Compliance and HR are often very separate functions within the average financial services sector firm. They are viewed very differently by employees and management teams alike.
One has the heft of the regulatory risk stick whilst the other often uses the carrot of career development and remunerative reward to consolidate further its role and purpose.
The SMCR has brought the two functions inherently closer in a way that hasn’t often been seen (particularly in the wholesale sector where – we find – there tends to be a more natural resistance to an HR-driven culture).
They now share equal responsibility for the Competence and Conduct risks that all staff present – and they need to work together to minimise these by ensuring that:
- SMF’s accept understand and take reasonable steps to deliver their prescribed responsibilities fully;
- That those SMF’s remain Fit and Proper and competent to hold their Senior Management roles;
- That all staff understand and abide by the FCA Conduct Rules and the implications those have in the context of the firm’s business and their own individual roles;
- That all Certified staff are Fit and Proper to be certified to perform their Significant Harm Functions and that they maintain their training, competence and conduct to appropriate levels;
- That all risks that arise from failure to meet these requirements are identified, appropriately reported and mitigated with recorded audit trail of all actions
So – co-operation and pragmatic solutions are required to share data and processes wherever possible.
Key challenges under the SM&CR
Some of the key challenges to both functions on meeting their obligation under the SMCR are logistical and cultural by which I mean:
- They need to work collectively not in silos;
- Significant amounts of SMCR-relevant Compliance and HR records and data must have shared access – not locked in departmental files or legacy systems;
- They need to find and exploit synergies between the processes that once were the exclusive properties of each.
- For example:
- Assessment of Conduct – and the degree to which staff abide by rules
- The assessment of competence or delivery in role – i.e. performance management – at least in part
- The disciplining or mitigation of shortfalls in either competence or conduct
- Compliance policy adherence, attestations to and acceptance of conduct rules, acceptance of responsibilities and monitoring of reasonable steps etc
- The setting of training and development – specifically relating to all of the above – but including purely Compliance-based training
- The Certification process itself
- Monitoring of SMF’s and reasonable steps
All of these might once have been the exclusive preserve of one or the other. Now they must look to mutual delivery and tracking/recording that delivery collectively and in the same place or process.
Performance Management is often one of the most sensitive of these.
HR rightly tend to own this and it is often delivered through very HR/L&D specific platforms sometimes using non-role specific competencies and objectives.
In larger multi-nationals we often find that processes are owned and domiciled outside the UK and have little relevance to SM&CR requirements on Competence and T&C.
Also – where multiple platforms may be used – Learning Management Systems (LMS), Retail Distribution Review (RDR), Performance Management (PM) and Training & Competence (T&C) systems using multiple external providers – linking these or harvesting data for SMCR purposes can be a challenge.
It is important to engage staff in a performance and T&C driven culture and a much more structured approach to these than may previously have been the case. However, asking staff to complete parallel or duplicated assessment processes is a big turn off and discourages engagement rather than improving it.
It is a challenge therefore when choosing an appropriate SMCR platform to be able to draw -from various other processes and platforms – relevant data without duplicating effort wherever possible.
A sensible and pragmatic approach to this – and one that allows the sharing and tracking of outcomes and data from these multiple platforms – is key.
However, it is simply not practical – particularly for larger organisations – to consolidate everything into one platform or system – even if that were available. So – co-operation and pragmatic solutions are required to share data and processes wherever possible.
Performance Management is of course a rather broader function than the more focused competence and conduct assessments required in the Certification process. However, the latter is very much a requirement of a thorough Certification process and should be backed by objective assessment and evidence. Equally where there are shortfalls they must be identified and flagged – mitigation suggested whether through the setting of objectives or training – and they should be factored into certification decisions and/or their mitigation set as KPI’s/Conditions for Certification.
If a firm wishes to avoid duplication it is perfectly possible to assess these factors within the structure of the PM process with SHF role specific competencies and deliveries being objectively assessed. Acceptable (or not acceptable) outcomes and ratings can then be captured into the Certification process and/or SMCR platform.
The ultimate goal is to create commitment to processes across the business encouraging a culture of putting delivery and assessment of the best levels of competence, conduct and performance at the heart of the business. This must come from top level management and must be led by their example.
Any procurement process for an SMCR solution must include all stakeholders from across the business and make their buy-in and separate interests a key factor.