SM&CR: Easy as ABC? Let’s Focus on Accountability, Behaviour and Customer
The aim of the Senior Managers and Certification Regime (SM&CR) is to reduce harm to consumers and strengthen market integrity by making individuals more accountable for their conduct and competence.
As part of this, the SM&CR aims to:
- encourage a culture of staff at all levels taking personal responsibility for their actions
- make sure firms and staff clearly understand and can demonstrate where responsibility lies
The Senior Managers and Certification Regime (SM&CR) is now being extended to cover all FSMA-authorised firms.
The most senior individuals within these firms (the “Senior Managers”) will have their responsibilities codified and be subject to a positive “duty of responsibility” to take reasonable steps to avoid regulatory breaches. Firms will be required to certify that individuals in “significant harm functions” (“Certified Persons”) are fit and proper on recruitment and annually. New conduct rules will apply to almost all staff (“Conduct Rule Staff”) within the firm. These staff must be trained in the how the conduct rules apply to them. Breaches of the Conduct Rules must be reported to the FCA. Firms must obtain regulatory references from previous employers for Senior Managers and certified staff on recruitment, which include conduct rule breaches.
On 8 May, Protiviti UK hosted a breakfast seminar on SM&CR: Easy as ABC? The keynote speaker was, David Blunt, Head of Conduct Specialists at the Financial Conduct Authority, joined by Jacqueline Fenech, Director and SM&CR lead and Tasnoova Tzaki, Senior Manager from Protiviti’s Regulatory Practice. The ensuring discussion debate as to whether SM&CR is in fact as easy as abc boiled down to focuses on accountability, behaviour and customer.
On behalf of the FCA, David emphasised that SM&CR will continue to be a priority in driving behaviours and producing outcomes to benefit consumers and markets. Extending SM&CR to solo regulated firms is a key part of this endeavour. In his speech, David focused on providing further clarity around the regulator’s expectations from firms as they implement and embed SM&CR as ‘business as usual’. He explained that SM&CR should act through four specific drivers of culture:
Purpose | Leadership | Governance | People
Looking back experience from the first-wave implementers from March 2016 (banks, building societies, credit unions and PRA-regulated investment firms), David stressed that there is still considerable work to be done around conduct rules, especially ongoing training of all relevant staff. Conduct rules are important as they set a foundation for how customers can expect individuals within firms to behave towards them.
Importantly, David focused on business benefits arising from SM&CR, primarily the clarity of responsibilities and enhancement of governance. International SM&CR implementers also gained more leverage with their overseas parents. Finally, David concluded that proportionality has been built into the SM&CR extension for solo-regulated firms. He encouraged the audience to adopt a common-sense approach and to expect that the FCA will writing to implementing firms from June 2019.
Protiviti’s regulatory team concentrated on how SM&CR has to be considered holistically - not simply as a done-and-dusted compliance exercise but as an ongoing cultural journey across the organisation. Embedding SM&CR requirements in BAU will underpin a healthy corporate culture and a customer-led conduct of business. Experience taken from recent Protiviti collaborations with a number of firms implementing SM&CR has allowed us to document the journey and key implementation challenges thus far. These include: alignment of Statements of Responsibility (SoRs) to job specs and performance management; meaning and evidence of reasonable steps in practice; and acceptance of Senior Manager Functions (SMFs) by the identified population – for example, SMF 24, Chief Operations could be a contested role due to shared responsibilities.
In a preview of a Protiviti whitepaper currently underway, the team outline five watch-outs for conduct risk failure, namely:
- lack of leadership
- poor product development lifecycle
- inadequate training
- failure to follow the cues
- inadequate MI/escalation mechanism
Posing a question whether much has changed since the introduction of SM&CR, it was concluded that noteworthy outcomes of SM&CR implementations to date were that Boards are more involved; roles and responsibilities are clearer; conduct risk is more effectively managed; and behaviours are slowly but surely changing. Subsequently, Jacqui and Tas outlined a number of instances where external, independent, third-party assistance might be most valued, such as design and implementation of target SM&CR framework; documentation review; project management; and SM&CR assurance reviews.
On Thursday 10 May, UK Finance and Protiviti conducted an ensuing webinar with a live poll with more than 150 participants. Encouraging feedback was provided by those working on SM&CR implementations:
- 53% perceive SM&CR positively in their organisation and see it as an opportunity to drive change and improve behaviours
- 39% are neutral about the perceived benefits from SM&CR and have not witnessed a marked change as a result.
- 8% fed back negatively on the their SM&CR experience
In terms of firm-wide sponsorship, 59% of participants reported that SM&CR is led by Compliance in their organisation. There is a marked show of hands for HR leading SM&CR at 17% and only 9% for the Board leading the charge. Two main challenges to SM&CR implementation stood out:
- 44% allocation of resources to develop framework and documentation
- 43% understanding of the regime requirements across the organisation
Lower factors include senior management buy-in as a challenge (11%) and cost (2%)
The upside of SM&CR is on firm-wide culture
In our UK Finance polling, 85% of participants deem the greatest SM&CR benefit to be the clarity of lines of responsibility and accountability across their organisation and 9% see culture change as a benefit of SM&CR. Reassuringly, whilst 4% claim SM&CR is a paper exercise, an additional 38% of participants have observed a change in their culture due to SM&CR, with 35% pointing out that they anticipate changes in their organisation’s culture in future.
In many firms, there is still work to be completed with 27% of participants expecting that demonstrating ongoing compliance to the regulator will be the biggest post SM&CR implementation challenge, whereas 24% are concerned about implementing the certification regime and ongoing staff training.
SM&CR ABC In summary
In our view, SM&CR is a catalyst for change - an opportunity to establish healthy cultures and effective governance in firms by encouraging greater individual accountability and setting a new standard of personal conduct. Protiviti highlights from the two mentioned events in conjunction with FCA and UK Finance conclude:
- SM&CR will continue to be a priority for the FCA in driving behaviours and producing outcomes to benefit consumers and markets.
- SM&CR is not a once done-and-dusted compliance exercise. Embedding SM&CR requirements in BAU needs to be underpinned by a healthy corporate culture and a customer-led conduct of business.
- More benefits are increasingly being derived from SM&CR implementation especially in terms of senior leadership engagement, strengthening governance and effectively managing conduct risk.