Many organisations are currently focused on the implementation of regulatory changes impacting revenue generating and business operations such as the new Client Assets Sourcebooks rules and audit requirements, and the Markets in Financial Instruments Directive (MiFID). It is easy to see how they might be inclined to deprioritise addressing the other looming regulatory requirements for 2018, such as Senior Manager and Certification Regime (SM&CR) and General Data Protection Regulations (GDPR).
However, the extent and work involved in execution and compliance of the regulatory requirements is often underestimated. As a result, implementation is often left too late increasing cost and risk, and taking resource focus from business operations, inadvertently impacting revenue generation.
For example, with the Senior Manager Regime, we are finding that some organisations wrongly believe that the majority of work involved is confined to two relatively easy tasks of the creation of the Statement of Responsibilities and the Responsibilities map. However, successful completion of these two pieces of work alone may involve significant effort. This includes realignment of tasks, management and legal entity structure, agreement on split of shared responsibilities and ownership of outsourced services, and all related agreed changes to employment contracts. All of which can be complex and may require discussion, negotiation and most importantly, the time of key resources who would otherwise be earning money or running business processes.
In reality, the requirements of SM&CR are wide ranging and also involve:
- Reviewing and implementing the governance framework, aligned to the Statement of Responsibilities
- Ensuring a robust risk management framework is in place and reporting is available for the Senior Managers to adequately meet their responsibilities –for further reading see- Operational Risk Framework- What does good look like, and how do you get to the right level for your firm?
- Rolling out an appropriate conduct risk training programme
- Embedding an appropriate risk culture within the organisation
- Implementing an annual certification process for Certified persons- objective setting, appraisal, referencing, grievance processes and record keeping may need to be changed so there is the appropriate documentation in place to support an organisation’s assessment of the Certified persons.
However, the good news is that with appropriate upfront planning now, and steady implementation of regulations such as SM&CR, you can ease the burden on your resources and impact on your business operations, and increase the effectiveness of compliance to the regulations as the processes will have had time to embed. Additionally, you will significantly reduce the cost of implementation and likelihood of reliance on expensive external resource at short notice.
1st Risk Solutions can provide the guidance and experience your organisation needs to effectively plan, seamlessly implement and embed the SM&CR requirements. This can be done efficiently with minimal impact on your business activities or resources, and in a highly cost effective manner.
For a discussion on how 1st Risk Solutions can prepare your organisations SM&CR programme and give you the advantage over your competitors, please contact us.