Effort is required but compliance will not be too big a jump if the right processes are in place.
With most regulation, a certain amount of interpretation of the rules is required, particularly in the absence of prescriptive guidance. This means firms can often go overboard, or not far enough.
Nowhere is this more apparent than in their preparation for the Senior Managers & Certification Regime. Indeed, we come across many misconceptions when helping firms with their compliance in this area. So, let’s break through some of the most common myths.
Myth 1: Senior managers will need to micromanage
There is a misconception with SM&CR that being accountable means senior managers having to get deep down into the weeds of a business function. Micromanagement of this sort can lead to tension in working relationships, not to mention duplication of work and effort.
The good news is that this is simply not required. If senior managers have access to meaningful, timely management information that reports on the risks they own, this should provide adequate confidence that those in positions of delegated responsibility can be relied upon.
However, note that senior managers should not rely just on compliance, risk or audit to provide MI. They should also have a reporting framework in place to prove that issues have been identified, appropriate decisions made and mitigating actions taken where necessary.
Myth 2: A job description is a statement of responsibility
In reality, the job description and statement of responsibility are two different things.
The job description is generally a statement that outlines the role specification, qualities and qualifications, experiences, skills or knowledge required, whereas the statement of responsibility details the key tasks – including areas of prescribed and overall responsibility and the individual’s position within the firm’s hierarchy – and provides clarification on reporting relationships and governance.
Both deliver an overview of the required role/person profile, but they should be separate and aligned.
For executive directors, their contribution to the board and executive committee should not be included as an overall responsibility in the statement of responsibility as it already forms part of the FCA’s description of the executive director senior management function. Instead, the statement of responsibility should detail the areas of the business they have responsibility for, such as sales, risk and audit.
Remember the regime is intended to be implemented in a proportional manner, and focus on those who perform significant harm functions
Myth 3: Non-executive directors are not included in the regime
Non-executive directors who are not chairs of committees are not directly captured under the SM&CR but will be subject to the conduct rules, fitness and propriety assessments and regulatory references/criminal records checks.
Those who do serve as chairs will have their obligations defined by the regulatory regime they are under. The requirement for a fitness and propriety assessment may also be part of another regime, such as Mifid II.
Myth 4: Junior staff need to be certified
Complying with the FCA’s expectations around senior management functions and certifying the appropriate individuals does not mean firms should go down to the lowest levels of an organisation. We’ve seen junior compliance staff being certified and it’s not necessary, nor is it what the regulator intended.
Remember the regime is intended to be implemented in a proportional manner, and focus on those who perform significant harm functions.
Myth 5: A live handover is not needed
While it may not be a requirement, unless you are an enhanced firm, it is still good practice to keep a live ‘handover’ document in the event someone should suddenly depart from the business.
The document should include details of key duties, any issues relating to that role, any outstanding matters and key risks, and whether there have been (or there is a future risk of) regulatory breaches. These should be prioritised for the incoming manager.
That said, be aware: a list of simple facts and figures is not useful – the exiting manager also needs to provide some clear opinion and judgement.
Myth 6: SM&CR doesn’t require much work
There are firms that have long since implemented SM&CR that are still refining the level of detail required for documentation. Firms should not underestimate the documentation and meeting minutes needed for demonstrating reasonable steps for compliance.
That said, SM&CR should not be an industrial jump if there are robust governance processes in place. The key to compliance is to understand it requires an iterative approach and there will be ongoing discussion between senior management functions regarding responsibilities.
We would recommend giving yourself reasonable time and remember that the solution has to work in to business as usual.
Don Scott is technical director at TCC