ZYC-COM-001 Compliance Oversight Policy

Purpose

To define how Zeyro identifies, monitors, and reports compliance risk under the UK MiFID framework and Section 21 financial-promotion regime. This policy ensures compliance activities are independent, risk-based, and proportionate to our scale and business model.

Scope

Applies to all Zeyro functions subject to FCA supervision, including:

  • Financial-promotion approvals (cryptoasset and OFR)

  • Facilities-service arranging activity

  • Governance, AML, and operational controls

Policy Statement

Zeyro maintains a single, integrated compliance framework overseen by the MLRO (SMF 16 & 17). Compliance oversight is continuous, data-driven, and aligned with the firm’s Business-Wide Risk Assessment (BWRA). The Board retains ultimate accountability for compliance, with operational monitoring delegated to the MLRO.

Oversight Framework

1. Compliance Planning

  • The MLRO prepares an annual Compliance Monitoring Plan (CMP) based on the BWRA and known regulatory priorities.

  • The plan defines the scope, frequency, and methodology of monitoring for each business line.

2. Monitoring & Testing

Monitoring includes:

  • Desk-based reviews of approvals, onboarding files, and risk scoring.

  • Periodic deep-dives into high-risk areas identified in the BWRA.

  • Control testing of DotFile, Microsoft 365, and Atlassian-Suite workflows.

  • Follow-up tracking in Jira Service Management until all actions are closed.

Results are documented in the CMP workspace within Confluence.

3. Issue Escalation & Reporting

  • Material breaches or control failures are logged in the Breach Register and reported to the Board within 10 business days.

  • The MLRO produces a quarterly Compliance Report summarising findings, trends, and remedial actions.

  • Urgent issues are escalated immediately to the Board Chair or Non-Executive Director (Giles Swan).

4. Continuous Improvement

Monitoring outcomes inform updates to:

  • the BWRA;

  • the CMP; and

  • relevant policies and procedures.

Controls risk: ensures feedback from monitoring directly improves governance and control effectiveness.

Roles and Responsibilities (RACI)

Role

Responsibility

Accountability

Consulted / Informed

Operational Staff

Operate controls; cooperate with reviews; implement actions.

MLRO

MLRO / Board

MLRO (SMF 16 & 17)

Design CMP; conduct monitoring; report breaches; maintain registers; update policies.

Board

Operational staff

Board

Approve CMP and policies; review quarterly reports; ensure adequate resources.

MLRO

Non-Executive Director (Giles Swan)

Provide independent challenge and oversight of compliance reporting.

Board

MLRO

Controls risk: assigns clear lines of responsibility and escalation consistent with FCA SYSC 6 and SMCR principles.

Review

This policy and the Compliance Monitoring Plan are reviewed annually or earlier if there are regulatory or structural changes.

Document Control

Field

Details

Policy Code

ZYC-COM-001

Policy Title

Compliance Oversight Policy

Document Owner

Gareth Malna – MLRO (SMF 16 & 17)

Responsible Reviewer(s)

Zeyro Board

Version

v 1.0

Date Approved

October 2025

Next Scheduled Review

October 2026

Change History

v 1.0 (Oct 2025): Initial publication defining compliance oversight structure and risk-based monitoring approach aligned with BWRA.

Classification

Internal policy – distributed to all staff; available to regulators on request.

PreviousZYC-RISK-001 Risk Management PolicyNextZYC-CON-001 Conflicts of Interest Policy

Last updated