Although core elements of the SMCR have been in place for many years – senior management authorisation, assessment of individual fitness and competency, approved person principles and implicit expectation of regulatory referencing, the Parliamentary Commission on Banking Standards (PCBS) found that the existing Approved Persons Regime failed to hold individuals to account in banks. It subsequently recommended that the SMCR is extended to the rest of the financial services industry. Firms must now implement by 9 December a tangled web of old and new rules that are more prescriptive as to how Senior Management responsibilities and individual competencies are assessed and documented and the standards of conduct that are expected in regulated firms. Part of that tangle it what type of SMCR firm you are and the following is written from the perspective of a Core SMCR firm, for an asset manager one that manages less than £50 billion AUM, with no Appointed Representatives.
Impenetrable and difficult to tackle
In July the FCA at last published its final rules implementing SMCR for Solo Regulated Firms. At around 330 pages of amendments to the existing SMCR rules, these are comprehensive. Many of the rules contain situational guidance or repeat and cross-refer to other sections of the FCA handbook for emphasis, so communicating the detail of the rules is challenging. One obvious pitfall would be to turn the extensive rules and guidance into policies and documents for staff to read on a “there you go” basis. SMCR is about how each firm demonstrates to the FCA it achieves the outcomes the FCA wants not how it wallpapers the office.
The first thing to do when starting to implement SMCR is to put SMCR aside for a moment. Regardless of regulation, most would accept that businesses should be organised with clear and accountable reporting lines, front-office and back, feeding into the most senior management body of the firm, often the Board or it may be an Executive Committee. If this is not clear today in your firm, then you will have some extra work to do.
If there is true accountability, that is, the buck-really does stop with an individual (and this includes Compliance), then you’ve identified your Senior Managers requiring authorisation with the FCA. It is likely (but this won’t be true in all cases) that these senior managers will be authorised by the FCA already as Directors or Partners and maybe the Compliance Oversight function. The FCA will transfer these to the new Senior Management functions automatically.
The next organisation task is to identify the FCA’s Certification Functions which map to existing roles. This will be more than a mapping of current FCA Controlled Functions but it need not be complicated. It is important that firms understand that from 9 December only Senior Managers will be authorised by the FCA. Existing Controlled Function holders will find their authorisation with the FCA terminated and they will in future only be Certified by the firm. A further mapping of roles that the FCA permits may fall outside the regime needs to be undertaken.
Once completed, the firm will have a governance and responsibilities map, matrix, profile, call it what you will, that summarises the organisation structure of the firm, identifies Senior Management responsibilities, Certification Functions, exempt functions and by default Other Conduct Staff (to whom conduct standards apply but are not senior managers, exempt or certifiable staff). For most firms, this document is not a rule requirement so it need not be overly complex, just accurate.
Sturdy support system
The FCA felt that it needed to introduce three “Prescribed Responsibilities” specific to delivering and implementing SMCR effectively which must be assigned to Senior Managers:
Although the main elements of the SMCR may be delivered by operations, human resources, compliance or other functions within the business, it is these Senior Managers who the FCA will hold accountable for the effective delivery of the building blocks of SMCR which are:
These prescribed responsibilities are important for the FCA. As it mentions in the report on the RBS Global Restructuring Group (GRG) the FCA “can act both against the firm, and against the SMF holder accountable for the SMCR within the firm”.
Training is pivotal and contains two important requirements. First, senior managers need to be made aware of their Duty of Responsibility, essentially a statement that the FCA can take enforcement action against senior managers (just as they can and do today). The FCA does not state how Senior Managers must be made aware; training is one way this can be done.
Second, FCA’s Code of Conduct (COCON) rules apply to all staff except exempt persons and they need to be trained on how these apply to them. Firms will need to think about what these conduct rules mean in the context of their business activities, individual roles and how staff should be trained on them. Training methods that encourage dialogue mean staff will likely ask more questions. Training approaches that use face-to-face training are supported by the FCA because they result in better engagement.
Firms should build on existing arrangements to assess staff to confirm the validity of Senior Managers SORs annually, renew Certifications, obtain new regulatory references where required, review fitness and competency and refresh conduct training. Of course, staff need to continue to be hired, referenced, assessed, certified, trained and when required exited with adequate handover arrangements and referencing if asked for by the new employer. Firms will need to update the FCA’s new record of Certification Functions, the FCA Directory, and attest to the FCA its accuracy on at least an annual basis.
SMCR contains a number of controls to reduce the risk that “bad apples” continue to work in financial services. The most important is the regulatory referencing process which has been strengthened and formalised significantly. In addition, the FCA has retained notification requirements for Senior Managers and introduced an annual reporting process for Certification and Other Conduct Staff disciplined for Conduct Rule breaches.
Implementation of SMCR is a challenge but firms still have time with the right resources. SMCR builds on so much that exists today that firms with good governance, human resources and compliance arrangements and who take an organised and structured approach to implementation should meet the FCA’s deadline. Firms will benefit from having an organised inventory of SMCR related tasks, an overview policy to summarise how SMCR operates in the business, a responsibilities matrix that addresses SMCR arrangements end to end and tailored, relevant and informative training to Senior Managers and Conduct staff.
For further information on SMCR contact Jon Wilson at firstname.lastname@example.org
Click here to see Ellis Wilson’s SMCR service proposal.