The FCA Handbook sets out the rules and guidance relating to appropriate risk management, at a basic level the regulator expects Firms to understand the principles of enterprise risk management.
Section SYSC 7.1 of the FCA Handbook requires a firm to have effective processes to identify, manage, monitor and report the risks it is, or might be exposed to.
The FCA have, over recent years tested Firms compliance, they have used online surveys, telephoned based interviews and face to face reviews. Fortunately we have been involved in a significant number of these reviews.
We have an online risk log and procedures to ensure that risks are documented, measures applied and mitigation agreed. This process and the supporting documentation allows firms to provide evidence to the FCA that they are complying with this important requirement.
- Exercise Professional Skepticism
- Risk Management Protects Value
- Manage risks with Objectivity
- Adapt to the Situation
- Risk Management Must Be Proactive
Transform IT risk into business-relevant risk metrics that can be shared with key stakeholders to drive awareness, accountability, and action
Visualise current risk exposure and analyze historical trends to illustrate how your IT risk program systematically reduces risks to the business over time
Prioritize remediation efforts based on business risk rather than technical severity
Work with key business stakeholders to make consistent plans for better security practices and monitor progress against these plans on an ongoing basis