Banks were the first institutions required to adopt the Senior Managers and Certification Regime
(SMCR), which came into force for them in March 2016. On 9 December 2019, it goes live for ‘solo-regulated’ firms, including asset managers, wealth managers and financial planners. SMCR replaces the Approved Persons Regime
The new regime has three pillars. The Senior Managers Regime (SMR
) requires firms to assign responsibilities to the most senior people, who then become individually accountable and need to be approved by the FCA
. The Certification Regime requires that staff below senior manager level, but who could still cause serious harm to the firm, undergo annual certification by the firm (not the FCA
) – to ensure they have adequate experience and qualifications. Last, conduct rules are introduced for all staff (with the exception of ‘ancillary staff’ such as receptionists or cleaners) and fitness and propriety assessments are introduced for individuals falling under the SMR
or Certification Regime.
, head of strategy and organisation development at Rathbone
Brothers – an investment management firm with a financial planning arm and a banking licence, that implemented SMCR according to the banks’ timeline
– says it’s a regulatory change that shouldn
’t be underestimated: “Many firms start off thinking it’s an exercise of upping the administration in the human resources (HR) and compliance departments. That’s true, but it’s much more than that. SMCR is not a compliance or HR responsibility, it’s a management responsibility.” Mike says the introduction of individual accountability and the requirement that documented evidence is now needed to prove ‘reasonable steps’ have been taken to fulfil management responsibilities, demands a mindset
change at management level.
, Chartered FCSI
, senior regulatory intelligence expert at Thomson Reuters
Regulatory Intelligence, and co-author of the 2018 book, Conduct and accountability in financial services: a practical guide
, has concerns about the preparedness of the investment sector. She told The Review
: “For some wealth mangers, this is simply a codification of what they’re already doing. For others, it could be a shock to the system. Anecdotal evidence from my discussions with wealth managers suggests that many are not that advanced with preparations. I wouldn
’t want any firm to underestimate how much effort is involved, or to treat this as a one-off exercise. This needs to be treated as an investment in business processes and infrastructure that will last ten years.”
Requirements depend on size and complexity of firm
Firms will fall into one of four SMCR categories: outside of scope, limited scope, core or enhanced (see the diagram below showing how firms are categorised
Within the investment sector, not many firms would be outside of scope. Being an appointed representative of another regulated firm would probably be the most common reason. Limited scope firms – with fairly ‘light touch’ regulatory requirements – would be those that already have exemptions under the current APR, such as sole traders.
Most firms in the investment sector would be classified as core firms. A range of tests determines this classification, such as having less than £50bn
assets under management, or being an intermediary regulated firm with revenues under £35m
per annum. The largest and more complex firms exceeding these thresholds will be classified as enhanced firms.
Enhanced firms have to deal with more demanding requirements for setting up and monitoring senior management functions. Both core and enhanced firms will need to adopt the Certification Regime, as well as the conduct rules and fitness and propriety requirements.
Senior Managers Regime: a shift to individual accountability
The crux of this pillar involves allocating responsibilities to senior managers who perform certain senior management functions
) specified by the FCA
. This needs to be codified in a ‘statement of responsibilities
). Comprehensive records must be kept of how responsibilities are met. Individual accountability for these functions is ensured because responsibilities must not overlap or be delegated. Andrew Strange, director of Financial Services Risk and Regulation Centre
of Excellence at PwC
, has advised a number of banks on their SMCR implementations and says firms should expect some unusual reactions to this enhanced accountability.
He says: “It’s the first time I’ve
ever known a group of high-flying individuals not want to be responsible for something. We found that people who were scoping their role were very specific about the things they were responsible for and what they didn
’t want responsibility for.”
Regtech software – pragmatism rising
Regtech, as defined by the FCA, refers to new technologies developed to help overcome regulatory challenges in financial services. For SMCR, these technologies could include software systems such as those offered by Redland, Corporator, Axiom and others. Expectations are high for such technology – to help firms with increasing regulatory demands. In a report by Thomson Reuters, Fintech, regtech and the role of compliance in 2019, 64% of respondents (compliance and risk practitioners from almost 400 financial services firms internationally) say that successful deployment of fintech/regtech should drive up efficiency and effectiveness, allowing more time to focus on value-adding activities.
