By Henry Umney, CEO, ClusterSeven

In the recent RBC whistleblower case– where a London employment tribunal ruled in favour of an employee who raised concerns about the organisation’s compliance culture – is clear evidence that the Financial Conduct Authority (FCA) and the Prudential Regulation Authority’s (PRA) Senior Managers and Certification Regime (SM&CR) has teeth.

This case has helped highlight the pitfalls of poor attestation processes and the risks they pose to financial institutions’ overall compliance efforts – and indeed to the ‘powers that be’ in these organisations. The SM & CR aims to enforce individual accountability and make senior people fully responsible for financial institutions’ business functions and activities.

Why the need for attestation?

Reliable attestation processes are the foundation of accurate and auditable regulatory compliance in any financial institution. Often, spreadsheets or Microsoft Word documents are used in banks for unstructured financial and compliance processes that don’t necessarily lend themselves to automation such as anti-money laundering, the Volcker rule or monitoring conflicts of interest. Without easy, reliable and robust attestation processes, the risks to accurate financial reporting and regulatory compliance increase many fold, with potential for financial implications to the institutions of course, but also for the managers personally. Regulations such as SM & CR apply the Individual Conduct Rules to all staff (except administrative employees) and hence, a failure to comply can genuinely lead to action against senior executives.

Streamlining attestation end-to-end

Financial institutions can mitigate such risks by undertaking strategic, automated attestation management to streamline the audit and compliance processes, end-to-end.

It will ensure that organisations have complete visibility of their compliance processes and a detailed understanding of the unstructured documents, systems and applications that individuals are dependent on in the day-to-day running of operations. This approach supports the SM & CR need to address specific responsibilities that are applicable to senior managers based on their roles.

A practical implementation of this model is provided by the Netherlands-based international financial services provider, Rabobank’s London office, who identified the need for an automated, technology-led approach to ensure a consistent approach of managing unstructured compliance issues. It recognised that a structured, systematic framework offered the greatest scope for enhanced efficiency savings, better compliance monitoring and aligning the needs of the business and its multiple regulators.

The bank implemented an Inventory Management System (IMS) as the platform to capture, manage, audit and report its unstructured compliance processes. Utilising rules-based capabilities provided by the platform, Rabobank could review, define and codify the unstructured compliance issues the business is exposed to. This allowed the bank to introduce standardised templates that could be tailored to the needs of each of the business units, and their regulation set, while still consistent with its corporate standards.

The unique nature of many unstructured compliance issues were transaction-based, making it difficult to standardise using a single process. Rabobank addressed the problem by configuring its IMS to categorise issues by business unit, role, approval process, issue, outcome and justification. The process made extensive use of conditionality, allowing the compliance teams to guide users through the compliance process quickly and easily, breaking down the non-standard compliance issue into its component parts, to steer it through to a successful resolution.

As well as resolving complex compliance issues quickly, this platform also provided the basis for the bank’s attestation processes, so that internal staff can be prompted to review and approve documents, transactions and processes, and ensure they remain compliant, even if no issues have been raised.

For both compliance resolution and attestation, the platform allows full transparency and auditability for the business, together with the flexibility to evolve the compliance systems and processes as the business changes.

Today, with regulation not only increasing, but also holding senior executives fairly and squarely responsible for business operation, a best practice, technology led approach is the only cost-effective and efficient way to enforce and make business and regulatory compliance safeguards routine.

About author

Henry Umney is CEO of ClusterSeven. He joined the comp any in 2006 and for over 10 years was responsible for the commercial operations of ClusterSeven, overseeing globally all Sales and Client activity as well as Partner engagements. In July 2017, he was appointed CEO and is strongly positioned to take the business forward. He brings over 20 years’ experience and expertise from the financial service and technology sectors. Prior to ClusterSeven, he held the position of Sales Director in Microgen, London and various sales management positions in AFA Systems and ICAP, both in the UK and Asia. ClusterSeven Twitter Handle: @ClusterSeven