Author: Priscilla Gaudoin - Head of Risk & Compliance - Published July 2024
Topics: Risk Management, Resilience, Culture, Corporate Governance
Regions and Regulators: UK, Ireland, FCA, PRA, DORA
Robust risk management and good governance
are crucial elements for success!
As we approach the second half of 2024 and look forward to 2025, where are the regulators focusing their attention?
In Ireland, we see the Central Bank of Ireland (CBI) focusing on:
- Fighting Financial Crime
- Protection Disclosures and Whistleblowing
- Markets in Crypto Asset Regulation (MiCA)
- Digital Operational Resilience Act (DORA)
- Payment Services Directive 2 (PSD2)
- Central Securities Depositories Regulation (CSDR)
- Money Market Fund Regulation (MMFR)
This list doesn’t look too dissimilar to the FCA and PRA priorities for the next 12 months.
Financial crime is also a key regulatory focus for the FCA in the UK, with particular focus on preventing market abuse, and greater scrutiny of firms’ processes and controls to manage sanctions.
We also see the supervisors focusing heavily upon financial and operational resilience. Furthermore when it comes to consumer protection, we see increased regulatory focus upon disclosures and risk warnings both in Ireland and the UK. Both sets of regulators are working to prevent consumer harm and maintain market integrity. In the UK, firms are getting ready to demonstrate compliance with the Consumer Duty relating to closed products from 31st July 2024. This requires firms to embed processes and controls, but also to nurture a corporate culture that reinforces the requirement of acting in the client’s best interests.
To support these regulatory strategies, we saw the CBI issue a Dear CEO letter in February 2024 requiring firms to pay greater attention to the following areas:
Risk Management: Executives need to put customers at the heart of their businesses. Leadership teams should be more proactive in identifying risks and harm towards customers from the products and services provided. This requires firms to ensure that their risk frameworks are maintained and aligned with their business models which will change over time.
Resilience: Firms should be mindful of macroenvironment and consider the potential challenges that might pose for the firm, but also customers in terms of the cost of living, including potential interest rate rises or economic uncertainty. Firms should prepare and mitigate for such shocks and consider any impact upon customers. For example, closing branch networks without ensuring customers can still easily access their money as well as what that means in practice for customers.
Operational Frameworks: Here the CBI like other regulators also reminds firms that governance, risk management and controls need to be effective continuously. This requires a holistic approach with firms looking at external risks, including third parties, and how they might impact the firm’s services and customers.
Change Management: Firms are reminded of the need to keep pace with changes to their financial resources, but also with customer needs. This requires firms to consider how any investments made by the firm might impact their customers. For example, the introduction of new software or technology and potential cyber-security risks, or even the ethical use of customer data.
PRA Priorities:
Likewise, the UK’s PRA has been emphasising its expectation that firms must ensure:
- Boards actively challenge executives regarding the suitability of the business infrastructure, processes, and controls, as well as receiving appropriate management information
- Boards and executives remain vigilant and continue to review and manage their risks
- Decision making is enhanced with the right information reaching the right people at the right time
- Firms implement and embed an appropriate risk culture throughout their organisations
Supervisors worldwide expect firms to have robust and effective risk management frameworks in place which are supported by the governance structure within firms.
Whilst many firms do have risk frameworks and escalation processes in place, are they effective, and do they help your compliance team to be proactive in managing regulatory risk?
How Ruleguard can assist
Ruleguard’s industry-leading GRC software is designed to help regulated firms manage the burden of evidencing and monitoring compliance. It has a range of tools to help firms fulfil their obligations across the UK, Europe and APAC regions.
Ruleguard has a range solutions to help embed compliance as well as demonstrating compliance with the relevant requirements. For example with our checklist and evidence management solution, you firm can easily:
manage daily tasks and oversee their completion with our dashboards
use configurable workflow tools to manage each stage of a process
gather assurance data points that procedures are being followed as intended, and
store and access supporting evidence to quickly answer queries for oversight and audit purposes.
Whilst building a solid audit trail, Ruleguard also helps to embed a culture of compliance within firms.
If you’d like to learn more about the Ruleguard’s Employee Compliance Solutions, please contact us for further information on: Tel: 0800 408 3845 or hello@ruleguard.com.
Book a demo
Learn more about Ruleguard's Employee Compliance Solutions and see the platform in action!
Recent Blogs
Webinars - Upcoming and On Demand
About the author
In a career spanning almost 30 years, Priscilla has worked as a consultant, CCO and MLRO providing regulatory oversight and advice to firms across the financial services industry. She is responsible for our thought leadership programme, writing regular articles and white papers, and hosting webinars on a variety of regulatory matters.
She is a Fellow of the International Compliance Association, a certified GRC practitioner, and a member of the Institute of Risk Management.