SMCR Health Check

The SMCR requires that Senior Managers take “reasonable steps” to:

  • Control the business effectively
  • Comply with regulatory expectation
  • Delegate authority to competent people
  • Disclose bad conduct or reckless behaviour to the Regulators (‘Whistleblowing Clause’)

Lysis can assist with:

  • Firm-wide governance and risk management review.
  • Deep-dive review of a specific business/operational unit to assess its processes and controls.
  • Recommendation and implementation of improvements prior to a manager attesting.
  • Are governance and committee structures accurately mapped in the Responsibilities Map and are they all reflected in Statements of Responsibility? Are both sets of documents current?
  • Are delegated responsibilities properly documented and roles and responsibilities fully understood?
  • Do you have a regulatory rules map for the business(es) you manage which shows the laws and regulations that business must adhere to? Do you have controls in place to ensure compliance?
  • Does your firm carry out a regular (e.g. annual) review of governance and risk frameworks and risk appetite in the light of changes to the business?
  • Do you have adequate processes in place to identify, manage, report on and remedy regulatory breaches when they occur?
  • Are you aware of weaknesses in your control framework which might lead to breaches and do you have a programme of action in place to fix those weaknesses?
  • Do you have an effective process to action areas of concern highlighted by your firms’ Risk and Control Self Assessment (RCSA) process?
  • Is there an action plan to address any gaps identified by the questions above?
  • Do you have a proactive approach to informing the regulator in respect of the above?

In order to enable Senior Managers to attest that their areas of responsibility are being conducted properly and are compliant with all necessary laws the firm will need to invest time in making sure that processes are properly mapped and understood and that controls are effective.  This will be a particular challenge where parts of a process are outsourced to a third-party or executed by another group entity.

  • Are the processes for the business you manage accurately mapped out, including processes with other entities within your firm and with third-parties?
  • Do they map to the governance, risk and risk appetite frameworks?
  • Are there documented controls for those processes and are they regularly tested?
  • Are the processes and controls understood and adhered to?
  • Are your personnel adequately skillful, knowledgeable and trained to do their jobs?
  • Training Needs Assessment – a multi-part, assessment process which uses quantitative data from on-line tests and qualitative data form surveys and interviews to assess the knowledge and skills of a team and recommend a training programme to resolve those issues.