The Senior Manager and Certification Regime (SM&CR) is well underway now with the deadline of 9th December 2019 having passed. HR and Compliance departments across UK will have worked so hard for the last couple of months to complete all tasks necessary for Day 1 SM&CR compliance. No doubt you have mapped the Senior Management functions as per FCA requirements to identify Senior Managers in the organisation, issued Senior Managers with new contracts, implemented the responsibilities map and formal handshakes between processes, and ensured all relevant parties have had appropriate training sessions.
Whilst there is a collective sigh of relief from those HR and Compliance departments after Day 1 compliance, the reality now strikes as to how to keep up with the SM&CR compliance requirements on an ongoing basis i.e. Day 2 compliance going forward. Although it may feel like you have got over the line, the truth is that the real work begins from here on in.
Although it may feel like you have got over the line, the truth is that the real work begins from here on in.
Some imminent questions in everyone’s mind:
- SM&CR has made the roles of HR, Legal and Compliance a lot more onerous by making the teams responsible to certify or attest the fitness and propriety test for Senior Managers and Certification Regime. Are the teams fully aware of their responsibilities and what they are signing up to?
- What happens on Day 2 and how do you manage ongoing governance and compliance to SM&CR throughout your organisation?
- Do I look for a suitable software solution that can help track the SM&CR compliance on an ongoing basis?
- Where do I house all SM&CR documents and ensure appropriate data confidentiality and data privacy?
- As the level of SM&CR compliance (i.e. whether Limited, Core or Enhanced) is Legal Entity based, how to handle different levels of SM&CR compliance requirements for different legal entities within the same Group Company?
- How to implement a consistent, intuitive and effective compliance methodology given the onerous nature of the attestations for HR, Legal and Compliance departments, Senior Managers and Certified persons?
What should be the key areas to focus for Day 2 SM&CR Compliance for Head of HR, Legal and Compliance?
Your role in the ongoing compliance of SM&CR is pivotal to your organisation. Although there is a foundation in the form of HR governance processes for much of the SM&CR compliance activities, it is the increased focus on the need to demonstrate proper decision rationale, added responsibility/accountability, significance and repercussions of non-compliance SM&CR brings to an organisation that increases its importance.
Managing Conduct Issues
Although you may be used to managing all identified conduct issues, due consideration now has to be given to enhance the documentation of how the issue has been dealt with, corrective actions that all parties have agreed and ensuring the triangulation of any other information relating to the employee. Additionally, governance needs to be enhanced and processes put in place to ensure that HR is made aware of any potential or actual breaches of the conduct rules as soon as they are reported. This is a key input to the ‘Fit and Proper Assessments’
Fit and Proper Assessments
SM&CR mandates an annual Fit and Proper assessment for all Senior Managers and Certification Employees. This is an individual based assessment to be performed by HR or Compliance Function and for those employees who perform Senior Management Functions, those performing significant roles in the organisation including material risk takers, client facing functions etc., This has increased the number of employees that need to be assessed which is going to take considerable amount of time. The most effective review includes the consolidation of all relevant information relating to that employee before HR/Compliance are satisfied, on behalf of the organisation, that the Senior Managers and Certification employees are ‘fit and proper’ to perform their respective roles.
Though the attestation is annual, the expectation from the regulator is for HR/Compliance to have oversight and monitoring of the Senior Managers and Certified Persons as a continual, dynamic process. The biggest challenge is ensuring and demonstrating to the regulator that management of Conduct and Fit and Proper Assessments of the employees is an ongoing exercise and not a ‘annual’ one-time exercise. To be able to do that, regular consolidation of all relevant data relating to the behaviour of the employee is essential. Companies are considering implementation of behavioural scorecards to monitor behaviours and how the Senior Manager influences with culture of the organisation –these could, for example, include measures such as tracking of attendance at key Governance meetings, completion of mandatory trainings by themselves and also their team members.
Pre-approval of Senior Manager by the Regulator
All Senior Managers performing Senior Management Functions should have FCA approval prior to taking the role. If there is an existing employee who has been promoted to a SMF role, having the history of their conduct as part of the request for the Regulator in one place may be important.
Vetting, References and Record Keeping
The rules may bring about changes to your vetting processes and how you give references. However, it is the record keeping that supports the vetting that has been performed and the information you provide in references which has increased in significance.
Similar to vetting and references above, the record keeping that supports the decisions made when determining remuneration to award the employees which is key. It has to be backed up by evidence of not only performance but conduct and behaviour.
Training & Conduct Policy
The culture of a firm cannot be changed overnight. The employees of the firm will need continual training in different forms throughout the year. Additionally, it would be helpful to have positive affirmation of training having been completed, and that the employees have read, and comply with, the conduct policy.
What are the key areas of focus for Day 2 for the Senior Managers
SM&CR is focused on personal accountability. Both the FCA and PRA are able to take action against a Senior Manager if they are responsible for management of an area that breaches a regulatory requirement and it is proved that he could not take sufficient steps that could reasonably be expected to prevent the breach. Disciplinary action can be taken for up to 6 years from the date of occurrence of the event.
How can the Organisation support their Senior Managers in ensuring Compliance to SM&CR?
- Implement an Appropriate and Effective Governance Framework
With such high stakes for a Senior Manager, it is crucial that the organisation has a robust framework in place to support both the Senior Managers and the organisation itself. It is essential that the framework facilitates the Senior manager to be able to take and to demonstrate the reasonable steps to prevent a regulatory breach.
In addition to a clear responsibilities map, and individual statements of responsibility, the governance infrastructure needs to allow the Senior Manager to demonstrate responsiveness to issues, oversight of their responsibilities and evidence for decision making. It can take time to embed the appropriate culture within the governance framework where individuals welcome challenge and debate, or where people are not afraid to raise issues.
- Embed a risk and control environment with effective policies and procedures
A Senior Manager needs to ensure the risk and control environment for their area of accountability and policies and procedures are fit for purpose, and both designed and operating effectively. This requires documentation and assessment of risks, and controls, testing, and identification of issues and actions taken. This is to demonstrate the business is controlled appropriately and compliant to regulatory requirements and standards.
What is to clear is that a lot of companies are on the journey.