Three years have passed since the banking sector implemented the Senior Managers & Certification Regime (SMCR) and two years since the regulatory references regime came into force. From 9 December 2019, solo regulated firms will also become subject to these rules. Can any lessons can be learned from the banking sector’s bedding in period?
Several recent publications will be of interest to organisations that may be only just getting to grips with the new regime: the FCA’s recent stocktake report of the banking sector’s SMCR implementation process; the Banking Standards Board’s (BSB’s) statement of good practice on regulatory references; and some recent FCA guidance on the deadlines for conversion from the Approved Persons regime to SMCR.
All of these will help solo regulated firms to understand the regulator’s expectations and the spirit of the new regimes. In this update we highlight some key observations and provide practical guidance for HR and compliance staff in solo regulated firms as they prepare for the extension of the SMCR regime in the coming months.
FCA stocktake report
- The certification regime – does your performance assessment process adequately assess the behaviours of certified staff (those who are not Senior Managers but who can cause significant harm to the firm or its customers)?Since 2016 banking organisations have broadened their approach to assessment of staff beyond solely technical skills, but the FCA’s report makes clear that this needs to go further than simply incorporating the expected behaviours into the assessment framework.The FCA cited a particular example of an absence of certifying whether the managers of certification staff (who are themselves certified) are also competent managers.
- Training managers on what a conduct breach looks like – under the Conduct Rules (COCON) firms are required to notify all relevant staff of the conduct rules that apply to them and take all reasonable steps to ensure that those persons understand how the rules apply to them, including through suitable training.As part of this, firms are expected to map the rules to their organisation’s values and tailor these to staff’s job roles.Implementation of the Conduct Rules is fundamental to SMCR compliance and many banking organisations are still only just getting to grips with the wide scope of these rules.The FCA has a particular focus on personal conduct (including sexual harassment issues), as well as financial conduct, and will not be taking soft touches on these issues. Even where personal conduct does not amount to a COCON breach, it will be relevant to certification as fit and proper.
- Senior Manager accountability – all Senior Managers must have a Statement of Responsibilities setting out their areas of accountability and they are also subject to a general duty of responsibility to take reasonable steps to prevent contraventions that are within their ambit.The FCA’s review highlights concern by some Senior Managers as to what “reasonable steps” really means and a hope amongst many that the FCA will provide more guidance on this in due course.However, the FCA has made clear that there is sufficient guidance in place (for example in the Decision Procedure and Penalties manual) and that an exhaustive list of “what good looks like” would not be helpful.The FCA’s expectation is that Senior Managers should be doing what they reasonably can to prevent misconduct. Appropriate controls and processes are key, as well as ensuring that Senior Managers think more broadly and create an environment where the risk of misconduct is minimised, for example through nurturing healthy workplace cultures.
- Impact on culture – as indicated above, SMCR focusses heavily on culture.Many firms in the banking sector embarked on culture change programmes in advance of implementation of the regime, including emphasis on tone and accountability from the top.The FCA’s review indicated that there has been a positive change in the level of detail, clarity and quality of conversations on culture and expected behaviours.Ensuring a culture of challenge, escalation and providing a safe environment for staff to speak up is essential to ensuring good compliance with SMCR.This is likely to require a clear and demonstrable mindset shift for management.The FCA would also like to see appropriate ways of measuring culture changes, and this is something that solo regulated firms should also bear in mind when embarking on their own internal culture planning and reviews.
BSB statement of good practice on regulatory references
Many solo regulated firms will already be dealing with requests for regulatory references that are coming from the banking sector. However, for those currently unfamiliar with this regime, the BSB statement of good practice provides helpful context and guidance on the approach that firms should be taking, particularly if the firm has less extensive HR capacity.
In brief, the rules on regulatory references set out three primary responsibilities for firms: (1) to seek regulatory references when considering the appointment of certain individuals; (2) to provide regulatory references when requested; and (3) to revise and, if necessary, update references if information comes to light that would affect a firm’s assessment of an individual’s fitness and propriety. These rules require firms to put policies and processes in place to comply with their responsibilities as they relate to recruitment and certification processes. The requirements include a template reference form that sets out where firms need to provide information, but also includes a box for “any other information that we reasonably consider to be relevant to your assessment of whether the individual is fit and proper”.
The BSB’s statement of good practice (in line with other regulatory guidance) takes a principles-based approach rather than providing specific thresholds for how the rules should be applied in practice, since different firms have different risk appetites. Firms are well advised to assess their internal processes against these principles of fairness, proportionality and consistency to evaluate the appropriateness of their policies and approach.
FCA guidance on submission of forms for SMCR mapping
The FCA has recently revised its guidance on timings for submission of Form K notifications for SMCR compliance – these must be submitted by 23.59 on 24 November 2019. If this deadline is not met, firms may have their Controlled Functions withdrawn, which could result in regulatory action being taken. The rules apply in different ways for different categories of firm so we recommend that all firms check their status here and ensure that all other preparations for SMCR implementation are well underway in the next few months.
Next steps and practical guidance
- It is clear that the banking sector is still embedding SMCR and the regulatory references regime, despite implementation nearly three years ago.It is inevitable that the upcoming extensions to solo regulated firms will have a similar evolutionary trajectory, but the extent to which firms have “done enough” at any given time will depend on a variety of factors, including size, resources, the cultural baseline of the organisation and their interactions with the FCA.
- Solo regulated firms must ensure that their HR and compliance teams are up to speed on the changes coming in December 2019:
- SMCR (including the regulatory references regime) comes into force for solo regulated firms on 9 December 2019, and these firms must have trained all conduct rules staff and issued the first certificates for certification staff by 9 December 2020.
- Insurers must have trained all conduct rules staff and issued the first certificates for certification staff by 10 December 2019.