As part of their overall approach to the SMCR, banks are starting to consider software solutions to enable them to effectively meet their current and on-going regulatory obligations under the SMCR. Some of the possible requirements include:
A Governance Map and Statements of Responsibilities is central to the Senior Managers Regime. This should be easy to maintain as a business as usual activity and easy to report on periodically and on-demand.
For individual Senior Managers to discharge their ‘duty of responsibility’ under the Senior Managers Regime their individual objectives and risk appetite should be aligned to that of the Bank overall, as determined by the Board and the Executive. It is necessary to define objectives and risk appetite at corporate, business unit and Senior Manager level and to show how they are linked across levels.
Software will be needed to map business unit, cross-business unit and third-party processes and controls in order to demonstrate that the necessary controls are in place, adequate and working.
These assessments should be workflow driven and enable business dashboards and reports to be generated.
Under SMCR it is necessary to map operational losses/incidents to an Individual Senior Manager and make it easy to report on operational losses by Senior Manager.
The system should enable the capture, mapping and reporting of Conduct Rule Breaches
within 7 days and support the investigation and mitigation of the issues arising.
The requirement to be able to understand, monitor and report on the current level of performance and operational risk of each of these processes (e.g. pre-employment due diligence, on-boarding, transfer of responsibilities, exit processes) will be an important component of your overall response to the SMCR.
The system requirement will be to provide information in the form of reports, business dashboards and trend analysis data to enable a Senior Manager to be adequately informed when making decisions.
Linked to the above will be the capability to effectively respond to regulatory questions in the future. The systems requirement will be to automatically generate date/time-stamped ‘snapshots’ on a regular basis which include the governance structure and responsibilities in force at the time. It should also include the in-force objectives, risk appetite and risk profile.
Documents must be maintained and stored digitally in an access controlled location with a link to individual Senior Managers where applicable.
The use of attestations has become a regular part of the UK regulatory landscape.
The SMCR is going to place a greater demand on software solutions to support an attestation process at an enterprise level. Those covered by the Senior Managers Regime, the Certification Regime and the Conduct Rules will all need a mechanism to confirm and evidence that they understand their regulatory obligations and that there areas of business they are responsible for are effectively managed within the prevailing laws and regulations.