Guest Author: Michael Rasmussen, GRC Economist & Pundit, GRC 20/20 Research LLC
Regulation and oversight – what a burden to business. That is the common expression financial services firms have as they respond to 220 regulatory change events around the world every business day. UK Senior Managers Certification Regime is the uber regulation that puts accountability, teeth, and enforcement to other regulations and risk management practices. But is it as bad as it seems? Let’s take a look at some of the positive outcomes that SMCR brings to the financial services organizations.
Over the past few years, there has been a growing focus from financial regulators on accountability for risk, compliance, conduct, and control. Accountability upon senior managers, executives, and directors that makes these individuals personally responsible for the lack of due diligence or negligence in risk management, compliance, and controls. This started with the FCA and the UK’s SMCR and has since gone around the world in a spawn of similar regulations from other financial regulators:
This list will continue to grow and expand as more regulators put greater emphasis on personal accountability upon individuals to ensure the financial services organization does everything it can to manage the conduct within the organization and ensure risk and compliance is properly managed.
The financial services organization can either see this as an inconvenience or embrace it as the way of the future and a method to drive greater performance in the organization, through layers of structured accountability and responsibility to ensure the organization reliably achieves with conduct that aligns with the integrity of the organization.
The Polish poet, Stanislaw Lec, stated; “No snowflake in an avalanche ever feels responsible.” Too often, issues and risk events lead to a lot of finger-pointing. Accountability regulations define specific roles and accountability structures to clearly define who is responsible. If a financial services organization desires to achieve objectives, it needs accountability. Accountability from the top that extends down into the depths of operations and transactions. When a senior executive is personally accountable, you can have greater assurance that risk, compliance, and control are going to be given more attention to. Accountability is a good thing from the organization perspective.
Greater structures of accountability and control lead to consistent business processes and outcomes. This enables the financial services firm to reliably achieve objectives because there are stronger oversight and accountability.
Structured accountability brings a greater focus on risk management. Risk, as defined by ISO 31000, “is the effect of uncertainty on objectives.” As senior managers are accountable for risk management, they are going to spend more time understanding the uncertainty that risk and exposure bring to the firm and therefore have stronger risk management practices in place.
Financial services firms today are complex and interconnected. Organizations strive to reliably achieve objectives while addressing uncertainty and act with integrity. But the chaos, complexity, continuous change, and disruptive risk and regulatory environments make this challenging. In today’s world, particularly in financial service organizations, the little things matter. What may seem small and insignificant intersects with other risks and becomes a huge threat to an organization. Having structured accountability in place means that the senior managers are going to desire greater clarity on the impact of change to ensure that risk and compliance are addressed in the context of change.
Structured personal accountability leads to a stronger culture. The regulators, such as the FCA and PRA, see this as the driving opportunity for SMCR. The regulation is aimed to improve genuine and true accountability in firms and to navigate away from the bureaucracy that hinders responsibility. This will bring positive change internally to the organization, as it aligns itself to act with integrity across the organization and steps away for behavior that could be outlined as grey.
Compliance does not have to be a burden. Understood in context, it can be used as a driver for change, stronger culture, greater accountability, and enable the reliable achievement of objectives while addressing uncertainty and acting with integrity.
SureCloud is a provider of cloud-based, Integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk. SureCloud connects the dots with Integrated Risk Management solutions enabling you to make better decisions and achieve your desired business outcomes. SureCloud is underpinned by a highly configurable technology platform, which is simple, intuitive and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation; meaning you get immediate and sustained value from the outset. SureCloud has been recognized in the 2019 Gartner Magic Quadrant for Integrated Risk Management Solutions.
Still feeling overwhelmed by the SMCR implementation date in December? Don’t know how you’ll manage your program? Then read our latest blog where we debate whether spreadsheets are enough to manage your SMCR processes HERE.