The enactment of the U.K.’s Senior Managers Regime (SMR) and Certification Regime (CR) is arguably the talk of the City of London (and Canary Wharf for that matter). But what are banks doing to adapt to the new standard when it comes to their technology infrastructure? Brian Gregory EMEA vice president for Non-Financial Risk at risk and regulatory technology firm Wolters Kluwer, provides FinTech Finance with his views…
Following the enactment of the SMR and the CMR many firms to take a hard look at internal processes resulting from increased direct accountability. This is the case both from a technological system and cultural perspective, to make this level of governance a reality. And an integrated and centralized governance solution can help banks adapt their business to thrive under the standard.
Writing in a new white paper, Senior Managers Regime: Paving the Way for a New Era of Responsibility, I note how with the scope of the SMR and CR, not to mention the expectations from regulatory authorities, still taking shape. With this in mind the steps firms take now to demonstrate sound governance and operational excellence will make for a smoother transition.
Enterprise-wide governance and cultural transformations are not new concepts. It’s been nearly a decade since the financial crisis exploded and firms have been keenly and diligently working to build back what was lost as well as pave the way for a new era. What the SMR and CR provide are a chance to revitalize and improve existing frameworks against more defined parameters.
Modern firms are increasingly complex – they operate across borders, offering myriad services. They run their operations on an array of IT systems and deliver service through multiple electronic channels. They answer to numerous regulators in many jurisdictions, and must keep pace and comply with hundreds of different global, regional and local rules – some of them potentially conflicting. Additionally, most firms grow by merger and acquisition, creating a tangled mess of processes, cultures and operating models. It’s a landscape that’s fraught with gaps, silos, broken links, duplications and oversights, all of which create chinks where risk can lurk. A firm’s map of responsibility can be the antidote to these intricacies, at least from an oversight perspective, as they serve as a blueprint for certification and governance. The maps are meant to demonstrate to the regulators as well as to the firm itself that first and foremost everyone understands the level of responsibility for roles throughout the organization and has linked it all together. These maps will highlight how complicated operations are, where operations do and do not intersect and where they should, who oversees what function, which functions are squarely under the realm of one role and which are only tangentially connected. They should not only underpin the cultural goals firms have set but also act as the reference for what kind of centralized system should play a part in the transition to supporting personal accountability and sustainable, organization-wide governance so that any breakdowns in processes are immediately apparent.
Relevant firms are now expected to adhere to a litany of guidelines affecting personal responsibility and codes of conduct. With the emphasis on transparency and controls as well as the connotations of what “responsibility” and “competency” really mean, it’s especially important for the Board, executives and Human Resources department to visibly and tangibly participate in upholding the codes of conduct and the culture changes that need to go along with it.
Of course, most firms already have governance systems in place, with more automated features than in the past. But many of these consist of different systems built using different technology and operate in silos, ensuring risks are controlled and compliance is met only within a specific area and potential hazards may not be shared at an organizational level. The challenge now is to streamline these existing, disparate systems so everything is connected, embedding an ongoing practice of testing and controls.
In fact, it is no longer commercially viable to leave governance and risk management solely to individual teams or departments. Instead a consistent and common approach to risk management is key. And the more action firms take now surrounding this point, the more positive the experience in the long run and the more compliant they will find themselves.
One final thought. This iteration of the SMR and CR affects an astounding number of people – approximately 10,000 impacted by the SMR and 32,000 affected by the CR. In 2018, when the regulation is set to include an even broader range of firms, the numbers increase dramatically. The Financial Conduct Authority estimates that 100,000 will now impacted by the SMR and more than 98,000 by the CR. The message is clear – banks need to adapt now…