On 7th March this year, the Senior Manager and Certification Regime for Banks (SM&CR) and Insurance companies (SIMR) came into force. It has taken over 3 years but there is still plenty to do.
All banks and insurers had a deadline to submit a Responsibility Map to the regulators, the primary purpose of the Map being to clearly document exactly ‘who’ is responsible for ‘what’ and to evidence that there are no gaps in the firm’s governance arrangements.
Many firms have, quite rightly, been focused on defining the first draft of their maps and collating the necessary evidence to support this documentation of their governance arrangements, including drafting the equally critical ‘Statements of Responsibility’.
Managing and maintaining their Responsibility Map is a critical part of complying with the obligations of the new regime. It is perhaps only now that some firms are picking up the challenge of what maintenance of the map might mean. For example,
- How many times a year do you expect to update your map?
- How will you maintain auditable, locked versions of each map over time?
- What will constitute material change vs trivial change?
- What is the ‘sign off’ process for updates to the map and is it different according to the extent of the change?
- How, as a firm, will you ensure continued ‘sign up’ to the contents and accuracy of the map by the whole senior manager team?
Your Responsibility Map (or for insurers, your Governance Map) and the accompanying Statements of Responsibility (SOR) are the most visible elements of your compliance with the new regime. Like the tip of an iceberg, they can be seen from all around and are, in themselves, significant and material things, but it must be remembered that they are part of a much more massive whole!
Interestingly, the ‘tip’ of a typical iceberg, usually represents approximately 1/10th of the volume of the berg, with the vast majority underwater. The shape of the underwater portion can be difficult to judge by looking at the surface. This has led to the expression “tip of the iceberg“, for a problem or difficulty that is only a small manifestation of a larger problem, the total size and shape of which is really much greater and hard to define.
The largest iceberg on record was an Antarctic tabular iceberg measuring approximately 208 by 60 miles, making it larger than Belgium. It was sighted in the South Pacific Ocean, in 1956. Although the dimensions are only approximate, its size and mass under the water must have been genuinely enormous!
In more recent times, in March 2000, another truly massive iceberg, known as Iceberg B-15, broke off from Antarctica and drifted around, gradually breaking into smaller bergs, still huge, until well into 2006.
Returning to the analogy, and comparing the SM&CR regime to an iceberg, the Responsibility Maps and SOR represent the ‘tip’ and the wider implications and consequences of the new regime are the 9/10th under the water, perhaps not yet fully appreciated or measured but like Iceberg B-15, expected to be with us for many years to come.
This leads into the Treasury announcement in October 2015, when they (finally) confirmed the intention to replace the Approved Persons Regime by extending SM&CR across all of Financial Services.
The announcement can be found on their website – (https://www.gov.uk/government/publications/senior-managers-and-certification-regime-extension-to-all-fsma-authorised-persons). It is relatively short and makes some interesting references to the ‘scale’ of this iceberg – applying the new regime to approximately 60,000 firms and almost 150,000 people. Hidden within these numbers there are some insights into the challenge that this change will need to overcome.
Across the Banking and Insurance worlds, under APER, there were almost 1000 firms affected, excluding Credit Unions, with about 40,000 approved persons. Under SM&CR their estimate is that this will transform into about 7,000 Senior Managers and 33,000 Certified Staff – Regulators will only focus on the Senior Managers in the new world and make firms (and their senior managers) personally accountable for the 33,000 Certified staff – a good result, clearly 7,000 will be a lot less work for the Supervision teams than 40,000.
Getting SM&CR on its feet for Banks and Insurers has taken over 3 years and well over 30 different Consultation Papers, Feedback Statements, Policy Statements, Final Rules etc., and we’re still not quite done yet.
I excluded Credit Unions from the summary above because of a key phrase which has been introduced during this process – ‘proportionality’.
This new phrase has become increasingly important at both regulators and will be even more important when it comes to the application of SM&CR to all of the Financial Services and Markets Act (FSMA) regulated firms. The intention is to limit the impact and therefore the cost of compliance for smaller firms, for example Credit Unions. For most of them SM&CR is more simple and easier to implement and maintain. Although ‘Small Firms’ are still affected and still have an obligation to comply, so even ‘proportionality’ does not allow for complacency.
The Treasury paper sets out the timetable for extension of SM&CR, stating that it should “come into operation during 2018” and they estimate that it will apply to over 17,000 ‘traditional’ financial services firms, including stockbrokers, securities and futures firms, asset managers, financial advisers etc. It will also apply to about 40,000 Consumer Credit firms although many of these will qualify as ‘small firms’.
Until the consultation process gets underway we can not be certain of much, but it would be fair to assume that for many of the 17,000 ‘traditional’ firms, some form of ‘proportional’ approach should reduce the impact somewhat.
However, with HMT expecting the 100,000 Approved Persons in these firms to reduce to about 40,000 Senior Managers, there will be a lot of firms (and executives) becoming much more personally accountable for the culture, competence and behaviour of their staff.
