Systems Support for the SMCR

What Systems Support Does A firm need?

As part of their overall approach to the SMCR, banks are starting to consider software solutions to enable them to effectively meet their current and on-going regulatory obligations under the SMCR.  Some of the possible requirements include:

Governance Map and Statements of Responsibilities

A Governance Map and Statements of Responsibilities is central to the Senior Managers Regime.  This should be easy to maintain as a business as usual activity and easy to report on periodically and on-demand.

Alignment of objectives and risk appetite

For individual Senior Managers to discharge their ‘duty of responsibility’ under the Senior Managers Regime their individual objectives and risk appetite should be aligned to that of the Bank overall, as determined by the Board and the Executive.  It is necessary to define objectives and risk appetite at corporate, business unit and Senior Manager level and to show how they are linked across levels.

Process and Control Mapping

Software will be needed to map business unit, cross-business unit and third-party processes and controls in order to demonstrate that the necessary controls are in place, adequate and working.

Regulatory Risk Assessment and Controls Effectiveness Assessment

These assessments should be workflow driven and enable business dashboards and reports to be generated.

Capture, map and report on operational losses

Under SMCR it is necessary to map operational losses/incidents to an Individual Senior Manager and make it easy to report on operational losses by Senior Manager.

Capture Conduct Rule breaches

The system should enable the capture, mapping and reporting of Conduct Rule Breaches
within 7 days and support the investigation and mitigation of the issues arising.

Performance and risk of key ‘SMR related’ processes

The requirement to be able to understand, monitor and report on the current level of performance and operational risk of each of these processes (e.g. pre-employment due diligence, on-boarding, transfer of responsibilities, exit processes) will be an important component of your overall response to the SMCR.

Evidence that SMFs have discharged their ‘duty of responsibilities’

The system requirement will be to provide information in the form of reports, business dashboards and trend analysis data to enable a Senior Manager to be adequately informed when making decisions.

Present a historical snapshot

Linked to the above will be the capability to effectively respond to regulatory questions in the future.  The systems requirement will be to automatically generate date/time-stamped ‘snapshots’ on a regular basis which include the governance structure and responsibilities in force at the time. It should also include the in-force objectives, risk appetite and risk profile.

Store documents such as Regulatory References

Documents must be maintained and stored digitally in an access controlled location with a link to individual Senior Managers where applicable.

Support an attestation process

The use of attestations has become a regular part of the UK regulatory landscape.

The SMCR is going to place a greater demand on software solutions to support an attestation process at an enterprise level.  Those covered by the Senior Managers Regime, the Certification Regime and the Conduct Rules will all need a mechanism to confirm and evidence that they understand their regulatory obligations and that there areas of business they are responsible for are effectively managed within the prevailing laws and regulations.