Summary

A week today, 31 March 2021, marks the deadline for the full implementation of the Senior Managers and Certification Regime (SM&CR) to solo-regulated firms. Five years since the SM&CR originally came into force for banks in March 2016, this serves as a timely reminder of the heightened regulatory exposure of senior managers and other individuals caught by the SM&CR within FCA and PRA regulated firms. We often advise senior managers within the SM&CR on how to evidence that they are fulfilling their personal regulatory duties to avoid becoming the subject of regulatory enforcement action. From our experience, here are the five key steps you should take to best protect yourself.

The FCA and PRA continue to launch large numbers of investigations into the conduct of senior managers, and recent FCA figures indicate that they have significantly more open investigations into individuals than firms; a trend that is set to continue this year as the fallout from the pandemic continues.

Here are five key steps to protect yourself.

  1. Initial assessment. We recommend carrying out a documented initial assessment of the risk management framework in place for your area of the business, within the first two/three months of taking up your role.
  2. Ongoing reassessment. During your tenure, we advise you adopt a mindset of continuous assessment. In particular, we recommend carrying out documented annual reassessments of the risk management framework for your business area, even if nothing is going wrong.
  3. Reasonable Steps Assurance Framework. In order to evidence the ‘reasonable steps’ taken to discharge their regulatory duties, senior managers are increasingly producing written Reasonable Steps Assurance Frameworks. Such frameworks can detail the ways in which you identify, manage and escalate risks in relation to your area of responsibility.
  4. Identify “red flags”. It is important that any potential red flag is identified, assessed and actioned appropriately. A red flag may trigger the need to take immediate action.
  5. Take prompt action when issues arise. If a problem arises in the area of the business for which you are responsible you may need to take quick and decisive action. This can include ensuring that concerns are appropriately escalated and keeping a written record of your actions, the outcome and the reasoning behind your decisions.

The UK regulatory enforcement focus on senior managers remains extremely high and it is therefore critical that senior managers can evidence to regulators that they are complying with their individual obligations. Following these five steps should assist senior managers in proving they took reasonable steps to discharge their regulatory duties; in particular, if the worst happens, and they become the subject of a personal regulatory investigation.