Toggle Menu
Request a demo Contact us Resources

Guest Author: Michael Rasmussen, GRC Economist & Pundit, GRC 20/20 Research LLC

 

The importance of stages

Climbing a mountain like Mount Everest is not done haphazardly. It takes careful planning and an organized route. It also involves breaking the trek up the mountain into stages. One does not simply run up Mount Everest. You climb a mountain like Everest too quickly . . . you die. Tackling a trek up a large mountain is broken into stages that are manageable and allow for proper recovery and review of plans before the next ascent.

The same approach is done with a significant regulation, like UK SMCR in the financial services industry. UK SMCR is a significant shift in accountability, communications, attestation, and certification of staff in a financial services organization. As with other significant regulations, financial services firms are tackling UK SMCR in stages.

 

Beginning your SMCR journey

The first stage of the UK SMCR trek was mapping and aligning senior management functions in the organization. This was foundational and like getting to the first base camp of the UK SMCR Everest. You cannot manage accountability and certification if you do not have the responsibility maps and roles defined.

 

The run up to the 9th of December 2019: SMCR implementation date

The second stage of UK SMCR climb was to define the certification and attestation process for Senior Management Functions and Certification Staff. This involved communicating conduct rules (essentially policies) to these roles and gathering attestations. It also involved laying down the process, often with manual workflow and documentation in documents and emails, of certifying staff and communicating with the regulators. This had to be in place for nearly 50,000 firms by December 5, 2019 just over a month back.

 

SMCR in 2020 and beyond: time for automation and sustainability

We are now entering the third stage of the ascent up the UK SMCR mountain. This involves the automation of UK SMCR processes. UK SMCR is not going away and financial service organizations need to make it sustainable. This requires that financial services firms address the requirements and process that has already been defined in the first two stages and leverage technology to make these processes efficient to reduce time and cost involves, to make them effective in meeting requirements and providing greater accountability in senior management functions, but also making them agile as the organization is dynamic and roles and risks change and accountability and process needs to be kept current in a dynamic organization.

 

Why you need technology for your SMCR processes

It is critical that financial services organizations leverage technology now to drive efficiency, effectiveness, and agility in UK SMCR processes as the scope of UK SMCR broadens in 2020. Up until now the communication of conduct rules was required for senior management functions and certification staff. In 2020 this requirement of communicating conduct rules and tracking attestation to these policies applies to everyone in the financial services organization except for ancillary staff (e.g, receptionists, caterers). This significantly expands the number of communications, tasks, attestations, to nearly every employee in the organization. Financial service organizations that approach this in manual processes will be buried in documents, spreadsheets, and emails that take significant time to manage and report on, but also often lack proper evidence trails. Technology for UK SMCR provides a defensible compliance record of these attestations and communications while making UK SMCR processes more efficient, effective, and agile.

 

Staying on top and gaining visibility

Then there is the final trek up the last stage of the UK SMCR mountain. That is where the organization needs to carefully think through the different roles of Senior Management Functions and their risk, compliance, and control accountabilities in each of these areas. These functions need dashboards and reports into their respective accountability areas so they know the organization is managing these risk domains and avoiding negligence issues that could put the senior management function in personal liability.

However, once the financial services organization has reached the top of the UK SMCR mountain . . . the journey is not over. The organization is constantly changing. Employees are changing. Senior management functions are changing. Risks are changing. Regulations are changing. UK SMCR needs to be sustainable in a dynamic environment. This requires that financial services organization leverage technology to manage UK SMCR in context of change.

How can we help?