On 9 December 2019, the final stage of the Senior Managers and Certification Regime (SMCR) will be rolled out to all remaining FCA solo regulated firms, typically brokers, MGAs, financial advisers, and asset managers.
For those who work in compliance, legal or HR functions, or who will be personally affected by SMCR, read on for the key points of interest and action points to help you prepare.
The first step towards implementation is to decide which of the three tiers (enhanced, core or limited) your firm falls within and which directs the scope of the SMCR obligations
SMCR is complicated, but at heart is a shift to individuals being held personally to account for the area of the business they manage and the obligation on firms to police its employees both in terms of ensuring they comply with the FCA mandated Conduct Rules but also to certify that employees are fit and proper (F&P) to carry out their job function. More particularly:
Firms must designate individuals to have specified senior manager functions (SMF) and, with that, Prescribed Responsibilities. SMFs include CEO, other executive directors, compliance oversight, and MLRO.
Prescribed Responsibilities vary depending on the applicable tier but will include at least a SMF taking responsibility for the firm's obligations under SMCR, the firm's F&P certification obligations, policies and procedures in relation to financial crime, and conduct rules training and breach reporting.
Each business area must have a senior manager responsible for it and who will be held accountable for it. This includes both regulated and unregulated activity so covers functions such as IT and may not necessarily reflect existing management structures or that certain functions are undertaken outside the UK.
All senior managers must complete and keep up to date a concise standalone document known as a Statement of Responsibilities setting out the areas for which they are responsible and in respect of which they will owe a Duty of Responsibility.If there is a breach of an FCA requirement in relation to that area the senior manager will be held accountable if they are at fault, including when they did not take reasonable steps to prevent it.
Certain other employees, generally those carrying our regulated activity, others with significant management functions and material risk takers, will need certified annually by the firm as F&P. This is by reference to their honesty, integrity and reputation, competence and capability, and financial soundness.
In addition almost all employees, except those carrying out ancillary functions (e.g. reception, mailroom) will need to comply with a tiered set of Conduct Rules including such matters as acting with integrity, acting with due care, skill and diligence, and being open and co-operative with regulators.
Firms needs to carry out training on SMCR obligations, including the Conduct Rules, and keep a log of Conduct Rule breaches to be reported annually and with mandatory reporting to the FCA for breaches by SMFs and any "significant" breach.
A requirement to obtain and provide Regulatory References in a mandated template to avoid, as the FCA eloquently puts it, "rolling bad apples".
Megan Butler the FCA Director of Supervision has made explicit that sexual harassment and other non-financial misconduct can amount to a breach of the Conduct Rules. This was reinforced as recently as this November when Gareth Truran, acting director of Insurance Supervision at the PRA, sent a "Dear CEO" letter in which he stated:
"Instances of non‐financial misconduct could speak to personal integrity and may have implications for our view of the fitness and propriety of individuals within our Senior Managers and Certification Regime. We are encouraged by some of the important initiatives that are now under way within the market to improve this position. We will also continue to work closely with the Financial Conduct Authority to assess instances where inappropriate culture and behaviour within firms may impact compliance with regulatory expectations, standards and our statutory objectives."
The FCA has also recently confirmed it has open investigations into one firm and six individuals for non-financial misconduct.
While intermediaries coming within scope for the first time have so far had light touch regulation, it is clear this is going to significantly change and with average enforcement fines in 2017/2018 of GBP90,000 for individuals and substantially higher for firms, there is a strong incentive to take SMCR obligations seriously.
How Clyde & Co can help
We have considerable experience in advising in this area: such as when banks and insurers transitioned to the SM&CR and SIMR respectively in 2016, and again when insurers transitioned to SM&CR in December last year. More recently we have advised many financial services firms in connection with their up-coming transition process.
We can help you with:
Advice: Information which should be included in regulatory references and what behaviours (including non-financial misconduct) should be reported to the regulators
HR Training: Train HR teams on the basic principles of SM&CR and how the conduct rules may affect, or give rise to disciplinary matters.
Staff training: Provide specially designed training aimed at different levels of your organisation (from the Board through to other "conduct rules staff") on what the new regime means to them and the potential personal consequences for breaching the conduct rules.
Drafting: Review and draft amendments to contracts of employment and relevant policies, such as fitness & propriety and disciplinary policies to take account of the conduct rules.