The new Senior Managers & Certification Regime will come into force for Banks on 7 March 2016. This new regulatory regime will then be applied across Financial Services over the next few years.
Many Banks have started their preparations for this major regulatory change (those banks that have not started, should get started!). As part of their overall approach to the SMR, banks are starting to consider software solutions to enable them to effectively meet their current and on-going regulatory obligations under the SMR.
Not surprisingly, there is a lack of clarity about what are the requirements for a software solution to support the SMR so here is my ‘Starter for 10’ requirements.
1. Must be able to generate a Governance Map and Statements of Responsibilities
Maintaining a Governance Map and Statements of Responsibilities goes to the heart of the Senior Managers Regime therefore any software solution must enable the definition of the organizational structure with associated governance for each area of the bank. This should be easy to maintain as a business as usual activity and easy to report on periodically, including on-demand.
2.Must enable a Senior Manager to evidence that they have discharged their ‘duty of responsibilities’ when making decisions within the bank.
The SMR creates a ‘duty of responsibility’ on Senior Managers to take reasonable steps to prevent breaches of regulatory requirements by their firms from occurring. Thus it will be for the Regulator to show that the senior manager did not take such steps as it was reasonable for a person in that position to take to prevent the breach of regulatory requirements.
Therefore a key requirement for any software solution supporting the SMR will be to provide a complete set of information, ideally in the form of reports and business dashboards (with trends) to enable a Senior Manager to discharge their duty of responsibility when making decisions and evidence that they have discharged their duty of responsibility.
3. Must be able to present a historical snapshot
One of the key requirements for any software solution supporting the SMR will be the capability to effectively respond to regulatory questions in the future. For example, imagine it is November 1, 2020 and the FCA is investigating a major bank failure with a view to acting on the suspicion that the bank’s Senior Managers did not correctly discharge their ‘duty of responsibility’ resulting in major regulatory breaches, bank failures and potential ‘Reckless Misconduct in the Management of a Bank’ charges been brought against the Senior Managers at the time (all of whom have subsequently left the bank).
The regulator, the Bank and the Senior Managers in question will all want to be able to access historical information to support the prosecution (in the regulators case) or the defence (in the case of the Bank and the Senior Managers). Therefore any software solution for the SMR must have an ability to automatically generate ‘snapshots’ on a regular basis (monthly, quarterly?) which include the Governance structure and responsibilities at the time. It should also include the objectives, risk appetite, risk profile and ‘Line of Sight’ alignment within the bank at the time.
4. Must enable a ‘Line of Sight’ alignment of objectives and risk appetite from the corporate level to individual Senior Manager
For individual Senior Managers to discharge their ‘duty of responsibility’ under the Senior Managers Regime their individual objectives and risk appetite should be aligned to that of the Bank overall, as determined by the Board and the Executive. Therefore, any software solution for SMR must be able to define objectives and risk appetite (to deliver those objectives) at both a ‘Corporate’ level, Business unit level and individual Senior Manager level. Equally, the software must be able to maintain a clear ‘Line of Sight’ from the Corporate level, through Business Units to individual Senior Managers. This ‘Line of Sight’ relationship should be easy to maintain and easy to report on.
5. Must be able to capture, map and report on operational losses by Senior Managers
Any software solution to support SMR must be able to assign or map operational losses/incidents to an Individual Senior Manager and make it easy to report on operational losses by Senior Manager. The software should enable reporting in the form of ‘traditional reports’ but ideally should also enable data to be presented as/within business dashboards, in particularly viewing operational losses by individual Senior Managers over time is extremely important.
6. Must be able to capture and map Conduct Rule breaches to Senior Managers
This requirement is very similar and related to the requirement above. Alongside the capability to capture, map and report on operational losses by Senior Managers, any software solution for SMR should enable the capture, mapping and reporting of Conduct Rule Breaches. Ideally, the software solution would capture Conduct Rule Breaches as part of the operational losses functionality.
From a reporting perspective, it is important that any software solution for SMR can meet the regulatory reporting requirement to report all [suspected] Conduct Rule breaches within 7 days.
7. Must be able to monitor and report on the performance and risk of key ‘SMR related’ processes
The SMR is going to bring a greater focus to a number of processes that are probably already operating with the Bank but which may not currently get much regulatory attention. For example, HR processes such as pre-employment due diligence, on-boarding, transfer of responsibilities and exiting processes. Typically these operational processes do not get as much regulatory or management focus as many other processes. This will change and the requirement to be able to understand the current level of performance and operational risk of each of these processes will be an important component of your overall response to the SMR.
8. Must be able to store documents such as Regulatory References and map those to individual Senior Managers, or integrate with such a system.
This requirement is very similar to the requirement directly above in that currently there are many HR related files and records which may be stored by HR, for HR use however under the SMR these files and records will be of interest to a wider range of stakeholders. Therefore they must be maintained and stored digitally in an access controlled location with a link to individual Senior Managers where applicable. Any SMR software should either hold these files and records or integrate with the software that does. Most importantly, the SMR software should enable a mapping to be made between the individual Senior Manager and their files and records.
9. Must be able to support an attestation process to enable individual Senior Managers to attest that they understand their Responsibilities and regulatory obligations under the SMR
The use of attestations has become a regular part of the UK regulatory landscape. Going forward the SMR is going to place a greater demand on software solutions to support an attestation process at an enterprise level, with those covered by the Senior Managers Regime, the Certification Regime and the Conduct Rules all needing a mechanism to confirm and evidence that they understand their regulatory obligations.
10. Must be able to support a Regulatory Risk Assessment and Controls Effectiveness Assessment capture and reporting in relation to SMR
The final requirement of any software solution for SMR should be to enable the monitoring and management of SMR related regulatory risk, ideally including enabling a regular risk assessment of SMR related regulatory risk, actions and issues that come from this assessment and the assessment of control effectiveness related to SMR risks. These assessments should be workflow driven and enable business dashboards and reports to be generated.
So that is my 'Starter for 10' software requirements for SMR. Do you agree? Please leave a comment or get in touch - firstname.lastname@example.org
This article first appeared on www.stratexsystems.com