But, Susannah Hammond, Chartered FCSI, co-author of the report, says that a growing pragmatism has come into expectations. She says: “Where firms’ existing IT infrastructure is a bit creaky, it makes sense to invest in upgrading before purchasing a shiny new system. You can’t have a whizz-bang solution sitting on top of an old system. There have been cases of regtech solution providers over-promising and under-delivering. Regtech will be positive for firms but not ‘as-positive-as-quickly’ as many have hoped.”
She also stresses that pressure on firms to keep abreast with regtech solutions is unlikely to let up. “There is certainly interest from regulators as to whether regtech could make their lives easier. An automated system that produces detailed regulatory reporting in real time at the click of a button could increase transparency to regulators.”
has identified six SMFs
for core firms: chief executive; executive director; partner; chair; compliance oversight; and money laundering reporting officer. Individuals can have more than one SMF
and it is not necessary to have all SMFs
covered; for example, ‘partner’ will not be applicable to all firms. For enhanced firms, 17 SMFs
have been identified, which include those applicable to core firms and others such as chief finance function, chief risk function, head of internal audit, and chief operations function.
Senior managers must be able to demonstrate with documented evidence that they continually take ‘reasonable steps’ to ensure compliance with the regulations as well as the conduct requirements applicable to their SMF
. Mike of Rathbone
Brothers says there is a devil in the detail of this demand. “There isn
’t a definition of reasonable steps, so as an executive team we had to define what this entailed, codify it, and then make sure everybody understood what was reasonable,” he explains.
Andrew also found that individuals tend to apply a more rigorous standard of reasonable steps than a corporate entity would, because they individually carry the can. He says: “For example, don’t be surprised if a senior manager in charge of financial advisers insists on better management information and systems that can show, at the click of a button, if all adviser reports have up-to-date fit and proper standings, meet continuing professional development (CPD
) requirements and have passed their latest competency assessments.”
Hilary Shack, an independent consultant who has project-managed SMCR implementations for investment banks and is now doing so for asset and wealth management clients, highlights the additional demands of codifying the evidence for taking reasonable steps.
She says: “Gone are the days where you can interview people in a coffee shop, decide they are a fit for a job and make them an offer. You can still do the ‘informal’ interviews, but now you must have documented interview records and evidence that staff are fit and proper to perform their role and have been correctly ‘on-boarded’.
“If a new recruit does something wrong in their first few weeks, the FCA
might want to check if they are fit to do their job and that the necessary checks have been done. Managers want to be sure that they can demonstrate this with a comprehensive, documented checklist which serves as an evidence trail.”
identifies another new demand on senior managers, including those at board level – making sure qualifications and skill sets are fit for purpose, refreshed on a regular basis and that this is documented.
"If a new recruit does something wrong in their first few weeks, the FCA might want to check if they are fit to do their job and that the necessary checks have been done"
She says while it sounds obvious, managers must have the right qualifications for their role. But, this isn
’t always the case: “If you look at boards of directors or risk committees, they will definitely have to be evaluating and making decisions about things like technology, cyber
and data protection risks. But many of them will have qualified a long time ago when the syllabuses they completed would not have included anything to do with these issues.”
Shah, senior manager in the finance, risk and compliance department at Grant Thornton
, also points to the need for firms to be aware of some of the less obvious implications of SMCR. “Some firms will have people who are not part of day-to-day operations but have significant influence over strategy (which in turn affects the UK customer). They could be a representative of a private equity shareholder, or a founder who has retired, isn
’t on the board but has kept a significant equity stake. While these types of individuals wouldn
’t have fallen under the previous APR regime, it’s quite possible that they fall under the new regime.”
Certification Regime: FCA passes responsibility to firms
This pillar of SMCR aims to assign individual accountability to those staff who are not assigned an SMF
but who still hold significant responsibility within the firm, such as middle managers, traders or financial planners and advisers.
These individuals will now need to be certified by the firm, whereas pre-SMCR most of them would have been approved persons, certified by the FCA
. Firms will need to ensure they have adequate experience and qualifications, and issue a certificate verifying this on an annual basis.
