After what seems like an age, MiFID II finally came into force on 3rd January 2018. Although far reaching in certain areas, e.g. the need for greater auditability of client interaction and investment decisions, it could be one of the less ‘headline grabbing’ elements that may well have the most far reaching implications for firms.
We are all of course aware, MiFID II requires firms engaged in MiFID business to ensure, and be able to demonstrate, that individuals giving clients investment advice or information about financial instruments (or investment or ancillary services) possess the necessary knowledge and competence to fulfil their investor protection obligations.
The impact on each firm will of course be different and very much dependent on how the firm is structured and the tasks that each individual employee is involved in. The main change has been in respect of those employees giving clients information as these people are now caught by the detailed knowledge and competence requirements that MiFID II brings, and as a result firms have had to develop systems and controls around them.
As mentioned earlier, the type of individuals affected will be different across firms depending upon the composition of their job roles and how the business is structured. It is reasonable to expect that individuals such as Sales People, Customer Relationship Managers, Portfolio Managers and some Product Specialists are likely to have been affected.
Financial services firms have long since been subject to rules that ensure that Staff giving clients investment advice are properly overseen. This new requirement that extends to “Information Givers” seems more challenging for firms to implement and oversee.
Since the concept of T&C was introduced back in the 90’s the landscape of oversight for the competence of individuals has become more ‘crowded’ and, as a result, more complicated
So, why is that? Well, firms are well used to implementing T & C frameworks to manage competence and evidence it and those staff within it are also used to being overseen in this manner. However, those staff that do not provide advice, but “support the advice process” are less used to this kind of oversight.
In these instances where we have seen firms have the greatest success is where they have had a strong education programme that backs up the changes they have had to implement. Where individuals have grasped the reasons for the changes, together with the benefits that it will not only bring to them, their employers and their customers, then the road to implementation has seemed smoother.
But now that MiFID II has brought us “Knowledge & Competence requirements,” what actions have we found firms have been taking to embed these new requirements. That has been dependent on whether firms have been aligning them with the new “Certification Regime” for those already subject to SM&CR, or whether they have been preparing for future alignment when the Certification Regime applies to their firm.
Since the concept of T&C was introduced back in the 90’s the landscape of oversight for the competence of individuals has become more ‘crowded’ and, as a result, more complicated. The most notable addition to the landscape, of course, is the introduction of the Senior Managers and Certification Regimes (SM&CR) in the banking sector in March 2016, and its roll out across all other areas of financial services in 2018-9.
A fundamental concept within the Certification Regime is the requirement for all identified staff, from the most senior to the most junior, to adhere to the highest standards of personal conduct and competence.
But that is no different than it should be now, I hear you say… And many will agree with you, but still even in 2018 when the concept of wider employee competence frameworks have been with us “in a regulatory sense” for over 25 years, there are still many firms out there that do not have robust frameworks and cannot evidence competence.
So, now we are in a regulatory landscape where we have individuals potentially subject to K&C, T&C, SM&CR and the wider Conduct Rules and firms and Senior Managers having the responsibility and accountability for providing oversight and assurance to the business.
And of course, all of this is expected to run alongside the process of performance management or appraisal, which usually has its own set of, HR derived, behaviours and competencies!
Until the introduction of SM&CR, T&C and performance management usually co-existed in, what always felt like, parallel worlds. However, with SM&CR and now K&C, there is a strong argument that this incongruity can’t continue.
So, what should be done? Below is a simple six point plan for creating clarity and coherence around competence frameworks and measurements from the current, crowded situation;
- Stakeholder ‘Buy In’: An old adage I know, but nothing will get done without senior manager understanding and buy in. Sell senior stakeholders the vision of a simpler, less risky, future and a project plan to review and rationalise the current, likely confusing, set of arrangements. Ask the stakeholders to nominate champions from the affected functions to be part of the project team with the aim of delivering one holistic framework that will allow competence to be not only measured but evidenced
- Competency Review: By job role, conduct a review of the roles covered by K&C, T&C and the Certification Regimes. Analyse the qualifications, competencies and personal qualities currently defined as required in these roles and the assessment processes for each role. Once done, overlay the requirements from the performance management process on each role to gain to a view of the complete picture.
- Process Review: Conduct a review of the processes (and the timing of these processes) used to assess each role. Also, understand what supervisory staff are involved and the capabilities expected of these individuals.
- Rationalise: Look to consolidate the likely competing regulatory requirements for each role into a single coherent framework of oversight. Also, work to ensure the requirements for each set of roles builds into a firm-wide framework that can be understood and easily communicated. Once done, consider how these frameworks will be assessed, what records will be kept, who has the responsibility for the final decisions on individuals etc. Finally, define what systems and controls will be required to provide the necessary governance for these processes.
- Record Keeping: Consider what system support could be provided for both individuals and supervisors to help them work through the assessment processes as effectively and efficiently as possible. If answers aren’t provided to this question there is a real risk that records will be stored in different formats and / or systems, making oversight of the process and interrogation of the results very difficult indeed.
- Operationalise: The new frameworks, and supporting assessment processes, will need to be carefully communicated to end users and their supervisors alike to ensure full understanding. To increase the chances of success, end users and their supervisors will need support and feedback (another reason to ensure that a record keeping system is at the heart of your competence framework
- Feedback: Finally, as few things motivate like feedback and positive reinforcement, provide examples of best practice and recognise this best practice behaviour.
By reading this, if you feel motivated to raise the subject of a project to rationalise these various frameworks, don’t be surprised if your enthusiasm is met with a strong dose of apathy. There has been so much change in the regulatory arena that to undertake another project, particularly one that isn’t an out and out regulatory requirement, is unlikely to be top of your firm’s ‘change agenda’. However, the very strong argument for embarking on this project is that without it, there is a real risk of competing competency frameworks and assessment processes creating confusion and, with confusion, comes the risk of overall outcomes being diluted. And for firms, diluted outcomes in a regulatory environment poses a real risk of significant harm being done to the firm, customers or both.