Managing regulatory risk should be a priority for regulated firms, but how well does a board understand its obligations? How does a board gain assurance that its regulatory risks are managed effectively?
Recently the Australian Prudential Regulation Authority (APRA) published an article to its regulated firms to help them “stay out of the headlines”. UK supervisors also issue guidance and statements via their websites, but perhaps they don’t signpost it so well.
Impact of compliance failure:
The Australian article touches upon themes that will be familiar to all. Failure to manage regulatory risk can result in:
heavy penalties for both firms and individuals
reputational damage putting a firm out of business (eg Enron) and
it can impact consumers and reduce trust in financial services sector (eg 2008 financial crisis)
This last point is at the forefront of many regulatory agendas. It is a common regulatory objective worldwide.
Recent years have seen many regulatory bodies adopting a harder stance by introducing greater accountability at an individual level. In the UK, we have the Senior Managers & Certification Regime, but other regulators have either implemented or are introducing similar regimes.
Regulatory risk is the firm’s ability to comply with both legislation and regulation as well as internal standards. The key is for a firm to identify and comply with obligations pertinent to its business activities. For example, a financial adviser’s regulatory profile will differ from that of a fund manager.
A firm’s regulatory obligations will be driven by the firm’s authorised permissions as well as which regulated activities are conducted and how those activities are performed. Other factors will also have a bearing on the firm’s regulatory risk including whether it is:
dual- or solo regulated firm
a member of group structure
conducting business cross-border
responsible for any third parties, including agents or appointed representatives
has outsourcing arrangements
All of the above factors may have a bearing on how specific requirements need to be followed.
Consequently, firms must be cautious when looking at other firms and adopting similar business practices. One size does not fit all, and guidance exists to encourage a proportionate approach. Firms need to adopt processes and controls that fit their size, services, complexity… and clients.
It follows that firms need to identify which rules and legislation impact their activities, identify and manage any regulatory risks. In addition, where firms consider expanding their operations perhaps into other regions, outsourcing or investing in new technology, boards need to understand how that impacts their regulatory risk profile. What new risks does the project pose? How will those risks be managed? What regular management information will be needed? How will a board know if a risk is slowly crystallising and step in when needed?
Firms need to ensure that they have a compliance strategy that matches their business and risk profile. That strategy should include how a firm continues to monitor and assess its systems and controls. Supporting evidence and an audit trail help a firm to demonstrate not just that it has complied with its obligations, but how it has done so. Additionally, the firm needs to demonstrate who is accountable for certain activities and support those individuals to fulfil their oversight responsibilities.
Ruleguard is here to assist:
Traditional compliance documentation and monitoring is manual and happens only periodically. With Ruleguard, key areas of compliance can be automated and put under direct review by appropriate individuals across the business. This means that monitoring can be embedded directly into business-as-usual processes, vastly simplifying the process and significantly reducing the overhead required to carry it out.
Ruleguard has the potential to revolutionise what your firm understands by compliance monitoring and deliver best-in-class governance, oversight and management of compliance risk.
Ruleguard is an industry-leading software platform designed to help regulated firms manage the burden of evidencing and monitoring compliance. It has a range of tools to help firms fulfil their obligations across the UK, Europe and APAC regions.
Please contact us for further information on:
Tel: 020 3965 2166 or email@example.com
Ruleguard hosts regular events.
To register your interest or learn more, please click here.
Request a complimentary copy of our White Paper on Best Practice in Third-Party Risk Management click here.
Visit our website to find out more about how Ruleguard can help:
Contact the author
Head of Client Regulation| Ruleguard