We were delighted last week to host Michael Rasmussen, the “Father of GRC,” as the featured presenter at our webinar on SMR/CR compliance: Senior Management Regime – the Next Level of Maturity.
As SMR/CR has been in effect for some time now, with increasing effect on FCA-regulated entities – insurers, reinsurers, and managing agents came under the regime just this week – interest in the new regulations is high. As such, we weren’t entirely surprised to have highly engaged and interested GRC practitioners logging on for the hour-long presentation by Michael, myself, and my Mitratech colleague Jon Dedman.
Michael’s talk focused on Engaging Management in the Next Level of Risk & Compliance Accountability, with a focus on accountability. Not surprisingly, much of the discussion around SMR/CR has centered on the responsibilities senior managers will need to take on as the law takes effect.
Michael, however, stresses that SMR/CR is best understood as a regulation that seeks to instill accountability throughout the entire organization, and that employees – not just executives – must be part of the compliance effort. He asserted that the keys to implementing this are crafting a clear communication plan and implementing an effective policy management system.
Michael Rasmussen’s elements of a SMR/CR communications plan
Michael’s outline for an SMR/CR communications strategy contains seven elements:
- Goals: Define specific communications goals and strategies for distribution, certification and training for each policy.
- Audience: Write the communication and training plan to meet the unique needs of each target group.
- Resources: Assign the appropriate people, budget and other resources to ensure communication goals are met.
- Accessibility: Develop each policy and training program to be accessible, understandable and actionable by all groups.
- Measurement: Decide on the metrics that will constitute “success” for each phase of the communication process.
- Alignment: Align communication and training strategies with the corporate culture and Code of Conduct.
- Internal Stakeholders: Collaborate with and enlist the support of internal stakeholders across the business.
Core values of a Policy Management technology stack
Likewise, Michael holds that any technology solution that will be adopted in support of reaching SMR/CR compliance objectives must incorporate four core values or feature sets:
- Integration: Policy communication and training technologies need to integrated into the larger business environment – such as HR management systems – in order to properly target and disseminate policies.
- Visibility: The system needs to be user friendly and intuitive so that users of varying capabilities can use the system and understand policy.
- Global Reach: Policy communication and training technologies must be capable of meeting the language and geographic needs of the organization.
- Availability: The system must be accessible across the organization – and across business relationships – so that anyone can easily access the policy and associated training.
Proven Policy Management for SMR/CR compliance
I had the daunting task of following up on Michael’s talk, and launched a brief discussion of how companies are seeking to address SMR challenges. The typical journey will see an organization go through three stages of maturity:
- Phase one is Hope, with decision makers wondering whether they have done enough to ‘cobble together’ a solution (“no you haven’t” is the is typical response here).
- The second phase is Inefficient, where the organization is, in fact, compliant, but this compliance relies on manual processes to handle regulator requirements.
- The third and ultimate phase, Focused, is when a fully compliant automated solution is in place, focused exclusively on SM&CR requirements.
Many thanks to Michael Rasmussen for sharing his knowledge and expertise with us, and thanks also to everyone who experienced the webinar. If you weren’t able to join us last week, you can access the recorded session here.
Webinar on Demand: Senior Management Regime – The Next Level of Maturity
Watch Michael Rasmussen and Mitratech GRC experts reveal best practices for SMR/CR compliance.