ZYC-REG-001 – Register Suite
Purpose
To define Zeyro’s approach to maintaining accurate, consistent, and auditable registers that evidence compliance activity, support monitoring, and demonstrate effective governance.
Scope
Applies to all registers maintained within Jira. Covers both regulatory and internal control logs used across Zeyro’s business, including financial crime, governance, operational, and culture domains.
Policy Statement
Registers are a core component of Zeyro’s compliance memory. Each register provides evidence of control effectiveness, supports the Compliance Monitoring Plan (ZYC-COMP-MON), and enables timely reporting to the Board and regulators. Entries must be:
accurate and factual;
created promptly after the relevant event; and
retained for at least five years (or longer if required by law).
Register Structure
Register Name
Purpose
Maintained In
Owner
Reviewed By
Linked Policies
Conflicts Register
Records actual or potential conflicts of interest and mitigation actions.
Jira
MLRO
Board (quarterly)
Gifts & Hospitality Register
Logs all gifts, entertainment, and hospitality offered or received.
Jira
MLRO
Board (quarterly)
Financial Promotions Register
Tracks approved, withdrawn, and prohibited promotions (crypto & funds).
Jira Service Management
Operational Team
MLRO / Board (quarterly)
Client Due Diligence Register
Summarises onboarding outcomes, DotFile risk ratings, and review cycles.
DotFile
Operational Team
MLRO (quarterly)
Complaints Register
Records all complaints and feedback from clients or end-users.
Jira
MLRO
Board (quarterly)
Training Register
Tracks completion of mandatory and role-specific training.
Confluencec
MLRO
Board (annual)
Breaches & Incidents Register
Logs breaches, near-misses, and corrective actions.
Jira
MLRO
Board (quarterly)
Outsourcing Register
Lists third-party providers and ongoing risk assessments.
Jira
Operational Team
MLRO / Board (annual)
Cryptoasset Risk Register
Captures manual risk ratings for cryptoassets, funds, and promotions.
Jira
Operational Team
MLRO (quarterly)
Board Action Tracker
Tracks Board decisions, reviews, and follow-up items.
Jira
Company Secretary
Board (ongoing)
Operation
All registers are implemented as Jira issue types under the “Compliance & Governance” project.
Each register type has defined fields, workflows, and review triggers configured in Jira.
Updates must be made within five working days of any relevant event.
Closed records remain in Jira indefinitely; none are deleted.
Register dashboards provide real-time summaries for the MLRO and Board.
A Quarterly Compliance Report summarises movements across all registers.
Oversight and Escalation
Quarterly Review: The MLRO reviews all registers for completeness and accuracy prior to each Board meeting.
Board Oversight: The Board reviews extracts of key registers (conflicts, gifts, breaches, complaints, and promotions).
Escalation: Material issues are escalated through Jira workflows and, if necessary, reported to the FCA under SUP 15.
Record Retention
All register entries and attachments are retained in Jira for at least five years from the date of closure, or six years for entries that relate to FCA notifications or financial promotions. Jira’s audit log ensures data immutability and traceability.
Linkages
Compliance Monitoring Plan (ZYC-COMP-MON): uses Jira register data as evidence for testing.
Compliance Handbook (ZYC-COMP-HDBK): defines governance and reporting of registers.
Risk Management Policy (ZYC-RISK-001): integrates register findings into residual risk scoring.
Document Control
Field
Details
Document Code
ZYC-REG-001
Document Title
Register Suite
Document Owner
Gareth Malna – MLRO (SMF 16 & 17)
Responsible Reviewer(s)
Zeyro Board
Version
v 1.0
Date Approved
October 2025
Next Scheduled Review
October 2026
Change History
v 1.0 (Oct 2025): Updated to reflect Jira as register system of record, replacing Confluence references.
Classification
Internal document – available to regulators on request.
Last updated