The flood of regulatory updates continues for the banking and finance industry – and as it does, many institutions are running to keep up.
With complex rules and tight deadlines, some are resorting to a ‘sticking plaster’ approach. Ticking the compliance boxes, without any genuine commitment or real understanding of what they’re ticking; simply to satisfy the regulator and get on with the day job.
But this time it’s personal. Under the Senior Managers Regime (SMR), which was implemented earlier this month, senior UK banking officials can now be held personally accountable for any misconduct that falls within their areas of responsibility.
So is this a canny move by the regulator? Will this be the regulation that embeds professional standards into the finance industry – because the personal cost of failure is too high?
The Senior Managers Regime – a summary
At its simplest level, the buck now stops with senior managers.
Under the Regime, a senior manager is defined as anyone ‘taking decisions or participating in the taking of decisions on how a firm’s affairs are run’ – and this includes non-execs who have specific responsibilities relating to compliance.
The duties and obligations for everyone fitting this description must now be recorded in a Statement of Responsibilities, which is sent for approval to the regulators. Anyone who falls short of these duties, and whose negligence in their role is found to contribute to a breach, faces prosecution.
In some ways, SMR could be viewed as the regulation of regulations; non-compliance with any existing or new rules could lead to legal action, so it’s in every senior manager’s interests to ensure their bank or financial institution’s defences are water tight.
It requires a juggling of ‘hats’; risk officer, legal expert, detective, in addition to the day job – and this additional burden of responsibility could in itself threaten the very essence of what the regulation has set out to achieve. After all, it’s easier for rogue behaviour to slip through undetected if the person who should be keeping an eye out has too much on their plate.
So how can senior managers minimise their exposure and drive out risk?
Support from The Certification Regime and Conduct Rules
Compliance requires a two-pronged approach; organisation-wide buy-in, and an infrastructure that mitigates risk.
The Certification Regime and Conduct Rules should help with the first. Brought into force on the same day as SMR, under the Certification Regime, anyone who could pose a risk of significant harm by nature of their role, will need to be carefully vetted, while the Conduct Rules set out a basic standard of behaviour for all bank employees.
But while it’s in everyone’s interests to play by the rules, best behaviour can’t be guaranteed, and this is where technology can step in.
Data integrity platforms, like CTC from Gresham, can shoulder the regulatory compliance burden. Core regulation is built-in, while additional controls can be added quickly and efficiently at any time. Automated verification and validation of data removes the risk of human error, while data can be aggregated and reported on at any time.
The result is a fully transparent data integrity model, that assures compliance and removes internal risk.
How effective will SMR be?
The impact of the new regulation of course remains to be seen – early signs from the industry suggest some misgivings, as senior analysts suggest it may hinder the risk taking that the industry relies on, while certain larger institutions attempt to side-step the legalities by excluding executives with global, rather than UK-specific responsibilities.
Regardless of how the industry reacts however, what is clear is that the burden of regulatory responsibility will only continue to grow, and that ensuring data integrity is a prudent step for everyone working within the banking industry – senior managers and all.
For more on the impact of SMR and how to remove internal risk without the hassle of wholesale infrastructure change, download the latest Gresham mini-guide here.