This blog post was contributed by John Kumar, a SMCR specialist and member of Meetig8. With extensive experience from EY as well as successfully designing and implementing the SMCR framework for a top EEA bank and a large UK-based asset management company, John writes on what to look out for as SMCR approaches implementation for solo firms.
Following the UK’s banking and financial crisis, parliament asked the UK’s Financial Conduct Authority (FCA) to implement a new supervisory regime that would hold key individuals to account, particularly when things go wrong at firms. The FCA devised the Senior Managers and Certification Regime (SMCR) to improve accountability and to raise standards of conduct and ethics (SMCR replaces the previous Approved Persons Regime or APER). The regime initially applied to banks from March 2016 and insurers have had the equivalent apply from December 2018. SMCR will now be extended to almost all other firms in the UK (referred to as ‘solo firms’) from December 2019. In this last phase, the FCA expects around 60,000 firms to transition over from APER to SMCR.
This article gives you a three minute primer on what solo firms need to know about SMCR.
What are the 5 biggest need-to-knows on SMCR?
- Senior managers and certification function staff are to be annually assessed by the firm as ‘fit and proper’.
- Regulatory references are required for these two categories of staff (both asking and giving). Firms are now obliged to request regulatory references for incoming employees for up to six years. Also, firms that receive these requests have to provide these references. References are in an FCA-prescribed format and contain details of staff behaviour and FCA Conduct Rule violations.
- A renewed emphasis on conduct and accountability by applying Conduct Rules to most staff in the industry.
- Senior managers to outline their responsibilities in writing.
- Some firms may be required to produce a Management Responsibilities Map (MRM) document, which summarises the key staff in a firm and describes how the firm is governed.
Conduct rules? What are they?
Under SMCR, there are two categories of conduct rules. The five conduct rules that apply to all staff regardless of responsibility are:
RULE 1: You must act with integrity.
RULE 2: You must act with due skill, care and diligence.
RULE 3: You must be open and cooperative with the FCA, the PRA and other regulators.
RULE 4: You must pay due regard to the interests of customers and treat them fairly.
RULE 5: You must observe proper standards of market conduct.
In addition, additional conduct rules apply to senior managers:
SC1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
SC2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.
SC3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.
SC4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.
My firm is classified as a solo firm. What happens next?
- You will need to meet the requirements of the regime by 9 December 2019. You will need to identify senior managers in your firm and make sure each one has a Statement of Responsibility (a regulatory job description); certain firms will also need to prepare an MRM document.
- Both sets of documents will need to be filed with the FCA by the implementation date. Additionally, you will need to identify Certified Persons and have them trained on the Conduct Rules by the implementation date.
- A year later (9 December 2020), all other staff members will also need to be trained on the Conduct Rules and Senior Managers and Certified Persons will need to be annually assessed as ‘fit and proper’ for their roles.
What are FCA expectations re. SMCR implementation for my firm?
The FCA doesn’t want firms to treat this as a tick-box exercise and wishes to be able to hold senior individuals to account when things go wrong. Some of the more pertinent FCA expectations are:
- Statements of Responsibilities (SoRs), that describe‘what’ a senior manager does, not ‘how’ he/she does itaccurately reflect his/her senior manager’s accountabilities. It should not be an aspirational statement.
- Where required, MRMs should cover all areas of the business and not leave out any potential gaps. Details to be included are: senior manager make-up, brief description of their responsibilities, organisational description, governance arrangements, etc.
- Staff are trained on the Conduct Rules, especially on how it relates to their roles. This means that staff training has to be customised per category (senior managers, certified persons, general staff and overseas staff) as each has a different role under the regime.
- Firms have in place adequate governance arrangements since the FCA imposes a Duty of Accountability. This means that if a senior manager didn’t take reasonable steps to prevent a breach from occurring in their business area, the FCA can hold them accountable (though it should be noted that the burden of proof is on the FCA).
- Line managers and all managers going up to senior managers are responsible for adequately supervising their staff and making sure that they are fit and proper for their roles. This is a formal certification process that is to be done annually.
- While a firm or group is not expected to change its organisational structure or governance arrangements to suit SMCR, in practice firms should plan for these arrangements to be more formalised and specific roles like joint heads of business units to come under more scrutiny.
- Documentation is to be retained for certain specified periods. In practice, firms make arrangements for documents to be stored for 10 years or more as a senior manager could have moved on from their role or even the organisation when a failure is discovered and investigated by the FCA, so access to such documents will be pertinent.
Where can I get help?
Meetig8 has a full array of qualified risk and compliance professionals that can help your business comply with requirements such as the SMCR. Meetig8 also has corporate governance expertise as well as assurance professionals. Contact us for further information at email@example.com or post a job now at www.meetig8.com by signing up as a client member. Registration is free. For a free demo, please send an email to firstname.lastname@example.org.