Risk Compliance Roadmap
The risk management roadmap has its foundations in risk culture. Firms need to formulate the right policies connected to the risk appetite set by the board and senior management.
Companies can then train employees in risk management concepts and how to engage with risk management processes. Training covers different risk types and operational resilience, which focuses on responding to a negative event.
Lastly, through the Senior Managers and Certification Regime (SMCR) regime, senior managers are held accountable for the level of risk management via the attestation process. In this way, risk management is a cycle within the organisation, with leadership setting the right tone around risk and supporting employees.
Then, through SMCR leadership, the programme's success is held accountable. With this in mind, your roadmap should include:
- Step 1: Create, maintain and update risk management policies. Also, ensure employees read the policies and attest to having done so. Be able to evidence the policies to regulators.
- Step 2: Train employees in risk management concepts and skills to implement the risk framework effectively. Help them better understand what risk is, the purpose of risk management, identify and assess risk, use risk controls, monitor risks, and communicate about risk across the organisation. Enable your employees to envision risk as a continuous improvement process.
- Step 3: Embed operational resilience within the organisation. The UK Financial Conduct Authority has a new operational resilience requirement for financial services firms. Employees need to understand and engage with this to ensure customers and the markets don't face negative impacts if a significant loss event hits the organisation.
- Step 4: Educate employees about specific risk types. In performing their roles, employees engage with different risk types, whether they know it or not. Raising employee awareness about credit risk, operational risk and other risk types can reduce the chances of a negative event and improve business decision-making.
- Step 5: Automate your firm's SMCR compliance processes to ensure senior managers know that risks within their areas are managed appropriately. Also, better manage the risks of non-compliance to both the firm and individual senior managers.
Back to top of page
Risk Policy Management
Create, maintain and update risk management policies. Risk management policies – which connect the firm’s risk appetite to employee activities – are the lifeblood of a good risk management culture.
Well-crafted policies set expectations for employee behaviour and set boundaries for their actions. The policies can also help employees know how to respond should a significant risk event impact the organisation.
Using RegTech, such as Skillcast’s online Policy Hub, you can create and update risk management policies. Policy Hub provides version control and the ability to assign policies to the right audiences. The solution also makes it easier to organise risk management policies, obtain attestations from employees, and evidence these policies to regulators.
Back to top of page
Risk Management Training
To build a robust risk management culture, employees need to comprehend key risk management concepts and learn how to apply them daily.
At the foundation is understanding what risk is. For example, employees may think of risk in negative terms and not understand risk in the context of opportunity. Exploring the purpose of risk management can help teams see why and how they should manage risk.
Enabling individuals to learn how to identify and assess risk, apply controls, monitor risks and communicate about risk across the organisation gives them the tools they need to engage with the risks they encounter in their roles actively.
Today, effective training on risk management is one of the elements of a risk culture that regulators are looking for. Skillcast provides a suite of Risk Management training courses designed to help firms educate employees in an engaging way about their contribution to managing risk.
Back to top of page
Operational Resilience
The FCA has a new operational resilience requirement for financial services firms. Operational resilience is the ability of firms to prevent, adapt, respond to, recover and learn from operational disruptions. Organisations need to identify important business services, understand vulnerabilities, and have plans to continue to deliver those services in the event of a negative event.
Employees across financial firms will need to understand operational resilience, how compliance requirements will impact their teams, and how to deliver on those obligations.
Skillcast has an operational resilience training module to help teams enrich their understanding of the requirements to develop an operational resilience approach that will add value to the organisation.
Back to top of page
Third-party Due Diligence
Third parties pose a significant risk to all businesses. These include cybersecurity, operational, legal, financial, strategic and reputational risks.
Skillcast provides microlearning courses on several risk management-related topics. These courses include cybersecurity, managing homeworkers, and performing third-party due diligence. This helps teams address specific risk issues around those areas.
Skillcast's online Compliance Declarations will also help you streamline the collection, analysis and management of due diligence for associated persons outside your organisation.
Back to top of page
Automate SMCR
SMCR responsibilities create compliance risks for the financial services organisation and personal liability risks for the individual senior managers. This is because SMCR senior managers are now held personally responsible for ensuring risks are managed appropriately within their part of the organisation.
These senior managers need to be sure policies are adhered to, activities remain within the firm's risk appetite, and attestation processes are complete. For some senior managers, this creates significant complexity and can be very challenging to manage via email, spreadsheets, and shared drives.
Skillcast's SMCR 360 automates record-keeping, helping senior managers keep themselves and their organisations safe from potential breaches. Automating SMCR makes processes easier to complete, retains actions for auditing, and enables evidence of SCMR compliance to regulators.
Back to top of page
Staff Surveys
Many employees will encounter specific types of risk in performing their roles every day. It's important for them to understand the nature of those risks and how to manage them.
For example, some employees may need to learn about credit risk and the nature of credit events. Others may need to dive deeper into operational risk to understand better what operational risk is and how it can impact the firm.
You can use anonymous surveys to uncover gaps in employee knowledge and a lack of clarity in risk management policies. Skillcast's Compliance Survey Tool helps you conduct robust staff surveys that ensure wide coverage and enables employees to provide honest feedback.
Back to top of page
Best Practices in Risk Management
If you'd like to stay up-to-date with risk management best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.
Understanding FCA Operational Resilience
The FCA expects regulated firms to identify vulnerabilities in their operational resilience. Learn more about operational resilience and what your firm needs to do to comply.
Setting up a Workplace Whistleblowing Policy
Whistleblowing programmes can serve as valuable risk management tools because they often enable serious risks to be brought to the attention of senior management before their impact grows much larger. Find out how to create a whistleblowing policy.
10 Ways to Improve Risk Management at Work
Discover ten key skills that can help you and your team improve how they approach risk management within your organisation.
Compliance Red Flags you Need to Spot
A practical look at how to spot employees who may pose a compliance risk and a discuss how to manage the people side of compliance. Compliance risk is an operational risk that often originates from employee issues.
Back to top of page
Free Risk Management Resources
We have over 100 free compliance training aids, including assessments, best-practice guides, checklists, desk aids, e-books, games, handouts, posters, training presentations and even e-learning modules.
Operational Resilience Webinar
Discover operational resilience and the UK FCA's compliance expectations from firms. Benchmark where your organisation is today in implementing its operational resilience framework and identify the gaps to fill.
Compliance Continuity Checklist
We've produced a 20-point checklist across five key areas of compliance needing careful consideration during times of disruption.
Risk Management Training Presentation
Our free training aid is a short, interactive presentation that you can use to teach your employees all about risk management and their role in controlling risk across your organisation.
Whistleblowing Training Presentation
Our training presentation covers all the key issues your staff should know concerning whistleblowing, including busting some common myths and discussing why people often feel reluctant to get involved.
Business Continuity Checklist
Our checklist helps you benchmark your existing crisis planning and helps you with creating a new business continuity plan.
Back to top of page