Attestations & SMCR: Embedding Accountability at Scale
Attestations & SMCR: Embedding Accountability at Scale
Attestations: Another Checkbox... or a Catalyst for Real Accountability?
Attestations have long been a supervisory tool used by the FCA to hold individuals to account. But they’re more than just regulatory paperwork. Done right, they can drive cultural change, strengthen controls, and embed ownership across an organisation.
The question isn’t whether you’re using attestations, it’s how well you’re using them.
Accountability, Formalised
In the context of the Senior Managers & Certification Regime (SMCR), attestations make accountability personal. They compel senior individuals to affirm, in writing, that they’ve taken responsibility for a specific risk, control, or remedial action.
This isn’t just about regulatory compliance. When individuals sign their name to a statement, it prompts action. It encourages clarity. And it builds a stronger line of defence, not just on paper, but in practice.
Why the FCA Uses Attestations
The FCA’s own guidance is clear: attestations are used to “prompt and compel” firms and individuals to act. That could mean verifying that a control has been implemented, confirming the outcome of a remediation plan, or acknowledging awareness of a regulatory obligation.
You can read more on the FCA’s approach here.
But in many firms, attestations are still managed through emails, spreadsheets or PDF sign-offs. This creates gaps, and risks. Manual processes don’t scale. And when inspection time comes, it’s harder to demonstrate the integrity of your controls.
Turning Attestations into a Source of Strength
A digital attestation process doesn’t just reduce admin - it raises the bar.
Legitimacy: A clear, trackable statement from a named individual makes ownership hard to avoid and easy to prove.
Resilience: Controls can be assessed, tested, and validated at any time - not just in response to regulatory pressure.
Relevance: Attestations force a live conversation about whether controls still meet the risks they’re designed to manage.
At Grath, we’ve taken the principles of attestation - clarity, accountability, ownership - and embedded them across every module in our platform. Whether you're tracking a control, managing a policy, or updating a risk assessment, named responsibility is part of the process. By design.
Because a control framework is only as strong as its weakest link. And when responsibility is distributed and invisible, it tends to snap under pressure.
Attestations Aren’t Just for Senior Managers
Under SMCR, it’s not just the C-suite that’s accountable. The Certification Regime and Conduct Rules extend responsibility down into the firm, and rightly so. Risk is everyone’s business.
But in many organisations, that accountability gets lost in the noise. Policies get acknowledged but not read. Controls are ‘owned’ by people who didn’t know they were owners.
Grath makes that impossible. With clear responsibility, formal sign-off, and real-time tracking, you create a culture where ownership is visible, and action is expected.
Ready to put real accountability on record?
Book a demo or get in touch to find out how Grath helps firms like yours formalise ownership and strengthen compliance from the ground up.
Attestations: Another Checkbox... or a Catalyst for Real Accountability?
Attestations have long been a supervisory tool used by the FCA to hold individuals to account. But they’re more than just regulatory paperwork. Done right, they can drive cultural change, strengthen controls, and embed ownership across an organisation.
The question isn’t whether you’re using attestations, it’s how well you’re using them.
Accountability, Formalised
In the context of the Senior Managers & Certification Regime (SMCR), attestations make accountability personal. They compel senior individuals to affirm, in writing, that they’ve taken responsibility for a specific risk, control, or remedial action.
This isn’t just about regulatory compliance. When individuals sign their name to a statement, it prompts action. It encourages clarity. And it builds a stronger line of defence, not just on paper, but in practice.
Why the FCA Uses Attestations
The FCA’s own guidance is clear: attestations are used to “prompt and compel” firms and individuals to act. That could mean verifying that a control has been implemented, confirming the outcome of a remediation plan, or acknowledging awareness of a regulatory obligation.
You can read more on the FCA’s approach here.
But in many firms, attestations are still managed through emails, spreadsheets or PDF sign-offs. This creates gaps, and risks. Manual processes don’t scale. And when inspection time comes, it’s harder to demonstrate the integrity of your controls.
