PRA review of SMCR – What can we learn?


Last December, the PRA issued the results of its review into the implementation of SMCR in dual-regulated firms, i.e. Banks, Building Societies, Credit Unions and Insurers. As SM&CR has been applicable to many firms since 2016, this feedback is helpful in understanding what impact the implementation has had.  Dual-regulated firms have lived with SM&CR for a reasonable period of time now and so are better able to comment on their experiences.  It was also interesting to get a view from those that supervise the regime, and no doubt many firms were interested to hear how PRA supervisors found working with the components of the regime through their supervisory duties.

The PRA were interested to understand how the day-to-day operation of SM&CR versus the regulators original objectives had been met and to find out if there were any unintended consequences of the regulation. To do this, data was collected from PRA supervisors, interviews were held with practitioners, advisers and supervisors and a sample of 140 firms were invited to get involved.   The questionnaires sought responses from both senior managers, i.e. those overseeing the implementation of the regime, and those responsible for the actual implementation the regime.

The study produced some very interesting results which the review summarised into three themes and nine recommendations:

Lessons to Learn

Whilst the review identified generally good news in that firms felt SMCR had changed things for the better, two key lessons stand out for me:
On an operational level, firms are still challenged by regulatory references because, by nature, firms providing references will respond to the specific info requested, i.e. often ‘yes’ and ‘no’ questions, and be careful not to say anything potentially discriminatory. This places the onus on the ‘receiving’ firm to request more information should  they have questions or concerns.

The British Standards Board produced a guidance paper on regulatory standards in September 20191. On page 10, it states; “While a template has been provided by the FCA for firms to use, firms are not prevented from asking for more information than is included in the template”. Firms should use this guidance to provide themselves with the level of information they need to reassure themselves they are not potentially recruiting a ‘rolling bad apple’.

  1. On a wider level and more significantly, much work is still required to ensure SM&CR is more than an exercise in regulatory compliance, i.e. more than a ‘tick box’. Indeed, messages from both regulators, particularly the FCA, are focused on SM&CR being the catalyst for creating wider culture change in financial services.

If so, linking reward to displaying the appropriate behaviours and ensuring the appropriate senior managers really take ownership for embedding SMR and Certification are important, but only in the context of them being enablers for creating wider change.

Lessons to Learn

The key lesson in this area is around diversity. Both the PRA and FCA talk extensively about the need for greater diversity at board level in financial services believing that, as Anna Sweeney (Executive Director, Insurance Supervision) said of the 2008 financial crisis;

The lack of intellectual diversity, including from the lack of gender, race and other diversity, we believe contributed to the severity of the crisis through confirmation bias”.

When both recruiting externally and promoting from within, firms should guard against the tendency to ‘play safe’ and champion candidates who reflect the status quo.

Lessons to Learn

Many of the lessons revolve around the PRA committing itself to more dialogue with the industry which may, in turn, create further guidance in the future. On a practical level, however, smaller firms will be looking to the PRA to provide guidance that will lessen the administrative burden of reporting.

How RegTech Can Help

Both the PRA and the FCA view RegTech, i.e. the use of technology to help firms with regulatory compliance and costs of that compliance, as a key enabler in the embedding regulation, SMCR included.

Worksmart’s dedicated and multi-award winning SMCR solution, Accord, has been specifically designed to provide firms with functionality to manage the detailed day to day management of the regime quickly and simply. This is important for two reasons; firstly, smallest firms aside, most firms’ SMCR regime will require hundreds if not thousands, sometimes tens of thousands, of individual activities to be administered, recorded and reported on each year. Without dedicated software to manage and record these activities, the administrative costs are significant. Additionally, by not using a bespoke SMCR system, firms increase their risk of non-compliance and, potentially, fines by missing key activities. Simple examples of these are;

  • Not collecting and following up on references for newly recruited staff
  • Not informing the FCA of a senior manager temporarily holding a Prescribed Responsibility for more than 12 weeks (concessions due to Covid aside)
  • Not completing detailed handover notes between senior managers when responsibilities are passed between them
  • Not updating committee memberships and members’ responsibilities
  • Not collecting all the necessary information to complete a thorough F&P review of an individual etc.

RegTech solutions like Accord will alert and chase administrators and central teams if activities like these, risk either not being done, being overdue or substandard.

When adopting Accord, firms can expect:

  • More accurate and timely record-keeping
  • More efficient processes, so saving time and cost
  • Greater governance and oversight

Using Accord enables administrators and central teams to ‘step away’ from simply administering the SMCR rules to concentrate on oversight and the qualitative assessment of processes. When teams have the space and time to do this, they can concentrate on preventing breaches, support teams that are struggling and generally work to better embed the regulation.

Whilst SMCR RegTech solutions like Accord cannot solve wider issues identified in the report such as diversity, by efficiently managing ‘the day-to-day’, they create the time and space for central teams and senior managers alike to concentrate on these wider issues.

To read the report in full:

BSB “Statement Of Good Practice – Certification Regime Regulatory References”

Our sponsors help bring T-CNews content to you for free

Please visit our sponsors page for their latest news


About Author

Avatar photo

Julie Pardy is Worksmart’s Director of Regulation and Market Engagement. Julie is a dynamic, highly engaging, professionally qualified individual who has worked in the field of financial services for the last 25 years and has extensive experience of a wide number of areas such as Regulatory, Governance, Business Quality, Conduct Risk and Behavioural Economics to name just a few. Worksmart has built its reputation by supporting the UK’s leading financial service businesses through the challenges of regulatory compliance. From Training & Competence to Quality Assurance, SM&CR to Complaints Management Worksmart enables smarter business responses. Whether working with an SME or a large corporation, Worksmart’s software solutions create business improvements that also meet the demands of regulatory change. Worksmart software solutions are simple to configure, easy to implement and will help streamline your business processes. With deep experience, comprehensive, award winning product set and wide ranging expertise, Worksmart can be trusted to ensure regulatory change is turned into business advantage.

Leave A Reply