Managing employee responsibility and accountability to ensure compliance within regulation and risk control frameworks is ever more complex and burdensome. Senior Management & Certificate Regime (SMCR) Lists, Insider Lists, Authorised Trader Lists, Authorised Signatory/Signer Lists – the list of lists that financial services companies are required to maintain continues to expand. As does regulatory interest.
Bar Authorised Signatories, every one of the staff registers mentioned falls under regulatory supervision. And with the Hong Kong SFC recently becoming the first authority to regulate Authorised Signatory Lists, other regulators will likely follow suit.
The current issues
Maintaining and updating such employee registers is an onerous undertaking using traditional means, most often the hallowed Excel spreadsheet. It’s not an ideal tool for the task, though. For example, for large companies managing numerous and extensive Insider Lists manually on Excel, the process is unwieldy and will fall foul of the Market Abuse Regulation (MAR) if they accidentally overwrite a previous version of a list by automatically saving when updating it. A strong contender in the most common error awards.
Time is also a key factor with staff registers. Completed lists must be updated promptly and submitted to Regulators within a specified timeframe, automatically or upon request. Another unifying factor is that all these registers are subject to continuous change, with ongoing updates also needing to be supplied to regulators in a timely fashion.
As a ‘maintenance’ workaround, some companies include certain employees’ permissions on catch-all permanent lists. However, this is not satisfactory as such lists can be vast and less penetrable than, say, deal- or task-specific lists and risk non-compliance where dedicated lists are required. There can also be side effects from attempts at simplifying these processes. Catch-all registers can cause disruption within organisations by restricting personnel from other responsibilities and potentially lead to the unnecessary hiring of additional employees.
Time For change
Considering traditional methods and the recording and reporting levels required today, it’s virtually impossible to meet regulatory and control frameworks without creating significant inefficiencies within businesses. For regulators, receiving high-quality data in an efficient manner is crucial to supervising the market effectively. For example, the FCA and Bank of England’s joint Digital Regulatory Reporting (DRR) initiative is exploring automating and streamlining various aspects of the regulatory reporting process. It aims to reduce the regulatory reporting burden on firms by making the process more efficient while improving the quality of the reports received with data of a consistent, timely, and sufficient standard.
So, the direction of travel is enhanced, reliable, real-time, easily auditable, and high-quality digital regulatory reporting. What does this mean for the future of registers?
A variety of technology solutions could be employed to help manage the different types of lists that companies are required to maintain. Yet, this runs the risk of unnecessarily increasing the amount of software that companies and teams operate, with additional issues around costs, training, integration with legacy software, and the risk of the skeletons of yet more redundant tools littering organisations.
Individual employees could be on a number of all these lists. What if there were just one key employee responsibilities register capable of combining any or all these lists? Is this feasible, and should it be a target operating model? Responsibilities and control frameworks are already linked. Blockchain is an ideal technology - the FCA and BoE’s DRR initiative is blockchain-based - and such solutions are already commercially deployed.
Consolidate and decentralise
A single, fit-for-purpose register would have multiple benefits. Constructing a register-based around individual employees would allow all lists to be built out from there. By utilising blockchain tech, a historical and real-time record to which changes can quickly be made by adding or removing employees to integrated lists would be automatically created, time-stamped and validated by the blockchain, creating an immutable, accessible audit trail.
This simplified system would yield time and cost savings and allow for the prompt delivery of trustworthy data to supervisors. Permissions could also be removed immediately and temporarily. When staff are required to go on annual aandatory (two-week) vacation, permissions could be removed at the touch of a button for the duration of their leave and reinstated just as easily upon return.
The inadequate management of registers risks fines and reputational damage, and the introduction of personal accountability for individuals through the SMCR places added weight on ensuring that robust procedures are in place. With the evolution of regulations and risk and control frameworks, an increased focus on digital reporting, long-term working from home, and the growth of decentralisation and tools to help improve efficiency and ensure compliance, lists are ripe for transformation.
Steve Pomfret, CEO, Cygnetise
Cygnetise applies blockchain technology to revolutionise the process of Authorised Signatory Management (ASM). The Cygnetise solution solves the pain of ASM by enabling operations and finance departments to digitally manage and share authorised signatories in real time, reducing risk, cutting costs, and making the process more efficient, transparent, and secure.
Cygentise is sponsoring our annual conference Governance 2022 on 5-6 July 2022 at ExCel London.
Sponsored by
