Author - Priscilla Gaudoin - Head of Risk & Compliance - Originally published Sept 2021
Topics: Governance, Culture
Regions and Regulators: Global, FCA, PRA
%2024%20(1).png?width=87&height=93&name=Recognised%20CPD%20Badge%20(transparent)%2024%20(1).png)
How well can your firm demonstrate effective systems and controls?It’s about ensuring that the firm creates the right culture with effective controls and good communication channels.
UK regulated firms are required to comply with the relevant sections of the Senior Management Arrangements, Systems and Controls (SYSC). This covers a wide range of subjects outlining a firm’s duties.
Two key requirements relate to how the business is organised as well as how the compliance team operates. This sourcebook also supports Principle 3, which requires directors to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems to support the governance infrastructure. The compliance arrangements include the requirement for firms to implement adequate policies and procedures to aide risk management.
Policies and Procedures:
Writing down your policies and procedures sets your company’s approach to a given matter. It also helps to communicate to staff the agreed processes and to reinforce the controls implemented to manage risks. For this to be effective, your staff need to understand:
- what they need to do
- how to do given tasks
- who to speak to, to raise queries or concerns and
- why they need to do something.
This creates a consistent process for performing a task or delivering a service. It identifies an escalation process to raise queries or propose changes to a process. Putting things into context means staff better understand the risks of not following the process as well as any repercussions. For example, wilful non-compliance or repeated failure to comply can result in disciplinary action due to the regulatory risk posed. It may impact remuneration packages too. It helps to reinforce the correct behaviours within a firm.
The above describes how you might implement some controls. This is your first line of defence, i.e. your day to day operational controls to manage risks.
The next step is to review how well those processes and controls are working. This is where the compliance team gets involved, your second line of defence. This is usually where the administrative burden becomes obvious.
The firm sets the standard by defining its own process, training staff to understand why it is important as well as the regulatory and personal impact for non-compliance. It also nurtures a culture of compliance with the company policy. You then need to test that the policy and process implemented are effective in managing regulatory risk.
There should be checks in place to support the process. For a simple Gifts and Entertainment policy, checks typically include:
- Board Sign off confirming the policy and procedure are appropriate for the business
- Staff declarations confirm their understanding of what they need to do and when
- Staff training records confirm staff have attended training
- Gifts Register confirms what disclosures have been made and any approvals provided
The compliance team would typically look for evidence of the above.
Collating & Reporting:
It's clear to see the checks and the evidence to be provided. It also highlights that even for a small firm, there are a lot of administrative tasks. Regardless of a firm’s size, it requires a lot of chasing and follow up to get documents reviewed, commented upon and approved.
There’s the roll out of the policy to staff, which needs to demonstrate that staff have received the communication so that you can then follow up and request declarations of understanding. This then needs to link to staff records including training logs, attestations, monitoring results, etc.
Next an updated register where records of any gifts and hospitality received or offered are maintained. Finally, there’s Board reporting to provide reassurance that risks are being managed or to alert them of any identified risks.
With UK audit reforms looming there is talk of director attestations relating to systems and controls. How well can your firm demonstrate effective systems and controls?
How Ruleguard can assist
Ruleguard has a range solutions to help embed compliance as well as demonstrating compliance with the relevant requirements. For example with our checklist and evidence management solution, you firm can easily.
manage daily tasks and oversee their completion with our dashboards
use configurable workflow tools to manage each stage of a process
gather assurance data points that procedures are being followed as intended
store and access supporting evidence to quickly answer queries for oversight and audit purposes
Whilst building a solid audit trail, Ruleguard also helps to embed a culture of compliance within firms.
If you’d like to learn more about the Ruleguard’s Employee Compliance Solutions, please contact us for further information on: Tel: 0800 408 3845 or hello@ruleguard.com.
Book a discovery call
About the author
