Insight

SMCR Extension – What do I need to know?

Written by Jason Morris on Tuesday April 3, 2018

You could be forgiven for thinking that the Senior Managers and Certification Regime (SMCR) is old news – been there, done that, move on to the next thing. This could well be the case if you work in the banking sector, but for the rest of the financial services fraternity it is most definitely up there on the ‘things to do’ list.

Last week I attended a breakfast briefing that looked at the practical application of SMCR. The briefing was aimed at those firms who are captured under the extension of SMCR, namely all authorised firms. The FCA recently clarified their view of the SMCR extension:

The aim of the new SM&CR is to reduce harm to consumers and strengthen market integrity by making individuals more accountable for their conduct and competence. As part of this, the SM&CR aims to:

encourage a culture of staff at all levels taking personal responsibility for their actions
make sure firms and staff clearly understand and can demonstrate where responsibility lies

SM&CR is already in place in the banking sector. We’re extending the SMCR to cover insurers and solo-regulated firms (those firms regulated only by us) and proposing some changes to the current banking regime.

The extension captures an awful lot of firms, so activity around preparing for this is rife. No doubt many of you are caught up in this and are working tirelessly to getting your firm aligned. Nevertheless, I thought it might be useful to share some of my observations.

Enhanced vs core
Firstly, you need to know whether your firm is to be part of the ‘enhanced regime’ or part of the ‘core regime’. You are classed as a core firm, unless any one of the following applies (then you are an enhanced firm):

you are a significant IFPRU firm
you are a CASS large firm
you have assets under management of £50 billion or more (at any time in the last 3 years)
you are a firm with total intermediary regulated business revenue of £35 million or more per annum
you are a firm with annual regulated revenue generated by consumer credit lending of £100 million or more per annum
you are a mortgage lender (that is not a bank) with 10,000 or more regulated mortgages outstanding.

The new SMCR will include much of what already exists in the banking sector’s regime, such as:

senior management functions
duty of responsibility
statement of responsibility
prescribed responsibilities
criminal record check
regulatory references
certification regime
conduct rules.

There are a number of additional elements for enhanced firms though, including:

additional senior management functions
additional prescribed responsibilities
responsibilities maps
handover requirements
overall responsibility
key functions mapping.

Certification regime

It appears that the certification regime could offer a number of challenges to firms. This is designed to cover people who aren’t senior managers, but whose jobs mean they can have a big impact on customers, the firm and/or market integrity. The FCA won’t approve these people, but firms need to check and confirm (‘certify’) at least once a year that these people are suitable to do their job. This is a requirement under legislation.

There will be some significant checks on people who have never had this sort of exposure before, including training and competency assessments, CPD targets, e-Learning training and annual appraisals. The checks prompted some lively exchanges and exposed some differing views on how individuals felt about being captured under the certification regime.

For example, some individuals felt a sense of importance and ownership in terms of their responsibilities by being formerly recognised under the regime. They felt they could use it in a positive way to further validate the crucial nature of their role. For others though, they simply don’t want the responsibilities that come with this recognition and are extremely nervous about having to take it on.

The question also came up around how firms will be expected to evidence that the requirements of the certification regime have been met. Areas like CPD logs, fitness and proper checks and conduct rule breaches were mentioned as possible solutions, but a clear audit trail of an individual’s activity is also vital to maintain.

New Conduct Rules

A new two-tier set of conduct rules have been developed (see below).

Tier 1 applies to all employees’ subject to the conduct rules, and they are as follows.

Rule 1: You must act with integrity.
Rule 2: You must act with due skill, care and diligence.
Rule 3: You must be open and cooperative with the FCA, the PRA and other regulators.
Rule 4: You must pay due regard to the interests of customers and treat them fairly.
Rule 5: You must observe proper standards of market conduct.

Tier 2 applies to senior managers in a senior management function, and they are the following.

Rule 1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
Rule 2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.
Rule 3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.
Rule 4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.

What will your process be?

There was a lot of discussion around how best to get the process started in your firm. A number of questions were shared that need to be answered to help establish some of the key elements of SMCR and how they currently fit within your firm. For example:

who will own this process in your firm?
what might the process look like?
are there existing processes that will support certification?
what typical evidence is used to demonstrate competence?
where will this be gathered from?
and who’s responsibility will that be?
what part does F&P play in the overall process?
who holds the sign off process?
what involvement is there of 2nd line oversight?
if there are multiple individuals, how do you evidence their competence before they evidence others?
and how do you assure consistency of assessment and sign off?
what outputs do you want from SMCR to support your businesses and their desired outcomes?
what improvements could be made to the outputs and policies (you already have) so that they drive the desired outcomes?
what measures can be established to evidence individual and collective progress?

A lot can be learned from the banking sector and their experience of embedding SMCR. Some of the challenges that might also apply to those captured under the extended SMCR include:

changes to the legal structures of groups and their entities
slow start-up speed – unable to visualise the required end result
changes to group arrangements and their use of staff in group entities
review and amendments of documented job roles and responsibilities
negotiation with individuals to accept the prescribed responsibilities
negotiation in terms of ‘pay and rations’
changes to employment contracts
in some cases, the introduction of legal support for employees
scarcity of resource for some roles – e.g. regulated HR expertise
very different approaches to managing certification and assigning oversight of this new regime.

So, there you have it, a timely update on the ins and outs of SMCR, and hopefully some useful information for you to build into your own journey. A lot will be happening in the months ahead, SMCR comes into effect for insurers on 10 December 2018, and for the wider market it will occur sometime in 2019. Please feel free to share your own observations and advice around preparing for this significant change.

-

Our in-house training is available all over the world. We've worked with hundreds of clients and we can do the same for you. Call our dedicated in-house training team on +44(0) 121 362 7678 to discuss your training needs.