Some interesting themes from regulators are starting to emerge when it comes to Governance, Risk and Compliance (GRC). The FCA in particular have run a number of initiatives looking at how companies of all sizes can ensure they have a constructive GRC culture running through their business.
There are two key areas the FCA are focused on:
- Competence (Skills) Here it’s all about recruitment, training and competence, ensuring the right people in the right job with the right skills and responsibilities.
- Conduct (Behaviour) The FCA’s excellent 5 conduct questions programme (although focused on wholesale banks) provides firms with a clear GRC management strategy across:
- Identification of risks
- Who is accountable
- What mechanisms are there to improve conduct risk management
- Who is in control of strategic oversight
- What activities could undermine conduct risk management
Conduct in particular, is very much at the centre of the industry with the introduction of the Senior Managers and Certification Regime (SM&CR) as retail investment advice firm’s now have until March ’21 to ensure all conduct rules training, fit and proper and certification processes are in place and actioned.
The European Commission’s latest public consultation on sustainable corporate governance builds on this and looks at the G in ESG looks at whether companies should:
- Take into account broader stakeholder interests such as human rights violations, environmental pollution and climate change
- Ensure directors identify the company’s stakeholders and their interests and manage the related risks
- Introduce a ‘due diligence duty’ across employee rights, health, environmental impact of business activities across the supply chain
The FCA seems dedicated to ensure culture is front and centre in its approach to supervision. There is much resource dedicated to transforming culture in financial services, with the business strategy, tone at the top, leadership, remuneration and reward and good governance the most salient issues.
So, what can you do?
- Review how RegTech can help provide diagnostic assessment of your current GRC practice and provide management information and data on how you are improving competence and conduct. This can have significant benefits, for example Professional Indemnity Insurers have stipulated they will provide favourable renewal terms for those firms evidencing they have good GRC strategy within their business
- Ensure Human Resources Development practice and communication lines are clear across the business, not just at the top or board levels.
- Systems and controls, operations and practice management are all aligned to the front office via a ‘middle office’ so the business is client and staff centred and allows secure data to flow through to all stakeholders e.g., Directors, staff, clients and the regulator
With the SM&CR extension on conduct and certification implementation deadlines, we should not take our eye off the GRC ball, if we have this right the governance will be spot on and firms will showcase resilience and sustainability benefiting immensely when this pandemic becomes a distant memory.
If you're interested in finding out more you can book a demo of our software please click below to see MO® in action.