This is not only a “Compliance” thing, it is most certainly an area in which not only the board, executive committee and individual directors must definitely appreciate what they are liable for, but other teams in the business likewise. The HR function must play a principal role in dealing with the processes that underpin long-term compliance. In the past, the function paid attention to three components of the employee lifecycle, drawing in talent, taking care of employment issues whilst it is there and letting it go. But the SMCR means HR has to make sure employees are ‘fit and proper’, manage regulatory submissions, supply added detailed regulatory references, clarify employees’ roles and help map their responsibilities, manage breaches to the conduct rules and disciplinary sanctions, and even review and employ the required changes to the HR lifecycle.

To rise to its new role as the protector of SMCR compliance from the firm’s perspective, HR should be sure significant changes are embedded across the employee lifecycle. If they are created appropriately, they have the potential to produce a permanent and positive difference to how the firm is managed and run. This can possibly be obtained in two steps; by focusing then creating core HR processes fit for the Senior Managers & Certification Regime and after that supporting their business to welcome these changes.

The SMCR require that, in addition to making sure that the employee’s current background check is sufficiently effective, companies must develop processes and systems to store employees’ records for external scrutiny over a lengthy period. This is six years for all employees after they leave the organisation and ten years for senior managers due to the fully extended period of investigation and any bonus clawback. It also demands organisations to keep an audit trail of the actions taken if a breach of the conduct rules takes place and trail any disciplinary processes, outcomes and actions, all fitness and propriety reviews and any training delivered around the regime.

Ideally, the Certification Regime should be handled and managed the same way with checks that are exactly as robust and documentary evidence of duties, performance and decision making of all of those in a position of causing harm to the firm. Certificated and even non-certificated staff (excluding ancillary staff) are also required to follow the FCA Code of Conduct rules (COCON).

If a breach does arise, it is HR’s responsibility to demonstrate that appropriate record-keeping procedures and tools remain in place to flag any misconduct. Information should also be provided in a timely manner with internal stakeholders, including audit and compliance, and the regulator.

Currently, record-keeping is patchy across the financial services sector, with standards across businesses varying considerably. So, although the extent to which employee records may be shared is still being defined legally, companies need to see to it that their record-keeping processes and tools are embedded and reliable.

A breach will certainly cause one or several senior managers coming under scrutiny and potentially being suspended, impacting business as usual and raising the level of anxiety among staff and management. The HR function must be fully ready to address the human and the business impact concerning this.

From the employee’s standpoint, being under investigation may possibly be overwhelming and negatively impact a career and reputation, whether or not proven innocent. The obligation lays on the FCA to prove deception or incompetence, they will need to carry the burden of proof, but businesses should be very clear where responsibility lies for providing assistance to employees during an investigation and what form of support may possibly be offered. The firm’s management need to also update job descriptions to ensure an appointed individual is accountable for handling such events, and has obtained not only the appropriate training and coaching to do so effectively, but also the appropriate Management Information (MI) to make them aware of any issues.

Breach scenarios are a great way for you to see how your company would react if one developed. Designing tailored answers, and also creating a rapid response team that is trained to manage such events, could all be necessary actions.

The regime’s requirements mean businesses must have a performance review process that ensures their employees are ‘fit and proper’. Particularly, the process should assess fitness and propriety throughout the year, not just at an annual review. This is a good incentive for companies to examine their yearly performance review processes, and may lead to significant changes to how and when they evaluate their people, and integrate them with the necessary regime checks.

For senior managers, the focus of training should be on rolling out a corporate framework and adapted leadership development programme that allows them to evidence their ‘reasonable steps’ obligations. Ongoing stress tests and scenario analysis will definitely help senior managers make the appropriate improvements to their overall governance, controls and delegations as their business or functional units evolve within the company. This will make certain the correct training, decision making etc. is in place and raise any potential issues.

Tarnished by bad press and a catalogue of scandals, the financial services industry has been battling to attract needed talent.

The new regulations provide an unmissable opportunity to boost the reputation of the financial services industry as a whole, and the winners will be companies that have completely embraced and embedded the required changes to a degree that positively impacts their employer brand. Performed correctly, these changes could even improve public perception of the corporate brand.

Under SMCR, boosting a culture of compliance and risk management has become a required responsibility for the board and senior managers. A standardised and transparent operational risk framework is vital to these changes. As Tracey McDermott, the former Director of Enforcement and Financial crime at the FCA, said: “We are beginning to rebuild a culture within financial services that is more centred on consumer needs, with a regulator in place that has the right tools and approach, to uphold and encourage the standards the public has the right to expect.”

It’s likely that every financial services business is likely going to be individually assessed on culture by the regulators. They will determine if there are any improvements in areas for instance, individual accountability, remuneration, conduct rules and whistle-blowing, and whether senior management are showing the right values and behaviours. This will require a broad set of internal stakeholders from across the business to come together, incorporating those of different generations or rank, under the close sponsorship of board members. These stakeholders must work on identifying priority areas where improvements really need to happen, following through on changes developed to make accountability a core component of the business.

To overcome the challenges of SMCR and seize its great potential, organisations must begin by upskilling their HR, Compliance and Risk teams on all SMCR demands as early as possible to ensure that nothing falls into any cracks and to drive real and lasting change. Only by doing so can companies ensure regime compliance and, most critically, gain the organisation advantages and benefits that an increase in ownership and accountability will drive.

We have affordable and practical scalable software available that will centrally and securely manage each of these areas for you and reduce time wasted on keeping personalised, individual logs, review evidence, download and access “footprint” trails, that are often impossible with the average PC based systems and nested folders.

Senior Managers & Certification Regime https://wp.me/p7OMfd-2mj
SMCR: Client dealing function CF30 https://wp.me/p7OMfd-2n4
Head of Legal https://wp.me/p7OMfd-2mm
Systems & Controls https://wp.me/p7OMfd-2nb
SMCR: Intermediary revenue criteria for the enhanced tier https://wp.me/p7OMfd-2n7
SMCR: Limited Scope Firms https://wp.me/p7OMfd-2nd