Interactive Guide for Third-Party Validations on Client Protection
This guide contains five key sections designed to help you explore specific topics in detail. Click on each section to dive deeper, and feel free to navigate between sections at any point during your journey. Enjoy!
Types
Conduct
Selection
2nd opinion
Other
Home page
Other
Types
Conduct
Selection
2nd opinion
Types of third-parties
There are 2 types of third-parties:
Click on the icons to learn more.
Individuals that have been trained by Cerise+SPTF; we recommend that they
work in a team of two, as per best practice for objectivity and balance in
opinion.
Organizations: Legal entities such as rating agencies, audit or consulting firms
who have a managerial and organization structure
Cerise+SPTF supports all types of third-party validations, regardless of their legal
status. But, there are pre-requisites thet we recommend for each type.
Other
Types
Conduct
Selection
Our opinion
Underlying principles of professional conduct
There are fundamental
ethical and professional principles that third-party providers should adhere to as it is crucial to gain
confidence in the quality and comparability of their validation.
Here comes the OCAC Principles!
Solve the crosswords by selecting the correct word to know all about the OCAC principles:
To build and maintain confidence, it is crucial that observations and
opinions made by a third-party are based on an evidence of
conformity (or non-conformity), and that its decisions are not influenced
by other interests or by other parties.
Objectivity
Subjectivity
The third-party ensures that it has the qualifications / designates qualified staff to conduct and review assessments. Continuous capacity building and knowledge management ensure that all the acquired experience is maintained and used in further assignments.
Componenet
Competence
The third-party has the responsibility to compile and assess sufficient objective evidence upon which to base its opinion. It is able to provide material evidence to justify its observations. It addresses any questions, complaints or appeals.
Accountability
Collaboration
Third-parties, including if relevant, their directors, their employees and contractors, ensure privacy of information about their clients at all times and should ensure that it obtains systematic and prior written agreement from all its clients to store data on SPI online.
Credentiality
Confidentiality
Other
Types
Conduct
Selection
2nd opinion
When selecting a third-party:
Click on the numbers and icons to learn more about the selection criteria
01
02
03
Technical proposal
Request a detailed technical proposal that covers the objective, scope of work, methodology, team, and outline of activities that will be carried out.
Evaluation
Evaluate several proposals in detail.
The framework
Check if the third-party uses the relevant Client Protection Standards and
framework.
Other
Types
Conduct
Selection
2nd opinion
Interested in getting a second opinion? You can request Cerise+SPTF to conduct a desk review
The output of the second opinion will be either:
Share the following necessary information with Cerise+SPTF:
- Summary report delivered to the client
- Exported file from SPI Online: CP Full export & CP Full report
- Completed APR Benchmarking & Estimation tool
- Completed CP4 Companion Tool
- Details on the on-site visit and methodology
- Details on the branch and client visits
- This report complies with the Cerise+SPTF methodology and framework.
- This report doesn’t comply with the Cerise+SPTF methodology and framework for the following reasons (one-page maximum)
- This report doesn’t provide sufficient information to be able to draw an opinion.
Want Cerise+SPTF opinion?
Please contact Cerise+SPTF by email cppathway@sptfnetwork.org to request a quote and launch the process.
Other
Types
Conduct
Selection
2nd opinion
Expertise
Disclosure
Experience in the industry. The third-party must have demonstrable experience providing services in at least one of the sectors: banking, or inclusive finance, and/or social business and financial service customer protection. Competence. The key competence of third-party staff or individual should include interview skills and audit techniques appropriate to this kind of assignment, and the ability to apply required knowledge and skills during the validation. Training on CP. All persons involved in third-party validation should have successfully completed at a minimum the level 2 in-depth training provided by Cerise+SPTF on client protection. At least one person in the process must have a level 3 qualification.
Cerise+SPTF recommends that third-party validation reports be made publicly available on the third-party organization’s website and/or the FSP’s website, or through any accessible communication channel as appropriate.It can also be reported by the FSP to Cerise+SPTF so that it appears online on the list of institutions on the CP Pathway.
Cerise+SPTF framework
- ALL indicators - NO EXCEPTION - should be scored using the SPI CP Full tool. The organization is considered compliant if all parts of the indicator are fulfilled or implemented to the letter, with relevant evidence and justification.
- The validations should be conducted in-person and on-site.
- Triangulation of the information collected through a variety of sources: People (interviews) – Paper (review of documentation) – Practice (visits to the field, talking to field staff and to clients).
Resources
- The SEPM Guide which details - for each CP indicator - the sources of information and evidence to provide, as well as concrete steps for implementation
- SPI Online and its range of tools; more specifically CP Full.
- The CP training and qualification program.
- The SEPM Pros Network with qualified auditors available to support FSP in their third-party validation.
- Standardized Terms of Reference for a third-party validation
The end
Thanks!
Any organization wishing to
conduct third party validations – it should:
In case the organization uses consultants to carry out the assessment, these consultants should meet the conditions of an individual third-party. The third-party organization should notify its client about the use of a sub-contractor, and the notification should cover aspects relating to confidentiality and to independence from commercial and other interests
Have an organisational structure, working procedures and quality control systems. Have a formally appointed committee that is independent from the assessment team, that reviews and discusses each CP assessment, and where at least one of its members is a CP qualified auditor. Assign appropriate staff with the necessary experience and qualifications for the scope of the assessment being provided. If applicable, have a clear segregation of services. If the organization provides other services (i.e., consulting, pre-certification, assessments, advisory), the staff involved in these services should not be involved in external validation or certification, and management should have a policy regarding the management of potential conflict of interest between the various services offered Be regularly engaged in the application and trainings around the USSEPM standards and assessment methodologies
Any Individual wishing to
conduct third party validations – they should:
Be a CP qualified auditor and an active member of the SEPM Pros Network
Be independent from the FSP they assess (e.g.: not having provided any technical assistance to this FSP in the past 3 years) Be regularly engaged in the application and trainings around the USSEPM standards and assessment methodologies
Cerise+SPTF monitors the engagement of all the SEPM Pros in SEPM and CP
activities, at least annually. Cerise+SPTF reserves the right to withdraw any individual from
the network.
