Cookies on the
Compliancy Services website
We use cookies on our site, find out more by clicking here or accept to continue browsing

Regulatory Compliance and the Cornerstones of Risk

Iain Stephen, Joint CEO (18th March 2016)


Iain Stephen

Authorised firms approach to assessment & management of risks, are primary aspects of regulatory compliance, in which the FCA take a very close interest.

With the phased implementation of the Senior Managers Regime (SMR), which commenced on 7th March 2016, senior managers will have a "statutory duty of responsibility" to demonstrate they have their fingers on the pulse and can anticipate and manage potential risks to the business and its customers.

Cornerstones of Risk

The FCA specify what they regard as their ‘Cornerstones of Risk’, that firms must be able to demonstrate they have taken reasonable steps to mitigate from occurring, or continuing and are shown below:

This shouldn't be here but some people just can't take advice

There is no escape from the fact that these risk elements are totally dependent upon each other. If one is not properly addressed, then the other two, by default, cannot be deemed effective.

For example, without strong governance, a firm cannot claim to have embedded the appropriate culture and or controls into its business. Similarly, without proper control of risks in the business, this displays a shortfall to the FCA’s required standards of governance from the top and therefore suggests inadequate attention paid to addressing its cultural risks.

To address cultural risk, clarity and transparency of decision making and individual accountability, plus processes for escalation of potential issues and remuneration strategies, must all be considered. Do senior management recognise they have a potential problem looming, with the available management information flow?

Understanding the Difference between Governance and Management It is important for firms to understand the difference between Governance and Management.

Governance can be defined as “Practical ways to ensure appropriate stewardship of a company to promote good performance”. This means setting out clear definitions of roles and responsibilities to deliver good governance. The responsibility for this lies directly with the firm’s Approved Persons.

Management represents the “Hands-on implementation of the board of directors’ strategy to meet documented performance goals”. This can obviously be performed by the Approved Persons, and or other senior management.

Coming under the spotlight

One of the main strategies by which the FCA will be able to assess senior management’s commitment to, and implementation of, the Cornerstones of Risk in significant detail, is through Business Risk Awareness Workshops (BRAW). These may take the form of on-line questionnaires, or an invitation to a meeting where the firm’s business model and operations are interrogated in respect of their governance, culture and control risks. Any significant shortfalls identified by the BRAW process, can lead to a firm having to undergo a full formal audit at their premises, which can be both extensive and highly intrusive.

Notwithstanding the FCA’s potential intervention, it makes sense for all firms to understand these areas of risk to their businesses.

Compliancy Services has a Customer Service Team that can help firms with their regulatory compliance and to provide practical and commercial solutions.





New Broad Street House 35 New Broad Street London EC2M 1NH

Tel: 020 7060 4499 Email:

Copyright © 2018 Compliancy Services Ltd     Company Registration Number: 04954156

Registered Office: 69 Hermitage Road, Hitchin, Hertfordshire SG5 1DB

Please note that calls may be recorded for training and monitoring purposes