X6 STEPS TO A HEALTHY REGULATORY GOVERNANCE, RISK AND COMPLIANCE [GRC] FRAMEWORK
13/05/2021
X6 STEPS TO A HEALTHY REGULATORY GOVERNANCE, RISK AND COMPLIANCE [GRC] FRAMEWORK
Financial services regulators (take your pick:- JFSC, GFSC, MFSC etc.) are taking an increasingly robust approach with regulated firms.
Firms should therefore ask themselves what steps they can take to manage the risk of formal sanction.
Comsure would suggest the following x6:
- First, firms should review (and, if necessary, enhance) their compliance resource as a matter of priority.
- The JFSC has made clear (from its Compliance Monitoring guidance in 2013 through to its most recent public statements and civil penalties) that firms must have a compliance function that is resourced adequately
- Importantly, to address the above, firms are required to assess both the quantity and quality of that resource.
- Further, firms must prepare and implement an effective compliance monitoring plan that is tailored to the specific risks faced by the firm and which is reviewed and updated to reflect the changes in those risks over time.
- Second, the board must be able to show that it is discharging its role as the firm's governing body effectively. Questions that board members should ask themselves regularly include as follows:
- Is the correct information being put before the board and with sufficient frequency?
- Are the critical points in the board packs explained clearly to avoid 'information overload'?
- Can the board evidence constructive debate, support and challenge?
- Are actions recorded clearly in the minutes and assigned to a specific person, and is progress then reported back to the board?
- If the answer to any of these questions is not a resounding YES, urgent improvements are needed.
- Third, all accountabilities, responsibilities are to apportioned clearly within the firm; including:
- Delegated authorities between the board and committees must set out the roles and responsibilities of each function. And each function should be clear as to their reporting line and authorisation levels.
- Matters "reserved for the board and the committee" must set out each function decision making responsibilities/authorisation levels.
- Job descriptions must ensure that they set out the individual's role and responsibilities, and each individual should be clear as to their reporting line and (where appropriate) authorisation levels.
- Managers should also ensure that they exercise appropriate oversight over those who they supervise.
- Fourth, firms should seek appropriate independent validation (e.g., by group internal audit or an external consultant) of their compliance function and board effectiveness.
- Such review and feedback by an objective party can be invaluable in challenging 'group think' and identifying areas for improvement.
- Fifth, firms must keep adequate, orderly and up-to-date business and customer records.
- Firms often view record keeping as a second-tier regulatory obligation of less importance than other substantive obligations. This is a serious error: adequate records build a 'corporate memory' and provide the necessary audit trail.
- The firm can demonstrate compliance with more comprehensive regulatory requirements to the JFSC.
- Sixth, firms must deal with the JFSC openly and cooperatively at all times.
- The JFSC's ability to supervise firms depends on the quality of the information it receives, which means that it takes a dim view of firms that fail to be candid and cooperative. Therefore, it is in each firm's interest to cultivate a strong relationship with their regulator, both when responding to JFSC requests and in recognising when to make proactive disclosures.
Comsure has been helping firms over 16 years on the matters highlighted above.
If you wish to discuss any of the matters above, please contact Mathew as follows:
Mathew Beale - Chartered FCSI
Principal (Director) - Comsure Compliance Limited, Comsure Technology Limited (the "Comsure Group of Companies")
No 1 Bond Street Chambers, St Helier, Jersey, Channel Islands, JE2 3NP
Direct Tel: +44 (0) 1534 626841 - Mobile Tel: +44 (0) 7797 747 490 - Skype: comsurecompliance
mathewbeale@comsuregroup.com - www.comsuregroup.com
The Team
Meet the team of industry experts behind Comsure
Find out moreLatest News
Keep up to date with the very latest news from Comsure
Find out moreGallery
View our latest imagery from our news and work
Find out moreContact
Think we can help you and your business? Chat to us today
Get In TouchNews Disclaimer
As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.