We’ve been working in this SM&CR compliance space now for almost two years and over that time we have worked with many diligent firms who are using the FCA’s new regime as an opportunity to refresh their approach to risk and embed the right culture and behaviours for the future. However, we’ve also been quite surprised by the sheer number of firms that seem to be oblivious to the long-term implications. Almost as if they are simply burying their heads in the sand! Considering the fact that senior individuals within these firms could soon be in line for hefty SM&CR penalties in the form of fines or even jail time, we have been wondering why there has been so much ‘Ostrich mentality’? In this blog we look at what makes a suitable SM&CR compliance solution.
So is Excel a suitable SMCR compliance solution? Our expert partners ICSR are not convinced and believe that many firms just haven’t woken up to the realities of the regime yet. They may have completed their mapping in time for the deadline but haven’t considered the ongoing requirements of maintaining compliance. As Kenneth Underhill puts it:
A number of Actus Comply clients had considered Excel to be suitable for their SM&CR needs before they realised the full extent of the regime. Firms need to be able to embed a robust control process that will stand the test of time. Those implementing the regime now are also able to learn lessons from the banks who have already gone through the process and must already comply.
These are the top 5 reasons why clients considered Excel to be too risky for their SM&CR needs.
Is your Excel spreadsheet going to be accurate down to the minute? If the FCA comes knocking, how confident are you that you can quickly and simply produce accurate reports? In particular, can you provide the evidence of who holds which responsibility and precisely when they took it on?
As time goes by and Senior Managers change, there is a dependency to maintain that spreadsheet accurately. When key people move on, the chances of inaccurate reporting rise. This, in turn, increases the risk of people being held responsible for breaches after they have left a firm.
Excel can’t provide a reliable audit trail of when someone accepted responsibility. There is also a risk that the report could be tampered with or challenged. If a breach could leave you fined or in prison, wouldn’t you want to be sure that you could prove your information was accurate and up to the minute?
Excel won’t prompt you if there is a gap in your responsibilities or Certification is due. Can you be sure that deadlines won’t get overlooked or responsibilities go out-of-date when you are depending on a manual system?
Where are you capturing Conduct and Certification requirements, CPD and/or evidencing Reasonable Steps? The odds are that you will be running multiple processes across a range of systems and spreadsheets. Where is the overall picture of SM&CR assurance and are you duplicating admin?
The reality is that many smaller firms are just making do with Excel as a solution because they have only considered the December 9th deadline, not the long-term reality of managing the SM&CR regime professionally. Others have ruled out SM&CR Compliance Software due to cost or complexity.
Why not think again, and take a look at Actus Comply? Simple, Affordable, Assurance.