The Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) in recognising this, issued a joint statement reminding firms of their obligations in these challenging times. A separate statement was also issued by the FCA setting out their expectations for solo-regulated firms.
- Identify instances where the current situation might lead to emerging risks in a Senior Manager’s area of business
- Evaluate the effectiveness of any controls used to manage identified or emerging risks.
Whilst there is no prescriptive approach to documenting risks and controls linked to a Senior Manager in SMCR, reliance on spreadsheets and disparate manual and electronic folders may have a detrimental impact on a firm’s ability to demonstrate compliance should any issues or breaches arise in future.
How do you articulate and document your firm’s overall risk management and control framework?
The following is a non-exhaustive set of practical considerations around the documentation of risks and controls for Senior Managers and any stakeholders responsible for managing compliance with the regime, especially in these challenging and turbulent times:
- Do SMFs have sufficient visibility over key risks and controls in their areas of responsibility?
- How are risks and controls currently documented – in Excel spreadsheets or PowerPoint files?
- Is there a comprehensive library of controls in place to mitigate all SMCR related risks and business areas?
- Are risks and controls appropriately linked back to corresponding SMF responsibilities?
- How are regulatory and individual conduct breaches tracked?
- How do you identify, monitor and remedy gaps caused by regulatory changes?
These are unprecedented and challenging times; the key message from the Regulators to firms is that they continue to develop and implement mitigating actions and operate an effective control environment to support current processes which may have been reliable historically but may not prove effective in the current climate.
Our goal at Ruleguard is to work with SMCR project leads and compliance teams to eliminate the inefficiencies associated with the manual maintenance of large risk and control frameworks. Simple matrices for small firms can arguably be maintained by hand, but for larger firms, a manual approach presents a lose-lose scenario: completeness without practical utility, or vice versa. At Ruleguard, we provide enterprise management software solutions to some of the largest global firms, supporting both objectives: a complete risk and control framework that is practical, usable, and delivers daily governance benefits.
Contact us to discuss how best to manage your risk and controls at scale, with minimal headache.