Operational Resilience & UK SOx Compliance: The case for automation

Financial institutions are prompted to assess their current operational strategies in alignment with regulatory frameworks like Operational Resilience and the new Corporate Governance Regime (known as UK SOX).

Both frameworks impose regulatory obligations on organisations to enhance the resilience of their financial processes and risk management strategies, with firms advised to act in readiness for their implementation this year.

The imperative for robust Operational Resilience is emphasised by the need to adapt to evolving threats, maintain business continuity, and safeguard financial stability.

Tom Livock, Senior Payments Expert at AccessPay recently spoke at Fin-Tech North’s Operational Resilience webinar to discuss the overlap of demands between both Operational Resilience and UK SOx.

Livock explores how automation can ensure compliance success, and open doors for more strategic decision-making.

76% of businesses cite Operational Resilience as a key driver for Finance Transformation

Since the Operational Resilience Framework was introduced in 2022, it has remained a key priority for finance teams. Our recent Finance Trends Report surveyed our customers and other UK businesses to gain insight into the current perspectives around Operational Resilience.

In the survey, conducted from November to December 2023 across 42 organisations, 76% of respondents cited Operational Resilience as a key driver for digital transformation.

You can read the full report here

The shift from ‘people process’ to automation

Why is it an emerging priority?

If we rewind just a decade or two, the backbone of financial, and operational resilience centred on people processes.

A finance team would be expected to manually manage payments. They would be based in an office, work from ‘secure’ systems, and would authorise payments with physical ‘smart-cards’ that would be locked away at the end of the day.

It was believed that as long as you if you had a team of people that worked in a secure, physical environment, you could ensure smooth financial operations.

But when the COVID-19 pandemic hit, this model was disrupted.

Finance teams had to adapt to remote work. They didn’t have access to their offices, and their ‘secure systems’.

This presented a new challenge. A process that once relied on physical proximity wasn’t a possibility anymore.

How could…

• payments be processed?
• cash positions checked?
• and payments reconciled?

It was obvious finance teams needed a way to manage their payments from anywhere, without reliance on physical systems – but no less securely.

Operational Resilience means being adaptable

Soon after Covid-19, the Bank of England introduced the new Operational Resilience framework. Under the regulation, firms needed to find a way to “absorb and adapt to shocks and disruptions, rather than contribute to them.” Read more here: https://www.bankofengland.co.uk/financial-stability/operational-resilience-of-the-financial-sector

Part of the framework also suggests: “Where firms identify vulnerabilities…these should be addressed.”

For Financial Services firms, not being able to make payments without access to a physical office environment was classed as a vulnerability, as this is a huge part of their business continuity.

The solution?

Removing reliance on office-based systems and physical smart-cards, and instead automating these financial processes. This includes everything from making payments, downloading bank statements and authorising payments from secure, cloud-based systems like AccessPay.

This was the case for our customer, Darlington Building Society. They automated historic, manual financial processes, removing unnecessary human intervention. They are now compliant, and class AccessPay as a ‘key partner to their Operational Resilience’.

Read their story

UK SOx and the introduction of the Audit, Reporting, and Governance Authority (ARGA)

The COVID-19 pandemic set the standard for resilience. But, high profile cases of ‘financial collapses’ like that of Patisserie Valerie also sparked the UK government to explore ways to better protect the UK economy. Especially after recovering from the financial blow of the pandemic.

Livock explained the story behind the financial collapse of Patisserie Valerie, and it’s eye-opening.

 

“Patisserie Valerie’s former chief finance officer is facing charges of fraudulently inflating the company’s balance sheet and misleading lenders Barclays and HSBC. The CFO is accused of defrauding shareholders and creditors by inflating Patisserie’s cash on its balance sheets and annual reports between 2015 and 2018.”

Not long after this case, in 2021 – the Audit, Reporting, and Governance Authority (ARGA) was announced. With that came the announcement of UK SOx, scheduled to come into effect in late 2024.

It’s aim: to prevent financial fraud, especially of a scale that might threaten the UK economy.

CFO’s need to be accountable

Finance leaders will now be held personally responsible for ensuring the accuracy and veracity of financial reporting.

Non-compliance could result in prison sentences for individuals found to be reporting false or falsified financial information.

You can read the full story on UK SOx, who it’s for and its implications here.

Operational Resilience & UK SOx; The crossover

Operational Resilience relies on automation as a crucial feature as finance processes shift from manual to remote working.

UK SOx hinges on automation for secure, streamlined, and robust payment controls.

In both cases, automation removes the risks associated with manual processes.

What should you automate to ensure you meet these requirements?

Livock details four considerations to improve payment controls, remove the risk of manual processes and ensure compliance:

1. Payment Screening: Consider a scenario where a payment file from your back -office system (e. g. your ERP) is automatically transmitted to the bank; how can you identify if data in the payment file exceeds a specific amount, involves a new recipient, or contains duplicate transactions? Without additional, often manual, controls, how confident are you that the file is correct Explore Payment Screening
2. Confirmation of Payee (CoP): If you are processing UK payments, how confident are you that the account holder’s name matches the sort code and account number? Most customers are carrying out individual CoP checks in their bank portals, which is inefficient, laborious and still carries risk of human error. Explore CoP
3. Sanctions Screening: Are you carrying out any sanctions checks, especially for international payments? How do you know who you’re paying is 100% legitimate? Explore Sanctions Screening
4. Automated payment and statement reports: Are you able to easily create audit reports that demonstrate for your internal and external auditors that you are compliant? Or does creating these reports take up valuable time for several different teams?

The results of more automated processes:

• Enhanced accuracy of your payments
• Efficiency across your workflows
• Increased confidence in the accuracy of payment files
• Greater efficiency when conducting beneficiary checks
• Risk mitigation as standard
• Compliance assurance
• Audit readiness

Compliance with Operational Resilience and UK SOx is achieved.

The strategic advantage

It is evident that the success of Operational Resilience and UK SOx compliance across the payment landscape hinges on effectively automating your payment workflows and controls.

Additionally, your company will gain a more complete understanding of its financial position and financial stability with trusted, accurate and real-time financial data.

With more accurate, real-time reporting, strategic decisions are made quicker and more confidently.

Missed the Operational Resilience Forum?

Catch up on the full event now, watch on-demand here

• Wayne Scott, Regulatory Compliance Solutions Lead at NCC Group
  The current state of Operational Resilience
• Raj Kohli, Director at DCR Partners
  Strategy and Resilience by design
• Angela Yore, Managing Director at Sky Parlour
  Panel Discussion