Whether you are looking to add new regulatory permissions, obtaining permission for the first time, or perhaps signing a regulatory attestation of compliance, you will need a degree of certainty that you are complying with all the relevant rules. It is increasingly common for a new Senior Manager Function holder to ask for evidence of compliance as part of their reasonable steps.
Coming up with a response can initially feel overwhelming. In practice having the ability to clearly evidence what controls you have in place to ensure compliance with applicable rules is incredibly powerful. Once built, it becomes especially useful to assess and implement regulatory changes.
What you need
You need to start with a list of all the rules and regulations against which you can assess which apply to your business. For those regulations which do apply you will need to go through every rule to assess which applies to your business and check if you have a control in place to make sure your business complies with that rule.
Some firms take this onto another step by adding a risk self assessment, which involves risk rating the residual risks of non compliance after having applied a control. They use this to drive their second line work programmes.
How we can help
We have years of experience in successfully building and implementing these frameworks in ways that are pragmatic and proportionate to the need. Generally we will recommend that you start by creating an inventory of all the primary legislation and regulations, which are available as a digital download. Either you or we can then record an assessment as to whether each piece of legislation applies to your business.
Once you know all the primary legislation, the next level involves a line by line listing of the applicable rules, we have the most common ones available as a digital download, and can create more on request. Each applicable rule should then be assessed for relevance to your business, and if relevant it is mapped to the controls you have in place to comply with those rules. The mapping process can be done at different levels of detail and can include a assessment of the residual risk after a control has been applied. The level of detail depends on the business need.
To reduce costs and time, we aim to leverage what exists already by directing you to what we have ready made, so that you only need to pay for our expertise on the value add which could be an expert at the end of the phone while you do the build yourself, through to us actually doing all of the work for you. Please contact us if you would like to discuss your requirements in more detail.