The Finance Bill to extend SM&CR to fully replace APER is not yet made into law, but the approach being adopted to achieve the extension is clear……..
At the core of the current legislation, which applies to Banking firms, is the slightly complex definition of ‘Relevant Authorised Person’. This doesn’t mean ‘people’, instead it defines the ‘firms’ that the legislation applies to i.e. the Banks. In the new Bill, this complex definition is being materially simplified, to extend the SM&CR regime to wider traditional Financial Service firms and others, this definition is being changed to ‘Authorised Persons’ – which means all ‘firms’ regulated by the Financial Service and Markets Act – namely, all of us!
So, although I am sure we can expect a complex and involved consultation process, essentially we are all going to get what the banks (and insurers mostly) have got today – Responsibility Maps, Statements of Responsibility, codified Senior Manager Functions, Prescribed Responsibilities, Certification Regime, Conduct Rules, obligations for no gaps, Reasonable Steps, annual commitment for FIT and Proper, etc etc.
Interestingly, unless I am mistaken (which is more than possible and please anyone do shout and correct my opinion if I’m wrong – comments very welcome on the T&C Group on Linkedin Groups), this approach to extending the regime means that Insurers will shortly be subject to the Certification Regime as well, similar to the Banks.
Also on the horizon are the T&C changes being introduced by the Mortgage Credit Directive (MCD), which will apply from 21 March 2017.
MCD will introduce a broad set of knowledge and competence obligations to a wide new population of people involved at any stage of the Mortgage process, including product development. For Mortgage Advisers, specifically, the new MCD changes will need to be embedded into the Certification process because they will also be subject to the new Certification Regime under the extension of SM&CR. Therefore their performance and competence assessments will become the personal responsibility of a senior manager in each firm.
In addition to the MCD changes, the European Securities and Markets Authority (ESMA) has recently published (January 2016) the new set of guidelines for the assessment of knowledge and competence for investment firm staff, under the terms of MiFID II. The guidance will apply to all staff giving advice, staff providing information and staff providing ‘ancillary services’ to clients of the firm. These guidelines will come into effect on 3rd January 2017. In summary these guidelines will oblige firms to ensure that:
- All staff have the relevant training and qualifications and experience (2 tiers – provision of advice and provision of information / services)
- Obligation for an annual re-assessment of knowledge and competence
- Obligation to undertake relevant and appropriate CPD
- Obligation for appropriate record keeping and potential review of records by the regulator
- Obligation for supervision for trainees and minimum standards for supervisors
- Maximum time periods for achieving qualifications and acting under supervision
In essence, ESMA are applying ‘regulated T&C’ as we know it, to a wider population of individuals. There is some more detail on the distinction between providing ‘advice’, ‘information’ and ‘service’ contained in the final report – (https://www.esma.europa.eu/sites/default/files/library/2015-1886_-_final_report_on_guidelines_for_the_assessment_of_knowledge_and_competence.pdf).
They must know how their firm’s culture delivers desirable outcomes and have a clear picture of what is being done across the firm to promote competence and monitor conduct. Most essentially they must have an effective means of assessing whether ‘what they are doing is having the right effect’.
We can expect consultation from FCA on this ESMA guidance in the very near future and at some point all of these changes (ESMA / MCD / SM&CR etc.) will need to come together into one set of standards and rules.
It is very clear from both UK regulators (and from the European bodies) that they expect firms to embrace these ‘Accountability’ changes and apply their new obligations to the genuine improvement of customer outcomes and that Senior Managers will be personally responsible in all firms for achieving this.
Board members and executive teams need to find solutions that will give them a clear, evidence-based picture of staff competence and staff behaviour, and the resulting ‘reality’ of the culture in their firms.
They must know how their firm’s culture delivers desirable outcomes and have a clear picture of what is being done across the firm to promote competence and monitor conduct. Most essentially they must have an effective means of assessing whether ‘what they are doing is having the right effect’.
The Board and Exco of all firms need useable and relevant information that will help them judge the extent to which they are achieving their objectives with respect to culture, conduct and competence in their firms; and to identify what is and isn’t working; and whether resources are being prioritised in the most effective way.
Forcing firms to focus on the links between staff competence, capability, behaviour and conduct, and to prioritise developing how these elements define the culture of the organisation are the underlying objectives of SM&CR.
This is the body of the ice berg – it is the 9/10ths of the impact of the new SM&CR Regime currently on Banks and Insurers and soon on all FSMA firms.
Efficient and effective management, maintenance and monitoring of Responsibility Maps, including Statements of Responsibility and Certification will be critical in the next few years. In many ways this represents the tangible (visible above the water) components of the new world and with MCD and extended SM&CR on the horizon, all FSMA firms need a good solution that will deliver this.
However, for the Senior Managers of all firms, assessing what is coming ‘under the water’ and understanding how to navigate it will be increasingly, personally, individually imperative…………….. Effective T&C teams and systems will probably be the ice-breakers that prevent accountability disasters………….. Do you think we should tell them?
