SMCR compliance consumes valuable management time and yet may still leave you exposed to breach risks. But there is a proven effective digital solution.
How SMCR creates an administrative burden
The FCA's Senior Managers and Certification Regime (SMCR) demands greater personal accountability, especially from Senior Managers, and a minimum standard of conduct from all employees. It is a total compliance regime that has led to numerous workflows.
These include allocating responsibilities to Senior Managers, conducting Fit and Proper checks, certifying all Certified Persons, taking Reasonable Steps, creating Handover Notes, and keeping scores of records of all these actions as well as training, policy attestations, breaches and committee composition.
The administration of all these workflows is complex and weighs heavily on staff time. It requires dozens of submissions, checks and registers that can drain management time. Digitising SMCR compliance is not only convenient but vital.
Challenges of SMCR compliance
Most financial firms use a mix of documents and spreadsheets alongside a legacy record system to manage their SMCR workflows.
This approach leads to many challenges:
- Senior managers and certified persons need to be chased to complete their submissions.
- Senior managers find it difficult to delegate time-consuming tasks to junior staff.
- Records lie in several different places - online and offline - with no way of getting a complete picture of any individual.
- Lack of transparency throughout the whole process.
- Risk of data inconsistencies, missed deadlines and potential errors in tracking and reporting.
How do you meet FCA expectations?
Having a better understanding of the aim of SMCR regimes will help you better understand how you can meet these expectations and what that means for individuals in scope. There are areas where you have to remain proactive if you are to continue meeting the expectations of the FCA.
- What are regulators trying to achieve?
- How these aims translate to expectations
- How this affects individuals
- Areas where you need to proactive
- How to keep meeting SMCR expectations
I covered this subject in detail at the Skillcast Transforming Compliance Summit.
1. What are regulators trying to achieve?
By introducing either new or tougher regimes that hold individuals to account regulators around the world are all looking to achieve broadly similar outcomes:
- Putting customers at the heart of business decisions -they want to see an end to big misselling scandals such as PPI that are so damaging to consumer confidence. They expect that tougher regimes will reduce the short-termism created from inherent conflicts of interest such as commission and P&L based bonuses.
- Maintaining market confidence -in an environment where individuals are accepting and taking greater personal responsibility the regulators believe there will be fewer disruptive events in the markets which should lead to restoration of market confidence.
- Maintaining trust -The FX market rigging scandals caused market participants to lose trust in one another. Regulators believe that individual accountability regimes will help restore and maintain trust in financial services.
- Holding individuals to account more easily - A key failure of pre-global financial crisis regimes was that regulators found their regimes made it very difficult for them to hold individuals to account. The new legislation and rules in their upgraded regimes will better enable them to meet the standards that society expects from those involved in financial services.
2. How these aims translate to expectations
Now that you understand what the regulators think they are going to achieve by having individual accountability regimes you will better understand how that translates to what they expect from regulated businesses.
- Clear allocation of responsibilities, without under or overlaps.
- Meaningful training, which must be role-specific and actionable. So your role-specific training should include case studies and scenario-based learning.
- Decision-makers should be challenged by governance but members of those committees remain individually accountable for their contribution to the committee be that a vote, a challenge, or agreement.
- Incentives should not create conflicts of interest. For instance, only channelling business through one supplier because they pay you.
- Individuals should be incentivised to achieve the highest ethical standards. Incentives are not just financial, they can be as simple as publicly calling out good or bad behaviour, or rewarding high performers with coffee with your CEO.
3. How this affects individuals
So how does this translate to each individual employee?
- Disclose everything regarding your fitness and propriety. You have an obligation to disclose to your employer and in some jurisdictions your regulator, anything that could call into question your fitness and propriety, for instance, judgements, convictions or serious offences.
- Be genuinely responsible for the part of the business that you run. If a problem arises the regulator will expect you to do something about that as you own the resources and have the authority to direct people’s priorities.
- Take reasonable steps to prevent breaches from arising or continuing. Consider the risks, mitigate them and ensure concerns are communicated.
- Lead by example when following the conduct rules and your company’s code of conduct.
- Attend and actively participate in committee meetings. In many organisations, a lack of regular attendance will lead to removal from that committee. Minutes should reflect any time you join or leave the meeting.
- Proactively engage with the PRA and FCA. And remember that they expect you to be candid when you do engage with them.
- Provide a full handover if you leave your role or it changes significantly. Most investigations start several years after the underlying issue happen. A full handover makes it clear what you knew about and what you were doing.
4. Areas where you need to be proactive
There are a lot of processes and procedures involved in SMCR compliance. This complexity creates risks, meaning that you must be proactive in managing these risks in case anything goes wrong.
- Keeping the audit trail up to date - for example, your Job Description, Reasonable Steps and Statements of Responsibilities.
- Delegation - for example, updating your documented delegations when you have staff changes, are looking to increase individuals responsibility, or reviewing your succession planning.
- Training - needs to be kept up to date, training provided must be relevant to each role, but doesn’t always have to be structured for example case studies and discussions at team meetings are an effective way of keeping knowledge fresh.
- Organisational changes - such as changes to your organisational structure, reporting lines, or providing new products or services, or entering new markets.
- Governance - most of your SMCR documentation will need updating if you create new committee’s, or update terms of reference.
- New areas of regulatory responsibility - such as when you start using algorithms, offer new products or enter new geographies or markets.
- Handoff’s between SMFs - needs clarity when for example hiring new people, implementing new technology or processes. Whose responsibility is it, yours or your colleague's?
5. How to keep meeting SMCR expectations
Individual accountability regimes such as SMCR are a growing trend amongst regulators around the world. Regulators expect these regimes to achieve clarity of roles and responsibilities, and for individuals to be incentivised to achieve the highest ethical standards.
- You need to be proactive with regimes such as the SMCR
- Ensure that roles and responsibilities are clear, without the under and overlaps that can lead to operational efficiencies
- Make sure you are really obvious about what you are doing
- Make sure you can prove you are looking for misconduct and taking action
- Treat your staff fairly by being transparent about your expectations and what happens if those expectations are not met
SMCR 360 provides an integrated digital solution
SCMR 360 is a comprehensive, integrated, digital SMCR compliance solution.
It enables clients to digitise, streamline and integrate their SMCR workflows on one portal to improve data accuracy and time efficiencies whilst minimising risk.
The suite of online tools it provides helps to streamline the approval of senior managers and annual certification of material risk takers. Automating chase-ups and record keeping to aid FCA submissions and internal audits.
Dashboards combine the records from various submissions, training, policy attestation, and registers to give a complete view of each employee's compliance status.
Finally, it provides alerts, flagging potential non-compliance issues.
Feedback from Allenby Capital
SMCR 360 has helped us to automate processes, reduce paperwork in the form of spreadsheets, and mitigate the risk of technical breaches of SMCR by ensuring records are accurate and up-to-date. It has ensured confidence within compliance teams that Allenby was meeting their responsibilities and created efficiencies.
Want to learn more about SMCR Compliance?
We have created an SMCR roadmap to help you navigate the compliance landscape, supported by a comprehensive library of SMCR Courses and a fully integrated SMCR 360 Compliance Toolkit.
We also have additional free resources such as e-learning modules, microlearning modules, and more.
Explore our collectionWritten by: Vivek Dodd
Vivek Dodd MS, CFA is a Director of Skillcast. He has helped hundreds of companies to meet their mandatory compliance training requirement using e-learning courses and tools. His special interest is instructional design and the use of asynchronous learner interactions to effect behavioural change. He is a speaker on compliance training conferences, writes articles on compliance training and e-learning in various journals.
