HR & Compliance – Bridging the Gap in SMCR

Since the introduction of the Senior Managers and Certification Regime (SM&CR), it has been interesting to see how and where firms have allocated most of their resources to comply with the new rules.

Implementation tends to follow one of two strategic approaches: HR-first or Compliance-led – with one of the two departments having overall responsibility for coordinating the firm’s operational activities for SMCR.

The centrality of HR

It is of no surprise that HR plays a central role in the implementation process. After all, HR has always been responsible for attracting new talent, training and career development and managing departing employees. These activities have been hugely impacted by the requirements of SMCR - ensuring new (and existing) employees are ‘fit and proper’, training and professional development, clarifying employees’ roles and responsibilities, managing disciplinary actions and providing more detailed regulatory references to departing employees.

It is reasonable that HR is often put in the driving seat. What could be more natural than the HR department being charged  with a people-focused regime? After all, the ‘statement of responsibilities’ is like a super-charged job spec and evidencing ‘reasonable steps’ involves a large shot of staff training. Right?

The challenge of evidence

Well yes… until the focus swings to evidence. With the regime emphasising personal responsibility and liability, a reliable audit trail is prudent to protect employees in Senior Management Functions (SMFs) and the firm. This is not just a concern at the point of handover for incoming and outgoing SMFs but also an integral part of BAU.

If something goes awry on my watch, how do I demonstrate that  I took reasonable steps to mitigate and prevent breaches in my areas of responsibility?

Reliance on that dusty  old  ‘reasonable steps’ PowerPoint model that an external consultant/lawyer created last year may help, but the existence of an accessible library of actionable day-to-day controls and processes detailing how each SMF controls their area of the business would be much more useful.

The strengths of compliance

Unlike HR, Compliance is  well-versed in the language of rules-mapping and organisational risk and control matrices design. A good compliance team will likely have a comprehensive matrix of applicable regulatory sourcebooks mapped to  the firm’s library of operational controls, along with identified business risks, potential issues, and the Senior Manager or employee ultimately responsible for the activity or business under consideration. But this is often only a snapshot with periodic updates and of questionable utility as a tool for effective operational oversight.

How informative would it be to join up the real-time, people-centric approach of HR, with the detailed risk and control focused practice of Compliance? A detailed end-to-end mapping of people, responsibilities, risks, controls, and rules, dynamically updated in real-time would provide genuine oversight.

Unfortunately, HR and Compliance teams are too often ‘ships that pass in the night’. HR speaks in terms of manager ‘responsibilities’ and Compliance adopts the language of ‘control owners’.  The expected outcomes from these two teams, while distinct, are clearly related. Unfortunately there can be a disconnect in the data, tools and approach, making it difficult to generate consistent and reliable management information reports across the two disciplines.

Bridging the gap

At Ruleguard we have listened long and hard to our clients and bridged the gap. The SM&CR story at Ruleguard does not stop at the list of responsibilities. Instead the actions performed and delegated by the Senior Manager for each responsibility tie across to the Compliance team’s risk and control matrix. This means that both teams are able to speak the same language whilst playing to their strengths.

Unifying HR and Compliance data opens up very powerful use-cases for every stakeholder, and creates the potential for major efficiencies in conducting regulatory visits, internal and external audits, compliance operations, risk management and board reporting.

Most importantly, the firm can spend more time on their business and less time on administration, risk management and compliance. If you would like to understand more about how Ruleguard can help your HR and Compliance teams share data and speak the same language at this time of widespread remote working, please get in touch for a chat.