It is designed to make individuals within organisations accountable to the regulator for their individual conduct and competence. The SAO is similar to a Senior Management Function (SMF) under this regime, where senior individuals must be approved as fit and proper before appointment and must have a Statement of Responsibilities defined and shared with regulators. A mandatory set of prescribed responsibilities must be allocated by firms across their senior managers. The more material firms have to maintain a summary document which summarises the names of each senior manager (SM) and their responsibilities, the allocation of prescribed responsibilities among SMs, and the firm’s governance arrangements – a so-called management responsibilities map.
Below are key lessons which can be applied to large organisations from a tax’s perspective.
The requirement for a tax strategy has parallels to the risk strategies that financial services firms develop for approval by their boards, and the risk appetites that link to these risk strategies. Defining a risk strategy is crucial in many organisations, it helps them to communicate the level of risk that is acceptable and unacceptable to the business. So, the business has guidance enabling it to knowingly manage risk in line with the board’s requirements. In many organisations, this is now a valuable tool helping to both control inappropriate and empower appropriate risk-taking.
Once an individual is given clear accountability across a significant area, it is important to take reasonable steps to ensure the accountabilities are met. This will include clearly outlining how individuals and processes across the organisation come together to enable that accountability to be met. This requires a clear view on how relevant processes are delivered, their risks and their level of resilience to stresses and disruption. Mapping and documenting how the resources of the organisation enable this activity to be undertaken is an important first step. Done well, it can help an organisation and the relevant accountable person to be confident that the level of tax risk is in line with its risk appetite and tolerance for disruption.
In April 2023 we saw the first enforcement action under the SM&CR against a senior manager. TSB Bank’s (TSB) former Chief Information Officer (CIO) was fined for a breach of SM&CR, in connection with TSB’s failed 2018 IT migration. The CIO was expected to act reasonably in carrying out their role with the identification and mitigation of risks from an IT perspective, including risks associated with TSB’s outsourcing arrangements, but was deemed to have failed to do so. This illustrates what can go wrong if regulators feel that accountable individuals fail to take what they see as “reasonable steps” in the identification and mitigation of risk and to comply with regulatory requirements.
Crowe’s Risk Consulting team is experienced in reviewing and enhancing the effectiveness and efficiency of risk and governance arrangements in financial services organisations. We ensure:
If you require assistance in this area or want further information as to how we can help you, please contact Justin Elks.
Related insights
Other insights and news
Title | Date |
---|---|
11/12/2024 | |
Measuring the success of AI integration
05/12/2024
|
05/12/2024 |
20/11/2024 | |
07/11/2024 | |
30/10/2024 |