The Senior Managers & Certification Regime (SMCR) and Conduct Rules mark a new era for the UK’s beleaguered financial services industry. The new regime is one of the strictest individual accountability edicts throughout all industries, resulting in executives open to punishments, including jail, for failure beneath their oversight.
This is not merely a “Compliance” thing, it is most definitely an area wherein not only the board, executive committee and individual directors ought to appreciate what they are accountable for, but some other teams in the business as well. The HR operation must play a main role in handling the processes that underpin long-term compliance.
Historically, the operation focused on three parts of the employee lifecycle, drawing in talent, taking care of employment issues whilst it is there and letting it go. But the SMCR means HR has to ascertain employees are ‘fit and proper’, manage regulatory submissions, present much more detailed regulatory references, clarify employees’ roles and help map their responsibilities, manage breaches to the conduct rules and disciplinary sanctions, and even review and carry out the necessary changes to the HR lifecycle.
To rise to its new role as the protector of SMCR compliance from the firm’s perspective, HR should ensure that important changes are embedded across the employee lifecycle. If they are produced successfully, they have the potential to make a permanent and positive difference to how the business is managed and controlled. This can be obtained in 2 steps; by focusing then producing core HR processes suitable for the Senior Managers & Certification Regime and then supporting their company to welcome these changes.Step one: Make your core HR processes suitable for SMCR
Bulletproof record-keeping methods and technology
The SMCR demands that, as well as making certain the employee’s current background check is sufficiently strong, business must develop processes and systems to store employees’ records for external scrutiny over a lengthy period. This is six years for all employees after they leave the organisation and 10 years for senior managers thanks to the fully extended period of investigation and any bonus clawback. It also necessitates business to keep an audit trail of the actions taken if a breach of the conduct rules takes place and track any disciplinary processes, outcomes and actions, all fitness and propriety reviews and any training delivered around the regime.
If at all possible, the Certification Regime should be handled and managed similarly with checks that are equally as robust and documentary evidence of functions, performance and execution of any of those in a position of causing harm to the company. Certificated and even non-certificated staff (excluding ancillary staff) are also obligated to comply with the FCA Code of Conduct rules (COCON).
If a breach does take place, it is HR’s responsibility to demonstrate that appropriate record-keeping processes and tools reside in place to flag any misconduct. Information should also be provided in a timely manner with internal stakeholders, for instance, audit and compliance, and the regulator.
Currently, record-keeping is patchy across the financial services sector, with standards across businesses varying considerably. So, though the extent to which employee records may be shared is still to be defined legally, business need to see to it their record-keeping processes and tools are embedded and flawless.
Control breaches and suspected breaches
A breach will cause one or several people coming under scrutiny and potentially being suspended, impacting business as usual and intensifying the level of anxiety among staff and management. The HR function must be fully ready to address the human and the business impact concerning this.
From the employee’s point of view, being under investigation could be overwhelming and detrimentally impact a career and reputation, even if proven innocent. The onus is on the FCA to prove deception or incompetence, they will have to carry the burden of proof, but companies should be clear where responsibility lies for giving assistance to employees during an investigation and what sort of support could be offered. The company’s management need to also update job descriptions to make sure an appointed individual is responsible for dealing with such events, and has obtained not only the appropriate training and coaching to do so effectively, but also the appropriate Management Information (MI) to make them knowledgeable about any issues.
Breach scenarios are a wonderful way for you to see how your organisation would react if one arose. Designing tailored answers, in addition to creating a rapid response team that is trained to manage such events, could all be necessary actions.
Align performance management.
The regime’s requirements mean organisations must have a performance review process that ensures their employees are ‘fit and proper’. Especially, the process should assess fitness and propriety throughout the year, not just at an annual review. This is a good incentive for firms to take stock of their yearly performance review processes, and may cause significant changes to how and when they evaluate their people, and integrate them with the necessary regime checks.
Train those at the top
For senior managers, the focus of training should be on presenting a corporate framework and tailored leadership development programme that enables them to evidence their ‘reasonable steps’ commitments. Ongoing stress tests and scenario analysis will definitely help senior managers make the appropriate enhancements to their overall governance, controls and delegations as their business or functional units evolve within the company. This will assure the correct training, decision making etc. is in place and raise any potential issues.
Step two: Support the company’s culture and values
Step two: Support the company’s culture and valuesAttract talent and enhance the corporate brand
Tarnished by bad press and a catalogue of scandals, the financial services industry has been striving to attract needed talent.
The new regulations provide an unmissable opportunity to improve the reputation of the financial services industry as a whole, and the winners will be organisations that have fully embraced and embedded the required changes to a degree that positively impacts their employer brand. Carried out correctly, these changes could even improve public perception of the corporate brand.
Redefine culture
Under SMCR, ensuring a culture of compliance and risk management has become a prescribed responsibility for the board and senior managers. A standardised and transparent operational risk framework is key to these changes.
As Tracey McDermott, the former Director of Enforcement and Financial crime at the FCA, said: “We are beginning to rebuild a culture within financial services that is more centred on consumer needs, with a regulator in place that has the right tools and approach, to uphold and encourage the standards the public has the right to expect.”
It’s likely that every financial services company is likely going to be individually assessed on culture by the regulators. They will determine if there are any improvements in areas for example, individual accountability, remuneration, conduct rules and whistle-blowing, and whether senior management are displaying the right values and behaviours. This will require a broad set of internal stakeholders from across the business to come together, involving those of different generations or rank, under the close sponsorship of board members. These stakeholders must target identifying priority areas where improvements really need to happen, following through on changes developed to make accountability a core section of the business.
To overcome the challenges of SMCR and incorporate its great potential, organisations must begin by upskilling their HR, Compliance and Risk teams on all SMCR needs as early as possible to be sure nothing falls into any cracks and to drive real and lasting change. Only by doing this can organisations ensure regime compliance and, most critically, gain the company advantages and benefits that an increase in ownership and accountability will drive.
We have affordable and practical scalable software available that will centrally and securely manage all of these areas for you and reduce time wasted on keeping personalised, individual logs, review evidence, download and access “footprint” trails, that are often impossible with the average PC based systems and nested folders.
To speak to one of our experts about how we can help your firm respond to the SMCR, or adapting our skills to any industry or enterprise, contact us today.
You may also be interested in
Senior Managers & Certification Regime https://wp.me/p7OMfd-2mj
SMCR: Client dealing function CF30 https://wp.me/p7OMfd-2n4
Head of Legal https://wp.me/p7OMfd-2mm
Systems & Controls https://wp.me/p7OMfd-2nb
SMCR: Intermediary revenue criteria for the enhanced tier https://wp.me/p7OMfd-2n7
SMCR: Limited Scope Firms https://wp.me/p7OMfd-2nd
SMCR: Client dealing function CF30 https://wp.me/p7OMfd-2n4
Head of Legal https://wp.me/p7OMfd-2mm
Systems & Controls https://wp.me/p7OMfd-2nb
SMCR: Intermediary revenue criteria for the enhanced tier https://wp.me/p7OMfd-2n7
SMCR: Limited Scope Firms https://wp.me/p7OMfd-2nd
Lee Werrell Chartered FCSI
Compliance Doctor
0800 689 0190
