One of the biggest concerns the FCA are banging on about is business resilience through the pandemic we face. It is clear that the regulator expects firms to take full accountability for their own governance, risk and compliance (GRC) affairs and align this with building systems and controls that will identify monitor, manage operational and financial resilience.
The pandemic has now brought a new way of working and with it the application of existing and new technologies that can streamline business management practices. With remote working the new norm, we also have challenges in ensuring our staff are aligned, engaged and also are happy, mental health is also a concern when we have to isolate and remove ourselves from the social interaction a workplace brings.
Enforcing regulatory compliance can be challenging enough when your workforce is in the office, but when dispersed this is a huge challenge.
So what can we do to ensure we keep our finger on the GRC pulse, encourage a resilient and positive working practice and culture?
- Communicate, communicate, communicate: Employing clear processes, systems and controls that engages all stakeholders is essential. This means everyone knows the risks and challenges faced but most importantly, how they are managed and the part they and others play. The Senior Managers and Certification Regime (SM&CR) is a huge help here, firms should already have their roles, responsibilities and delegation strategy mapped so everyone knows who does what, when and how
- The art of collaboration: The has never been a more important time to ensure your C-suite, compliance, operations, teams are working together around GRC. By streamlining working practices around remote working challenges and opportunities, this can enable effective and efficient identification of risks that can impact business resilience. We can also reduce admin and duplication and get the messages we need across quicker to staff and clients alike.
- Be security minded: Cyber-risks are on the up during the pandemic, so we have to ensure that operational systems and controls are in place to protect our business practices across, client communications, asset and document management and data security. Remote workers could be the ‘weakest link’ here, as they are working with new systems and technologies, so mandating specific cyber-risk proofed platforms such as back office, e-mail encryption and document protection will be crucial.
- Get onboard the same train: All staff need to be of the same understanding when it comes to compliance, resilience and risk management. So ensure you’re up-to-date with your training and competence programme, again the SM&CR and conduct rules training will help here
- Automate and streamline: Technology isn’t magic, but built and implemented well it’s a great enabler platform for your business to work more effectively around GRC, keeping staff engaged and happy and your business resilient across constant operational and financial risks.