Author: AxiomHQ – axiomhq.com
Managing regulatory risk should be a priority for regulated firms, but how well does a board understand its obligations? How does a board gain assurance that is regulatory risk is managed effectively?
Recently the Australian Prudential Regulation Authority (APRA) published an article to its regulated firms to help them “stay out of the headlines”.
Impact of compliance failure:
The Australian article touches upon themes that will be familiar to all. Failure to manage regulatory risk can result in:
- heavy penalties for both firms and individuals
- reputational damage putting a firm out of business (eg Enron) and
- it can impact consumers and reduce trust in financial services sector (eg 2008 financial crisis)
This last point is at the forefront of many regulatory agendas as it is a common regulatory objective worldwide.
Recent years have seen many regulatory bodies adopting a harder stance by introducing greater accountability at an individual level. In the UK, it’s known as the Senior Managers & Certification Regime, but other regulators have either implemented or are introducing similar regimes.
Regulatory risk is the firm’s ability to comply with both legislation and regulation as well as internal standards. The key is for a firm to identify and comply with obligations pertinent to their business activities. For example, a financial adviser’s regulatory profile will differ from that of a fund manager.
A firm’s regulatory obligations will be driven by the firm’s authorised permissions as well as which regulated activities are conducted and how those activities are performed. Other factors will also have a bearing on the firm’s regulatory risk including whether it is:
- dual- or solo regulated firm status
- a member of group infrastructure
- conducting business cross-border
- responsible for any third parties, including agents or appointed representatives
- has outsourcing arrangements
All of the above factors may have a bearing on how specific requirements need to be followed.
Consequently, firms must be cautious when looking at other firms and adopting similar approaches. One size does not fit all, and guidance exists to encourage a proportionate approach. Firms need to adopt processes and controls that fit their size, services, complexity… and clients.
It follows that firms need to identify which rules and legislation impact their activities, identify and manage any regulatory risks. In addition, where firms consider expanding their operations perhaps into other regions, outsourcing or investing in new technology, boards need to understand how that impacts their regulatory risk profile. What new risks does the project pose? How will those risks be managed? What regular management information will be needed? How will does a board know if a risk is slowly crystallising and step in when needed?
Firms need to ensure that they have a compliance strategy that matches its business and risk profile. That strategy should include how a firm continues to monitor and assess its systems and controls. Supporting evidence and an audit trail help a firm to demonstrate not just that it has complied with its obligations, but how it has done so. Additionally, the firm needs to demonstrate who is accountable for certain activities and support those individuals fulfil their oversight responsibilities.
Axiom HQ is here to assist:
Traditional compliance documentation and monitoring is manual and happens only periodically. With Axiom, key areas of compliance can be automated and put under direct review by appropriate individuals across the business. This means that monitoring can be embedded directly into business-as-usual processes, vastly simplifying the process and significantly reducing the overhead required to carry it out.
Axiom has the potential to revolutionise what your firm understands by compliance monitoring and deliver best-in-class governance, oversight and management of compliance risk.
Axiom HQ is an industry-leading software platform designed to help regulated firms manage the burden of evidencing and monitoring compliance. It has a range of tools to help firms fulfil their obligations across the UK, Europe and APAC regions.
Get in touch with the Axiom HQ team to learn more on 020 3965 2166 or [email protected]