Whitepaper

SM&CR Compliance (2021 UK edition)

Mar 18, 2021

SM&CR Compliance begins with a prioritisation of ethics, governance, and effective leadership, and ends with the implementation of efficient RegTech.

INTRODUCTION

For those in the financial services, the Senior Managers and Certification Regime (SM&CR) compliance should be a top priority. Since the FCA raised the standards for personal conduct, firms should ensure that they understand the new requirements in order to avoid potential regulatory sanctions. 

Now that the FCA’s 31 March 2021 deadline has approached for solo-regulated firms, compliance teams must ensure that they are following the proper procedures. With the FCA’s expectations significantly raised, firms shouldn’t play catch-up and view SM&CR compliance as a burden. 

The right internal approach, and automation technology to assist, can enable firms to more efficiently handle SM&CR requirements.

A Brief History of SM&CR: FCA Takes Regulatory Action

SM&CR took effect for banks, Prudential Regulation Authority (PRA) regulated insurers, and a few large investment firms in March 2016. Although the initial regime’s reach was limited, the extended regime came into effect for all remaining insurers on 10 December 2018 and for all solo regulated firms in the second half of 2019. 

SM&CR requires firms to categorise their employees based on their function and administer a variety of certifications and forms depending on the employee’s level of scope. 

Historically, UK regulators took responsibility for vetting key employees in financial services firms while firms themselves played more of a reporting role. Under SM&CR, regulators are pushing many of their old vetting responsibilities back to firms, focusing on a smaller number of key individuals involved in a firm’s senior management. 

In the past, the idea of “collective responsibility” allowed leaders in firms to avoid personal responsibility for mistakes. This made it hard, if not impossible, to hold individuals accountable for their actions, even if they caused the firm’s failure. Under SM&CR, each Senior Manager has direct ownership of their responsibilities. 

Now, under SM&CR, those classified as “Senior Managers” need to complete a lot of documentation to certify to their responsibilities and prove that they are “fit and proper” for their role.

This is because Senior Managers are exposed to a significant amount of MNPI and their seniority allows them to make big decisions that can ultimately hurt the firm and, most importantly, their clients. Other access people within the firm who are exposed to MNPI fall under the “Certification Regime” part of SM&CR, where they need to complete certifications, but not at the level required for Senior Managers. 

The final piece is all employees must certify to Conduct Rules and behave in an ethical manner. 

Overall, here’s what firms should keep in mind when it comes to SM&CR: The expanded regime has three levels of control reflecting differences in firm size, complexity, and impact: (1) Limited Scope,(2) Core and (3) Enhanced. The essential differences drive the number of Senior Management functions captured and the number of certified roles. 

Ultimately, firms must think about the plan they have in place to handle SM&CR requirements.

The Rise of D&I: Understanding “Fit and Proper”

If there’s one priority that has risen in importance over the years for the FCA, it’s Diversity and Inclusion (D&I) in the workplace. As FCA Executive Director Christopher Woolard explains, “It should be clear by now that the FCA’s interest in diversity is not merely a matter of social justice, but a core part of how we assess culture in a firm.” The FCA’s emphasis on D&I is key to SM&CR, and the regulator believes that Senior Managers who fail to promote D&I within their firms may violate SM&CR’s “fit and proper” standard. The key point is that for the FCA, “fit and proper” leadership extends beyond financial conduct.

Through SM&CR, the FCA is determined to regulate all types of misconduct. Sexual harassment in the workplace, for example, is one issue the FCA could go after.

“In our judgement, the way a Senior Manager approaches issues around diversity may be relevant to our assessment of their competence and character. And the way firms handle non-financial misconduct, including allegations of sexual misconduct, is potentially relevant to our assessment of that firm, in the same way that their handling of insider dealing, market manipulation, or any other misconduct is,” Woodlard said. 

If Senior Managers don’t have a plan to deal with non-financial misconduct, or if they contribute to a culture that supports non-financial misconduct, they could be in serious trouble with the FCA. Under the SM&CR’s “fit and proper” standard, personal liability can be a realistic consequence, including financial and reputational damage.

Maintaining SM&CR Compliance: The Role of RegTech

It’s important for compliance professionals to think about how they can implement a robust SM&CR solution that scales with their firms. 

For many compliance professionals, manually monitoring the distribution and completion of relevant SM&CR questionnaires is both cumbersome and time consuming. What firms want, instead, is an SM&CR solution that automates workflows to make SM&CR compliance more efficient.

Automation is key because under SM&CR. There will be an increased reliance on certifications, and those certifications will need to be supported by evidence and documentation. For example, all certified persons will need to recertify on an annual basis or in changes of position, and their managers will need to approve the recertifications. In addition, each Senior Manager will need to approve the Statement of Responsibility and Responsibilities Maps initially, and on an annual basis thereafter. 

Given SM&CR’s importance to the FCA, firms should be using compliance software like ComplySci to automate certification workflows. Since Senior Managers will now be held accountable for the actions of certified persons in their lines of responsibility, tracking the status of certifications is imperative.

Under SM&CR, “fit and proper” assessments require multiple levels of approval and sign off from other departments such as Human Resources. Upon completion by all parties, the firm must administer and archive a certificate saying they have completed their fit and proper assessment. Rather than do this manually, firms can take advantage of ComplySci to create a multi-tier workflow.

Although Senior Managers share greater responsibility, the FCA’s Conduct Rules will apply to all. This will require firms to broaden the scope of training programs to a wider array of people, and to document that such training was actually provided. What does this mean? Annual certifications will need to include credit checks and reputation checks (social media), all certified persons will need to recertify on an annual basis, and their managers will need to approve the recertifications. ComplySci provides an efficient and automated process for completing and transmitting recertification data to the regulator. 

Over the past year, many compliance professionals have struggled to prepare for SM&CR. The FCA’s increased standards of “fit and proper” conduct, and its willingness to regulate and sanction non-financial misconduct, have caused many firms to rethink their priorities. This begins with a prioritisation of ethics, governance, and effective leadership, and ends with the implementation of efficient RegTech. ComplySci’s SM&CR solution enables firms to automate necessary workflows to ensure that they have the proper compliance procedures in place.

A Guide for Following the Senior Managers and Certification Regime

Successful SM&CR Compliance begins with a prioritisation of ethics, governance, and effective leadership, and ends with the implementation of efficient RegTech. Download SM&CR Compliance: A Guide for Following the Senior Managers and Certification Regime to learn how your firm can handle SM&CR requirements.


DOWNLOAD NOW