"SMCR brings an increased need to demonstrate competence and integrity. Independent assessment, through approved study and examination, is an attractive solution for both employers and individuals"
Brothers, one issue encountered with certification was that more people had to be certified than was originally anticipated. Mike says that roles typically described as ‘operational’, which did not fall under the previous APR, required certification under SMCR. He cites an example being a team leader in the dividends department, required to “oversee operations on a day-to-day basis”.
While certifying individuals who were previously approved persons was relatively straightforward – complying with the Retail Distribution Review had ensured things like exams and CPD
were already taken care of – some staff who were not approved persons had to start doing exams and meet CPD
requirements. Mike says: “That was not what they anticipated as operational staff. But, they mostly responded well, and after meeting certification requirements they gained a degree of prestige because they were exam qualified and many in their operational peer group in non-bank firms weren
, director of learning at the CISI, says: “SMCR brings an increased need to demonstrate competence and integrity. Independent assessment, through approved study and examination, is an attractive solution for both employers and individuals.
“The CISI provides an unparalleled range of specialist financial services learning resources and qualifications. Designed for practitioners by practitioners, they offer development and robust assessment of knowledge, skills and behaviours
that are relevant to today’s workplace and regulatory framework. Our international reach and recognition ensure that our qualifications are portable and responsive to a changing global market.”
Conduct rules extend to more staff
Conduct rules are nothing new to regulated staff. But under SMCR, they will also apply to staff who previously had no regulatory responsibilities. Only ancillary staff, with no connection whatsoever to financial services activities, are excluded.
Senior managers have a more extensive set of conduct rules, to do with issues such as regulatory compliance, delegation and disclosure. Rules applying to almost all employees will include demands on integrity; due skill, care and diligence; treating customers fairly; and market conduct.
“I’ve certainly come across staff objecting to these rules with comments such as: ‘Why should I be learning about this; my boss looks after it’.”
Hilary says the extension of conduct rules can be a big challenge in some cases because they apply to staff who have had no exposure to such rules before and it can be a big learning curve for them.
She says: “I’ve
certainly come across staff objecting to these rules with comments such as: ‘Why should I be learning about this; my boss looks after it’.” Mike emphasises
that a lot of time and care was needed to explain to and reassure more junior staff that they shouldn
’t be afraid of this, and that it was really just a more formal way of approaching their existing duties. He says: “The golden rule here is that you cannot communicate enough.”
Also, within the SMCR are enhanced fitness and propriety demands for senior managers, certified staff and non-executive directors. Requirements include: adequate training, qualifications, competencies and personal skills; criminal record checks; and regulatory references such as employment references from the last six years, details of disciplinary action due to a breach of conduct rules, upheld complaints and details of serious misconduct.
Mike advises businesses in the process of implementing SMCR to talk to as many people as possible who have had exposure to the regime.
He says: “There are now plenty of organisations
, such as banks and credit unions, who have been through this before and it’s worth consulting them. Also, look to sector bodies for additional information, even those outside of your direct sector, such as the Banking Standards Board
that has put together information to try and share banks’ experiences.”
While it’s clear that those who have been close to the SMCR process stress that it’s a significant change for the investment sector, it shouldn
’t be causing panic. Hilary says there is now a lot more guidance from the FCA
, compared to what banks had access to. She also points out that there is a large cohort of consultants and advisers that have been helping banks with SMCR, many of which are now available to the investment sector.
Nick McCall, head of wealth management at Dolfin
, agrees with Hilary’s comments about the amount of information available, saying: “The guidance issued by the FCA
is sufficient for us to put most of the new regime in place using our own resources. If questions or issues arise, we will seek advice from our external advisers.”
An important point to recognise
about the timing of SMCR is the phased implementation. By December 2019, SMF
and certified staff must be identified, and from that date conduct rules will apply to them. But the balance of requirements, such as conducting certification assessments, need to be ready after a 12-month transition period, ending in December 2020. Firms should be aware that SoRs
need to be available to the FCA
on demand, so should be in place for December 2019.
Which level of SMCR classification applies?
Source: FCA - The Senior Managers and Certification Regime: Guide for FCA solo-regulated firms
Seen a blog, news story or discussion online that you think might interest CISI members? Email email@example.com.