FCA requires all regulated firms to regularly test and review their business continuity plans. Such reviews should ensure we have systems and processes in place which enable us to cope with major operational disruptions from high-risk events.
The ShareIn Business Continuity Plan details these provisions. If a serious incident occurs, which results in us being unable to continue normal FCA related operations, we must notify the FCA as soon as possible and explain the steps we are taking to deal with the consequences.
Outsourcing is an arrangement of any form between ShareIn and a third party by which the third party performs a process, service or activity which would otherwise be undertaken by us.
We may delegate any of our critical or important operational functions or investment services on an ongoing basis, provided reasonable steps are taken to avoid undue additional operational risk. No outsourcing can be undertaken if internal systems and controls were to be materially weakened and regulatory obligations were to be seriously compromised.
The ShareIn Outsourcing Procedure discusses this in detail.
It is essential we keep orderly business and internal organisation records. Such records must include details of all services and transactions we undertake. These records must be sufficient to enable the FCA to monitor our compliance with regulatory requirements and have particular regard to compliance with all obligations in respect of clients.
All records must be stored in an easily retrievable manner that would allow the FCA to access them readily and to reconstitute each key stage of the processing of each transaction. Furthermore, it must be possible for any corrections or amendments and the contents of records prior to such corrections or amendments to be easily ascertained. It must also be impossible for records to be altered or manipulated.
ShareIn use several different tools for record-keeping, as outlined below:
- ShareIn Invest & ShareInPay– The ShareIn platform.
- ShareInComply – The tool used to manage client monies.
- Trello – Trello is a tool used by ShareIn to manage tasks and projects in collaboration with our clients.
- Dropbox - ShareIn use Dropbox as our shared folder to store files used within ShareIn and our clients.
The FCA record-keeping requirements stipulate retention periods varying from one year to six years. Further detail on this can be found in the ShareIn Data Retention and Archiving Policy.
The FCA operates an electronic reporting system known as GABRIEL (gathering better regulatory information electronically) for the collection, validation, and storage of regulatory data. Details of the financial reporting requirements applicable to regulated firms can be found in SUP 16.12 (integrated regulatory reporting). This section of the FCA Handbook includes details of the reporting requirements for firms (other than ‘authorised professional firms’) carrying on any of the regulated activities highlighted within each of 10 regulated activity groups.