Guidelines for Third-Party Validations on Client Protection
Cerise+SPTF
Created on September 2, 2024
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Practical Microsite
View
Essential Microsite
View
Akihabara Microsite
View
Essential CV
View
Akihabara Resume
View
3D Corporate Reporting
View
Corporate CV
Explore all templates
Transcript
Interactive Guide for Third-Party Validations on Client Protection
This guide contains five key sections designed to help you explore specific topics in detail. Click on each section to dive deeper, and feel free to navigate between sections at any point during your journey. Enjoy!
Types
Conduct
Selection
2nd opinion
Other
Home page
Other
Types
Conduct
Selection
2nd opinion
Types of third-parties
There are 2 types of third-parties:
Click on the icons to learn more.
Individuals that have been trained by Cerise+SPTF; we recommend that they work in a team of two, as per best practice for objectivity and balance in opinion.
Organizations: Legal entities such as rating agencies, audit or consulting firms who have a managerial and organization structure
Cerise+SPTF supports all types of third-party validations, regardless of their legal status. But, there are pre-requisites thet we recommend for each type.
Other
Types
Conduct
Selection
Our opinion
Underlying principles of professional conduct
There are fundamental ethical and professional principles that third-party providers should adhere to as it is crucial to gain confidence in the quality and comparability of their validation.
Here comes the OCAC Principles!
Solve the crosswords by selecting the correct word to know all about the OCAC principles:
To build and maintain confidence, it is crucial that observations and opinions made by a third-party are based on an evidence of conformity (or non-conformity), and that its decisions are not influenced by other interests or by other parties.
Objectivity
Subjectivity
The third-party ensures that it has the qualifications / designates qualified staff to conduct and review assessments. Continuous capacity building and knowledge management ensure that all the acquired experience is maintained and used in further assignments.
Componenet
Competence
The third-party has the responsibility to compile and assess sufficient objective evidence upon which to base its opinion. It is able to provide material evidence to justify its observations. It addresses any questions, complaints or appeals.
Accountability
Collaboration
Third-parties, including if relevant, their directors, their employees and contractors, ensure privacy of information about their clients at all times and should ensure that it obtains systematic and prior written agreement from all its clients to store data on SPI online.
Credentiality
Confidentiality
Other
Types
Conduct
Selection
2nd opinion
When selecting a third-party:
Click on the numbers and icons to learn more about the selection criteria
01
02
03
Technical proposal
Request a detailed technical proposal that covers the objective, scope of work, methodology, team, and outline of activities that will be carried out.
Evaluation
Evaluate several proposals in detail.
The framework
Check if the third-party uses the relevant Client Protection Standards and framework.
Other
Types
Conduct
Selection
2nd opinion
Interested in getting a second opinion? You can request Cerise+SPTF to conduct a desk review
The output of the second opinion will be either:
Share the following necessary information with Cerise+SPTF:
Want Cerise+SPTF opinion?
Please contact Cerise+SPTF by email cppathway@sptfnetwork.org to request a quote and launch the process.
Other
Types
Conduct
Selection
2nd opinion
Expertise
Disclosure
Experience in the industry. The third-party must have demonstrable experience providing services in at least one of the sectors: banking, or inclusive finance, and/or social business and financial service customer protection. Competence. The key competence of third-party staff or individual should include interview skills and audit techniques appropriate to this kind of assignment, and the ability to apply required knowledge and skills during the validation. Training on CP. All persons involved in third-party validation should have successfully completed at a minimum the level 2 in-depth training provided by Cerise+SPTF on client protection. At least one person in the process must have a level 3 qualification.
Cerise+SPTF recommends that third-party validation reports be made publicly available on the third-party organization’s website and/or the FSP’s website, or through any accessible communication channel as appropriate.It can also be reported by the FSP to Cerise+SPTF so that it appears online on the list of institutions on the CP Pathway.
Cerise+SPTF framework
Resources
The end
Thanks!
Any organization wishing to conduct third party validations – it should:
In case the organization uses consultants to carry out the assessment, these consultants should meet the conditions of an individual third-party. The third-party organization should notify its client about the use of a sub-contractor, and the notification should cover aspects relating to confidentiality and to independence from commercial and other interests
Have an organisational structure, working procedures and quality control systems. Have a formally appointed committee that is independent from the assessment team, that reviews and discusses each CP assessment, and where at least one of its members is a CP qualified auditor. Assign appropriate staff with the necessary experience and qualifications for the scope of the assessment being provided. If applicable, have a clear segregation of services. If the organization provides other services (i.e., consulting, pre-certification, assessments, advisory), the staff involved in these services should not be involved in external validation or certification, and management should have a policy regarding the management of potential conflict of interest between the various services offered Be regularly engaged in the application and trainings around the USSEPM standards and assessment methodologies
Any Individual wishing to conduct third party validations – they should:
Be a CP qualified auditor and an active member of the SEPM Pros Network Be independent from the FSP they assess (e.g.: not having provided any technical assistance to this FSP in the past 3 years) Be regularly engaged in the application and trainings around the USSEPM standards and assessment methodologies
Cerise+SPTF monitors the engagement of all the SEPM Pros in SEPM and CP activities, at least annually. Cerise+SPTF reserves the right to withdraw any individual from the network.