Firms in the UK have quickly learned that manual, ad-hoc systems employing spreadsheets and email are unsustainable for keeping up with the sheer volume of management and monitoring required for SMCR compliance. Ruairi Nash, Star's resident SMCR expert, offers his take on key features to look for in a regtech tool
When it comes to providing efficiency and visibility, regtech is the best way to maintain compliance in the long term. Without it, firms open themselves up to risks of inaccuracies, poor audit trails, and a lack of real-time management information—the consequences of which could be devastating. With a regtech solution dedicated to SMCR compliance, firms can demonstrate proper, auditable workflows to the regulator and ensure the right level of competence, as well as fitness and propriety for senior management and certified roles, with ease.
Not only does this layer of assurance lessen the risk of regulatory intervention, reputational damage, and significant fines, but the automated processes also lessen the need for compliance teams to carry out time-consuming, manual SMCR-related admin tasks. And when teams can spend less time monitoring, chasing, recording, and escalating, they can spend more time on proactive core business activities. Of course, all regtech is not created equal. If it’s SMCR compliance you’re after, look for these key features in any regtech solution:
1. DESIGNED SPECIFICALLY TO MEET THE REGULATORY REQUIREMENTS OF SMCR
When the FCA and PRA review firms, they’re essentially looking for proof that a firm has embedded and can enforce the accountability of senior managers, and that all managers are fit and proper to meet the responsibilities for their roles. Regulators want to see that SMCR compliance is embedded into the culture of your organization. Implementing a tool designed specifically for SMCR compliance is a great way to show that your firm prioritizes adherence in every related process.
2. AUTOMATES SMCR COMPLIANCE PROCESSES TO SAVE TIME AND MONEY
The real value of a regtech solution is in its automation, so ensure any solution you implement has the capability to automate the kinds of processes you've probably been doing completely manually. These should include the capability to support the creation and maintenance of MRMs, SoRs, Reasonable Steps (Duty of Responsibility) records, handover arrangements, Certification, Directory Persons data management, Conduct Rules adherence, and Regulatory References. As an example, an effective and efficient SMCR solution will allow compliance teams to quickly generate properly formatted, auditable documentation and reports to the FCA. That means you can demonstrate the appropriate systems and controls to meet regulatory requirements at all levels of SMCR.
3. OFFERS POWERFUL MANAGEMENT INFORMATION AND REPORTING
Ensure that your regtech solution can collate valuable data to give you a full view in one, easily accessible place. When it comes to oversight management information, you need to know how many people per legal entity need to be certified, how many are currently certified, who certified them, and when. Gathering this information automatically means you can easily identify gaps. And the automated reporting of this information means easy auditability for regulators. For example, with a constantly updated management responsibility map, you’ll have an intelligent and indelible record of organizational structure and accountability for any point in time. And these records will be indisputable, as senior managers must sign off on them in a read-only, uneditable format.
4. INCLUDES TRAINING AND COMPETENCE FUNCTIONALITYA great SMCR solution should also include capability and functionality to record, track, and evidence ongoing competence. This allows you to monitor both people and processes to know who or what needs improvement. This capability should be able to easily integrate with your existing systems and data. In that way, you can generate a single picture of your peoples’ performance, regulatory compliance, risk, conduct, and competency. This capability should include competence evidence and testing, people risk monitoring, quality and case checking, reporting on complaints, and breach management.
Choosing the right technology to help your firm stay SMCR compliant is no small task. Indeed, it’s an important decision that will impact your organization in both the short and long term. If your tool encompasses each of the above areas, you can rest assured you’re on the right track to continuously improve your firm's business processes to match and exceed regulatory requirements, and therefore benefit the business far into the future.