Turning the SM&CR into an opportunity for solo regulated firms
15 November 2019
In less than a month’s time, on 9 December 2019, the Senior Managers & Certification Regime (SM&CR) comes into effect for all remaining financial services firms. This completes the process following the banks and insurers which are already in the regime. How ready are solo regulated firms, whether Core, Enhanced or Limited scope, both to meet the compliance challenge and to embrace the wider opportunities this provides?
Firms will already have done much of the heavy lifting. For Core and Enhanced firms you will have allocated all relevant prescribed responsibilities to a Senior Manager (SM) who also has a personal Statement of Responsibilities. But whatever category of firm you lead or work in, as well as hitting the necessary compliance marks, this is an opportunity to think beyond the tick-box requirements and take a broader view of your firm’s culture and how it impacts your business. Take a step back and reflect on the wider changes that may be required to business and governance arrangements if they are to be fully compliant with the spirit of the SM&CR.
At least initially it will be the SMs who are most affected. What do your new Statements of Responsibilities mean in practice? Do they reflect what you actually do and are responsible for? Can you demonstrate that you take reasonable steps to mitigate risks - and as a firm, is this being done consistently?
For those people who will be SMs, there should be an increased sense of personal responsibility. This isn’t something to focus on only in case of potential regulatory interest, it is an opportunity to examine how effective your governance actually is in practice. After all, following the banking crisis there was a clear public expectation that SMs should be held to account when things go wrong. But if you can think about this holistically rather than personally, you can address this collectively as a management team and develop your SM&CR approach to work both for your firm and your customers. Are you ready for that challenge?
To test your readiness, have you identified and performed scenario testing to assess your firm’s responses when things go wrong? Suppose there’s been a data breach, or a whistle-blower has raised mis-selling concerns. What do you do in those circumstances, who speaks to whom and how do your decisions get recorded? The management information you receive may meet your internal corporate standards, but is it sufficiently granular and informative to give you personal comfort? Do you have controls in place and would they operate as expected?
SMs need to be prepared to take reasonable steps to prevent breaches of requirements in areas for which they are responsible. That doesn’t mean that nothing can ever be allowed to go wrong in the future, nor does it mean the SM is solely responsible if something does go wrong. The collective responsibility of the board or governing body remains relevant. But are you someone who keeps abreast of the risks in the areas for which you have responsibility, who is proactive about identifying development needs and upskilling, and who takes competent expert advice where necessary? It may sound like a tall order, but these types of characteristics are likely to help you to demonstrate reasonable steps.
As Alison Cottrell from the Banking Standards Board said: “A good organisational culture is about more than avoiding good people doing bad things; it is about equipping and enabling good people to do ever better things.” For example, leaders should not only set expectations but also live up to them visibly and consistently.
Changing systems and controls to meet the compliance challenge can be an important aspect of readiness. But what is also key is seeing the SM&CR as an opportunity for your firm to examine its own culture: how decisions are made and recorded and whether customers are at the heart of the business. Good SMs provide tone from the top and take staff with them on the journey. A healthy corporate culture makes staff feel that they are working for the common good. And that can only impact both your firm and your customers in a positive way.