The recent deadline of 7th March for implementation of the Senior Manager and Certification Regimes (SM&CR) has been subject to a lot of focus in the banking community.
By the deadline Firms subject to the new rules were obliged to submit a Responsibilities Map and draft individual Statements of Responsibilities for all Senior Managers, allocate Senior Manager Functions and prescribed Responsibilities and clearly document the Firm’s governance arrangements.
However, of more particular interest, they also had to identify the population of staff within the firm who would be subject to the new Certification Regime.
Following the late changes to the scope of the Certification rules, which were extended to also encompass roles in the ‘Wholesale Banking’ industry, firms have been given a little more time to finalise the identification of Certification staff in those areas.
The ‘Certification’ timeline is set out below:
- Certified Persons, except Client Dealing function and Algorithmic Trading function to be identified by 07 March 2016
- Conduct Rules apply to Certified Persons (except as above) from 07 March 2016
- Client Dealing function and Algorithmic Trading function to be identified and Conduct Rules to apply from 07 September 2016
- All Certified Persons to be issued with Certificate by 07 March 2017
This ‘transition’ period (March 2016 to March 2017) for CERT has been explained as allowing Firms time to link the initial Fitness and Propriety assessment and resulting issue of the 1st Certificate to the timing of their Performance Management cycle.
This is interesting because there has been significant focus on the fact that under CERT, Firms will have to repeat the formal Fitness and Propriety assessment (F&P) for all identified staff at least annually.
The two primary obligations on firms under the certification regime are:
- to take reasonable care to ensure that no employee performs a “significant-harm function” unless the employee has a valid certificate issued by the firm (FSMA Section 63E); and
- not to issue a certificate to any such employee unless the firm is satisfied that the person is fit and proper to perform the function to which the certificate relates (FSMA Section 63F).
There are four key factors to consider when assessing the fitness and propriety of a person to perform a particular function:
- honesty, integrity and reputation
- competence and capability
- financial soundness
- personal characteristics
Last year, during the consultation process, both FCA and PRA promised to publish additional guidance regarding the application of the F&P assessment but that there would be no fundamental changes. However, to date no additional guidance has been issued and there is no timetable for it, so Firms will have to reply on current best practices.
The F&P process actually needs to be a ‘continuous and ongoing’ assessment of an individual’s appropriateness for their role – it is primarily about behaviour not an annual ‘MOT’.
Certainly the F&P assessment is a critical part of CERT and it needs to be repeated at least annually but there is a risk that linking it to existing annual appraisal processes is a mistake.
The F&P process actually needs to be a ‘continuous and ongoing’ assessment of an individual’s appropriateness for their role – it is primarily about behaviour not an annual ‘MOT’.
The annual MOT tests that a car is safe to drive but Certification needs to ensure that the car is being driven safely, every day!
The new SM&CR regime, taken as a whole, represents a fundamental change of responsibility for Firms. It moves the primary responsibility for compliance and risk controls from 2nd and 3rd line functions to the first line, operational function heads.
As a result of this change, although there will be a dedicated Senior Manager who is personally responsible for Certification, they will primarily be responsible for policy, process and procedure.
If there are Cert staff who are found to be ‘misbehaving’, first and foremost, it will be the operational line management and the Senior Manager accountable for the business area where the controls failed that will be held to account. Any issues with the ‘policy’ and ‘process’ of Certification will be tackled separately.
So one of the key questions to ask is whether your Performance Management systems will give you the necessary day to day ‘behaviour’ monitoring and oversight that will be required?
We should remember the history of T&C – it was born out of the need to control and reduce the incidence of ‘sharp practice’ and bad management – T&C has been called the ‘illegitimate child of Compliance and Sales Management’.
In fact, T&C was introduced to improve and control ‘cultural and conduct’ failings. There was a good reason it was never part of the HR department. It is all about day to day man management and behaviour monitoring.
The required approach for a CERT solution is the same. It needs to monitor the actual day to day activity of Staff and Teams – are they doing the right things in the right way for the right reasons? This is the job of the team leader and operational line management. It is not a 2nd line HR function.
This is not ‘Conduct Risk Management’ either (that is probably happening over there in a new specialist department, who probably have a shiny new dedicated system), this is ‘Conduct Management’. Actually getting on top of transactions and customer interactions and ensuring they are consistently delivering appropriate customer outcomes.
To achieve this efficiently, effectively and consistently, Firms should invest in a specialist system, one designed to do exactly this. The right solution will take away the increased admin and proactively automate the processes. It will collate all the KPIs and deliver actionable MI, in real time to the required audiences.
The system, the process and the admin should not be the focus of the conversation or the project within your Firm.
The focus needs to be people and management effectiveness.
Dedicated T&C systems could easily save more than 2 or 3 FTEs of effort across a CERT population of 50 -100 staff annually, significantly more than the License and Implementation costs.
Implement the right policy and solution and then let your people focus on their people – behaviours, objectives and outcomes.
For CERT to work, it has to be efficiently delivered, asking your managers to manage more effectively with better record keeping while taking on increased administration is going to be an uphill struggle.
Give them some good tools to do the job and then invest time and effort in the key competencies of supervisors and managers. It is these roles which will deliver effective Certification and it is these roles that will have the ‘safety’ of your Senior Managers in their hands!
If Certification is all about ‘behaviour’, then consistency is key and that means investing in the key managerial roles across the business –
- Do they all understand the policy clearly?
- Do they all apply it in the same way?
- Would they all reach the same consistent conclusion in a particular case?
- Do these key staff personify and champion the Culture and Conduct messages?
- What are the new KPIs required to monitor the new CERT processes?
Firms should be focusing on these questions and spending their time and effort investing in their middle and front line management teams, good old fashioned Team Leadership courses or Man Management training will pay dividends.
Specialist T&C Supervision courses exist which already cover the majority of the principles and skills needed to be an effective manager under ‘Certification’ and I am sure that soon, these courses will tailored to focus on the CERT regime.
It is likely that because of the ‘no gaps’ rule within CERT (one of the reasons to be Certified is ‘managing Certified staff’) there will be populations of management who will be Certified under the new rules who were never subject to the Approved Persons Regime and therefore will not be familiar with the concepts of ‘supervision’ under T&C. For these staff, training will be essential and equipping them with tools to manage the admin and record keeping, will allow them the ‘space’ they need to concentrate on applying the ‘policy’ consistently.
You will be relying on these managers to deliver your Certification policy and ensure that any issues are addressed and corrected before you reach critical renewal dates. Deciding not to issue a CERT will be a very serious decision and potentially career limiting for some.
The annual certification process will therefore need to be robust and well documented, showing a clear and transparent decision-making process, well supported by regular operational managerial evidence over time.
Firms who are not banks, should start to consider their SM&CR planning in earnest, given that it will apply the same elements (a Senior Managers Regime, Certification Regime and new Conduct Rules) to their business and most importantly their people.
The change away from the Approved Persons regime to a more structured and granular approach will impact your people more than any other element of your business, how you can apply the change to improve culture and, reduce conduct risk, will define your successful implementation.
Both FCA and PRA have regularly commented that they hope firms will embrace the spirit of the SM&CR, and use implementation as an opportunity to reinforce values and focus on outcomes.
In this context, Firms should begin thinking about the ‘big-picture’ and the implications for their staff. It is your staff who will actually make the wider SM&CR and particularly Certification perform.