Updated: Feb 11
Corporate Governance isn’t just about who sits on your board and how often the board meets. It’s about the systems and controls as well as the standards set within a firm.
It’s about ensuring that the firm creates the right culture with effective controls and good communication channels.
UK regulated firms are required to comply with the relevant sections of the Senior Management Arrangements, Systems and Controls (SYSC). This covers a wide range of subjects outlining a firm’s duties.
Two key requirements relate to how the business is organised as well as how the compliance team operates. This sourcebook also supports Principle 3, which requires directors to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems to support the governance infrastructure. The compliance arrangements include the requirement for firms to implement adequate policies and procedures to aide risk management.
Policies and Procedures:
Writing down your policies and procedures sets your company’s approach to a given matter. It also helps to communicate to staff the agreed processes and to reinforce the controls implemented to manage risks. For this to be effective, your staff need to understand:
what they need to do
how to do given tasks
who to speak to, to raise queries or concerns and
why they need to do something.
This creates a consistent process for performing a task or delivering a service. It identifies an escalation process to raise queries or propose changes to a process. Putting things into context means staff better understand the risks of not following the process as well as any repercussions. For example, wilful non-compliance or repeated failure to comply can result in disciplinary action due to the regulatory risk posed. It may impact remuneration packages too. It helps to reinforce the correct behaviours within a firm.
The above describes how you might implement some controls. This is your first line of defence, i.e. your day to day operational controls to manage risks.
The next step is to review how well those processes and controls are working. This is where the compliance team gets involved, your second line of defence. This is usually where the administrative burden becomes obvious.
The firm sets the standard by defining its own process, training staff to understand why it is important as well as the regulatory and personal impact for non-compliance. It also nurtures a culture of compliance with the company policy. You then need to test that the policy and process implemented are effective in managing regulatory risk.
There should be checks in place to support the process. For a simple Gifts and Entertainment policy, checks typically include:
Board Sign off confirming the policy and procedure are appropriate for the business
Staff declarations confirm their understanding of what they need to do and when
Staff training records confirm staff have attended training
Gifts Register confirms what disclosures have been made and any approvals provided
The compliance team would typically look for evidence of the above.
Collating & Reporting:
It's clear to see the checks and the evidence to be provided. It also highlights that even for a small firm, there are a lot of administrative tasks. Regardless of a firm’s size, it requires a lot of chasing and follow up to get documents reviewed, commented upon and approved.
There’s the roll out of the policy to staff, which needs to demonstrate that staff have received the communication so that you can then follow up and request declarations of understanding. This then needs to link to staff records including training logs, attestations, monitoring results, etc.
Next an updated register where records of any gifts and hospitality received or offered are maintained. Finally, there’s Board reporting to provide reassurance that risks are being managed or to alert them of any identified risks.
With UK audit reforms looming there is talk of director attestations relating to systems and controls. How well can your firm demonstrate effective systems and controls?
How Axiom HQ can help you:
AxiomHQ is an industry-leading software platform designed to help regulated firms manage the burden of evidencing and monitoring compliance. It has a range of tools to help firms fulfil their obligations across the UK, Europe and APAC regions.
Get in touch with the Axiom HQ team to learn more on: 020 3965 2166 or email@example.com
Axiom HQ’s hosts monthly webinars, to register your interest please click here.
See our blog page for further articles or join our mailing list to keep updated.
Visit our website to find out more about how Axiom HQ can help:
Contact the author
Head of Client Regulation| Axiom HQ