Turning Attestations into a Source of Strength
A digital attestation process doesn’t just reduce admin - it raises the bar.
Legitimacy: A clear, trackable statement from a named individual makes ownership hard to avoid and easy to prove.
Resilience: Controls can be assessed, tested, and validated at any time - not just in response to regulatory pressure.
Relevance: Attestations force a live conversation about whether controls still meet the risks they’re designed to manage.
At Grath, we’ve taken the principles of attestation - clarity, accountability, ownership - and embedded them across every module in our platform. Whether you're tracking a control, managing a policy, or updating a risk assessment, named responsibility is part of the process. By design.
Because a control framework is only as strong as its weakest link. And when responsibility is distributed and invisible, it tends to snap under pressure.
Attestations Aren’t Just for Senior Managers
Under SMCR, it’s not just the C-suite that’s accountable. The Certification Regime and Conduct Rules extend responsibility down into the firm, and rightly so. Risk is everyone’s business.
But in many organisations, that accountability gets lost in the noise. Policies get acknowledged but not read. Controls are ‘owned’ by people who didn’t know they were owners.
Grath makes that impossible. With clear responsibility, formal sign-off, and real-time tracking, you create a culture where ownership is visible, and action is expected.
Ready to put real accountability on record?
Book a demo or get in touch to find out how Grath helps firms like yours formalise ownership and strengthen compliance from the ground up.
Attestations: Another Checkbox... or a Catalyst for Real Accountability?
Attestations have long been a supervisory tool used by the FCA to hold individuals to account. But they’re more than just regulatory paperwork. Done right, they can drive cultural change, strengthen controls, and embed ownership across an organisation.
The question isn’t whether you’re using attestations, it’s how well you’re using them.
Accountability, Formalised
In the context of the Senior Managers & Certification Regime (SMCR), attestations make accountability personal. They compel senior individuals to affirm, in writing, that they’ve taken responsibility for a specific risk, control, or remedial action.
This isn’t just about regulatory compliance. When individuals sign their name to a statement, it prompts action. It encourages clarity. And it builds a stronger line of defence, not just on paper, but in practice.
Why the FCA Uses Attestations
The FCA’s own guidance is clear: attestations are used to “prompt and compel” firms and individuals to act. That could mean verifying that a control has been implemented, confirming the outcome of a remediation plan, or acknowledging awareness of a regulatory obligation.
You can read more on the FCA’s approach here.
But in many firms, attestations are still managed through emails, spreadsheets or PDF sign-offs. This creates gaps, and risks. Manual processes don’t scale. And when inspection time comes, it’s harder to demonstrate the integrity of your controls.
Turning Attestations into a Source of Strength
A digital attestation process doesn’t just reduce admin - it raises the bar.
Legitimacy: A clear, trackable statement from a named individual makes ownership hard to avoid and easy to prove.
Resilience: Controls can be assessed, tested, and validated at any time - not just in response to regulatory pressure.
Relevance: Attestations force a live conversation about whether controls still meet the risks they’re designed to manage.
At Grath, we’ve taken the principles of attestation - clarity, accountability, ownership - and embedded them across every module in our platform. Whether you're tracking a control, managing a policy, or updating a risk assessment, named responsibility is part of the process. By design.
Because a control framework is only as strong as its weakest link. And when responsibility is distributed and invisible, it tends to snap under pressure.
Attestations Aren’t Just for Senior Managers
Under SMCR, it’s not just the C-suite that’s accountable. The Certification Regime and Conduct Rules extend responsibility down into the firm, and rightly so. Risk is everyone’s business.
But in many organisations, that accountability gets lost in the noise. Policies get acknowledged but not read. Controls are ‘owned’ by people who didn’t know they were owners.
Grath makes that impossible. With clear responsibility, formal sign-off, and real-time tracking, you create a culture where ownership is visible, and action is expected.
Ready to put real accountability on record?
Book a demo or get in touch to find out how Grath helps firms like yours formalise ownership and strengthen compliance from the ground up.
Book your demo today.
Manage your analytics & sales all in one place and transform your business with Scalable.
