SMCR; taking reasonable steps and the role of effective reporting and governance arrangements
With 2019 now in full swing, the thoughts of many in financial services firms will be starting to turn to implementing the necessary changes to… Read more
With 2019 now in full swing, the thoughts of many in financial services firms will be starting to turn to implementing the necessary changes to enable them to comply with the Senior Managers and Certification Regime (“SMCR”), which comes into force for most types of FCA solo regulated firm from 9 December of this year. With the competing pressures of “business as usual” activity and the challenges firms are likely to face as a result of Brexit planning, firms cannot afford to be complacent and will need to ensure they devote sufficient time and resource to their SMCR programmes.
Our experience tells us that it is those firms who consider the wider issues that SMCR raises, and who do so early in the process that are likely to be best placed to meet the requirements of the new regime.
On the face of it, the specific changes introduced by the regime – for example, the move away from FCA approval for those currently holding the “CF30 Customer Function” and the introduction of “Statements of Responsibility” for those holding senior management functions – may not seem overly onerous. However, the reality is that the new regime is much more than a “re-papering” exercise and is likely to give rise to a number of challenges that firms and their management may not yet have appreciated. Addressing those challenges will require firms thinking beyond simply ticking off the specific requirements of the new regime.
Senior Managers’ “Duty of responsibility”
The FCA has been clear that the new regime is intended to increase accountability and transparency in the industry and to further raise standards of conduct. It is these drivers that are undoubtedly behind the introduction of the legal duty of responsibility for senior managers. By way of reminder, this will enable the FCA to take action against an individual senior manager (or managers) where a failing occurs within an area of the firm for which the senior manager was responsible and the senior manager in question has failed to take “reasonable steps” to prevent that failing from occurring. Given the FCA’s stated objectives for the new regime, this is a power we expect the FCA to make considerable use of if it identifies failings within regulated firms (we understand that the FCA is investigating many more individuals than firms under the equivalent regime that is already in place for dual-regulated firms).
Determining what constitutes “reasonable steps” and, perhaps more importantly, how these can be evidenced is likely to exercise the minds of those individuals who will be caught by this element of the regime, not least given the potential civil and even criminal penalties that attach to a proven breach of the duty of responsibility. Firms and their senior managers will need to consider:
- Whether they have the right control mechanisms, reporting lines, oversight and governance arrangements in place;
- What internal reporting and management information is available, and whether this focuses on the right areas and metrics;
- How and by whom that reporting and management information is used;
- How effective their arrangements are at surfacing potential issues, and whether the right steps are then taken in a timely fashion to investigate and resolve those issues.
These challenges are likely to be particularly acute where, for example, firms have senior managers located in different jurisdictions, or where firms are part of a wider group of regulated financial services businesses. A specific challenge may arise in respect of oversight of an individual performing the “Head of Legal” role; the FCA has recently confirmed that such individuals will not need to be senior managers under the new regime, largely in recognition of the fact that much of this individual’s work may be subject to legal privilege, making it difficult for the FCA to assess whether they had taken reasonable steps. However this challenge will now pass instead to the senior manager with supervisory responsibility for the Head of Legal.
SMCR needs to viewed holistically and not as something for the compliance team only; it cuts across firm and individual responsibilities, compliance and HR (and other) internal functions and applies to most categories of staff beyond a narrow list of excluded persons.
Kemp Little can assist firms at all stages of their SMCR programme; from initial education and awareness sessions, through solution design to implementation support and post-implementation review. Our recently launched SMCR website provides firms with more detail of the ways in which we can assist, as well as some useful technical articles on various
We will shortly be publishing a webcast, in which Marian Bloodworth, Jake Ghanty and John Drabble will be formally introducing our SMCR support website, as well as discussing the questions firms should be asking themselves and the steps they can and should be taking now in order to ensure they fully address the requirements of the new regime. This webcast will be available to download for free.
Share this blog
- Adtech & martech
- Artificial intelligence
- Cloud computing
- Cryptocurrencies & blockchain
- Data analytics & big data
- Data breaches
- Data rights
- Digital commerce
- Digital health
- Digital media
- Digital infrastructure & telecoms
- Emerging businesses
- Financial services
- Open banking
- Software & services