corporate culture
Recognised CPD Badge (transparent) 24 (1)
Corporate Governance isn’t just about who sits on your board and how often the board meets. It’s about the systems and controls as well as the standards set within a firm.

It’s about ensuring that the firm creates the right culture with effective controls and good communication channels.

UK regulated firms are required to comply with the relevant sections of the Senior Management Arrangements, Systems and Controls (SYSC). This covers a wide range of subjects outlining a firm’s duties.

Two key requirements relate to how the business is organised as well as how the compliance team operates. This sourcebook also supports Principle 3, which requires directors to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems to support the governance infrastructure. The compliance arrangements include the requirement for firms to implement adequate policies and procedures to aide risk management. 

Policies and Procedures:

Writing down your policies and procedures sets your company’s approach to a given matter. It also helps to communicate to staff the agreed processes and to reinforce the controls implemented to manage risks. For this to be effective, your staff need to understand: 

  • what they need to do
  • how to do given tasks
  • who to speak to, to raise queries or concerns and
  • why they need to do something. 

This creates a consistent process for performing a task or delivering a service. It identifies an escalation process to raise queries or propose changes to a process. Putting things into context means staff better understand the risks of not following the process as well as any repercussions. For example, wilful non-compliance or repeated failure to comply can result in disciplinary action due to the regulatory risk posed. It may impact remuneration packages too. It helps to reinforce the correct behaviours within a firm. 

The above describes how you might implement some controls. This is your first line of defence, i.e. your day to day operational controls to manage risks.The next step is to review how well those processes and controls are working. This is where the compliance team gets involved, your second line of defence. This is usually where the administrative burden becomes obvious. 

The firm sets the standard by defining its own process, training staff to understand why it is important as well as the regulatory and personal impact for non-compliance. It also nurtures a culture of compliance with the company policy. You then need to test that the policy and process implemented are effective in managing regulatory risk. 

There should be checks in place to support the process. For a simple Gifts and Entertainment policy, checks typically include: 

  • Board Sign off confirming the policy and procedure are appropriate for the business
  • Staff declarations confirm their understanding of what they need to do and when
  • Staff training records confirm staff have attended training
  • Gifts Register confirms what disclosures have been made and any approvals provided 

The compliance team would typically look for evidence of the above. 

Collating & Reporting: 

It's clear to see the checks and the evidence to be provided. It also highlights that even for a small firm, there are a lot of administrative tasks. Regardless of a firm’s size, it requires a lot of chasing and follow up to get documents reviewed, commented upon and approved. 

There’s the roll out of the policy to staff, which needs to demonstrate that staff have received the communication so that you can then follow up and request declarations of understanding. This then needs to link to staff records including training logs, attestations, monitoring results, etc. 

Next an updated register where records of any gifts and hospitality received or offered are maintained. Finally, there’s Board reporting to provide reassurance that risks are being managed or to alert them of any identified risks. 

With UK audit reforms looming there is talk of director attestations relating to systems and controls. How well can your firm demonstrate effective systems and controls? 

How Ruleguard can help you: 

Ruleguard is an industry-leading software platform designed to help regulated firms manage the burden of evidencing and monitoring compliance. It has a range of tools to help firms fulfil their obligations across the UK, Europe and APAC regions. 

Get in touch with the Ruleguard team to learn more on: 020 3965 2166 or hello@ruleguard.com

Compliance & Board Assurance_  Getting it Right


Ruleguard hosts regular webinars, to register your interest please click here.

Ruleguard - FCA Strategy - Whitepaper-1

White Papers

Find more in-depth discussion in our white papers. 

Further resources: 

See our blog page for further articles or join our mailing list to keep updated 

Visit our website to find out more about how Ruleguard can help: 

Contact the author 


Head of Client Regulation| Ruleguard