The SM&CR and effective compliance - a year on
The SM&CR regime was created to enhance personal responsibility for senior managers and provide a more effective and proportionate means to raise standards of conduct for key staff. A fundamental purpose of the regime is to bring accountability and ownership by clarifying individual roles. A year on, the final piece of the jigsaw now needs to be in place for those firms initially impacted.
On 7 March 2016, the SM&CR regime became effective and introduced some significant changes to the approved persons regime, for banks, building societies, credit unions, and PRA-regulated investment firms, including UK subsidiaries and branches of overseas firms.
From 7 March 2017, onwards, those firms initially captured under SM&CR must now have in place a fully embedded SM&CR framework.
During 2016, firms were initially required to focus on implementing the “Senior Manager Function” (SMF) aspects of the new regime, along with beginning the process of identifying those individuals captured as “Certified Persons”.
The FCA and PRA have defined the following categories of staff:
SMF role covers:
- Hold key senior roles
- Have overall responsibility for whole areas of the relevant firm
Those who previously held a Significant Influence Function (SIF) under the Approved Persons regime.
Certified Person role covers:
- Staff who could pose a significant risk of harm to the firm or any of its customers.
Material Risk Takers.
Most former Approved Persons not covered by SMR.
Customer-facing roles with a required qualification.
Line Managers of Certified People.
For those individuals holding a SMF role; ‘Statements of Responsibility’ are required, along with a broader ‘Management Responsibilities Map’ across the firm. All SMF roles require pre- regulatory approval, however, Certified Persons do not require regulatory approval with responsibility being placed on the firm to ensure Certified Persons meet the regulatory expectations for performing such a role, and as such are “certified” as being fit and proper to do so.
All Certified Persons must have been identified and issued with a certificate and with this in mind, the certification transition period commenced on 7 March 2016 and ended on 7 March 2017.
For more information or if you are concerned your firm is not yet properly compliance, please contact SM&CR compliance consultants Momentum GRC to discuss how we can help.
The Conduct Rules
The Conduct rules are split across Two tiers and apply to both PRA and FCA firms, apart from those marked * which are FCA only:
First tier – Individual Conduct Rules (Certification Regime)
- You must act with integrity
- You must act with due skill, care and diligence
- You must be open and cooperative with the FCA, PRA and other regulators
- You must pay due regard to the interests of customers and treat them fairly *
- You must observe proper standards of market conduct*
Second Tier – Senior Manager Conduct Rules (Senior Manager Regime)
- You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively
- You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system
- You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee this effectively
- You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice
Aside from implementing SM&CR, firms are by now expected to have trained all staff on the practical implications of what it means to the firm and how individual staff are impacted, depending on their role.
Assuming you have fully embedded SM&CR, below are some examples of what you would need to have considered or be doing to remain SM&CR compliant:
- You have clearly defined how SM&CR impacts your firm. This may be in the form of an SM&CR rules mapping exercise.
- It is clear within your firm who has responsibility for owning SM&CR.
- You have identified all SMF role holders and have up to date and accurate Statements of Responsibility maps and Management Responsibility Maps.
- You have captured all Certified Persons and have issued up to date certificates to all impacted employees.
- You maintain adequate policies, procedures and controls to facilitate effective operation of the SM&CR regime.
- You have updated job descriptions and staff objectives to ensure they reflect SM&CR roles and responsibilities.
- From a governance perspective, there are clearly defined oversight arrangements, MI and dashboard reporting. Due consideration has been given toward the board / committee structure and at which committee(s) SM&CR is discussed.
- You have a defined training programme, not only for existing employees but for on-boarding new staff who will be captured under SM&CR.
- There is a clear allocation of responsibilities across HR and the 3 lines of defence.
2018 and beyond
From 2018, SM&CR will be relevant to all authorised and regulated firms. Whilst this article is not intended to cover all aspects of SM&CR, we will shortly be issuing an update for those firms not already caught as they prepare for 2018.
In the meantime, if you have any questions, or require any assistance, on any aspect of the SM&CR regime, please e mail us at firstname.lastname@example.org