SMCR compliance: Remote working vs manual process
The recent global shift in ways of working since the COVID-19 pandemic has highlighted areas for concern within financial services to maintain SMCR compliance. The FCA are highlighting that we are likely to make a sharp rebound when we reach the other side of the pandemic. Hhowever, they are still advising that firms have contingency plans and ensure sufficient resources. Can you guarantee assured compliance while remote working and following a manual process?
SMCR and compliance
SMCR is a data-heavy regime with many moving parts and a plethora of individuals involved. With the message that compliance must remain at the forefront of our minds despite the recent changes to ways of working and an unknown future, there is a risk to many businesses that managing this process as a paper-based exercise opens up the potential for exposure with no controls to:
- Verify information
- Central point
- Audit trail
- Pro-active management
- Track progress
The prospective risk varies across each subcategory of the regime:
Many regulated businesses have robust policies in place and yet have struggled with the recent shift to remote working. The certification process involves a wide range of individuals often across multiple disciplines and geographies making this extremely difficult to control manually AND remotely in parallel.
According to the FCA, “Things go wrong by mistake more often than misconduct” and industry feedback has indicated that businesses operating this as a manual process have struggled with governance and oversight. A manual process has no way of tracking where individuals are within their F&P process, no formal sign off, limited audit trail, variable continuity of issue reporting dependent on the individuals involved.
Manual certification, remotely… has the potential to cause havoc for businesses with limited checks and balances people could be missed out, certified for the wrong SHF or worse incorrectly certified when non-compliant!
It will likely be the case that a new temporary map will be needed to take into account additional responsibilities. The regulators are not demanding that a single member of their firm manage all coronavirus-related risk, but are asking for firms to allocate responsibilities in a way that optimises risk, often to consider sharing across teams.
Approval of new SORs remotely whilst using manual methods, relies heavily on emails. Although challenging, it is imperative that auditability and oversight still be maintained.
Risk and impact assessments will be constantly changing for a senior manager's specified function. When you start to consider the unfortunate health implications that COVID-19 could have on a firms’ senior management team, as more people across the country catching the virus, responsibilities will have to be covered and handovers will take place to ensure operational resilience.
Taking away the ability for managers to sit in an office meeting room and formally handover all areas required in the process, questions have to be asked around how a business ensures effective communication and oversight during the handover process. In particular, as we move to a remote world, senior managers are inheriting new areas of responsibility and missing information regarding topics such as governance frameworks, operational risk, conduct risk and key projects due to poor control mechanisms, increasing the level of risk for these operations significantly.
This has been a time for everyone to reflect on current processes and review ways of working. Our goal is to understand how to make our nation more prepared for external events using RegTech.
Perhaps you are struggling to create a map to take into account COVID-19 responsibilities, perhaps you are struggling to track SOR approvals, whatever it may be, this is a time of learning and we are hoping to provide insight into better ways of working and maintaining SMCR compliance. Find out more about how Pentana Compliance can help with your SMCR requirements.