The Senior Managers & Certification Regime (SMCR) and Conduct Rules mark a new era for the UK’s beleaguered financial services industry.
The new regime is one of the most strict individual accountability codes throughout all industries, making executives open to fines, including jail, for failure within their oversight.
This is not only a “Compliance” thing, it is most undoubtedly an area wherein not only the board, executive committee and individual directors will need to understand what they are answerable for, but some other departments in the business as well.
The HR function must play a central role in dealing with the processes that underpin long-term compliance. In the past, the operation concentrated on three components parts of the employee lifecycle, attracting talent, managing employment issues whilst it is there and letting it go. But the SMCR means HR needs to make sure that employees are ‘fit and proper’, manage regulatory submissions, furnish a lot more detailed regulatory references, clarify employees’ roles and help map their responsibilities, manage breaches to the conduct rules and disciplinary sanctions, and also review and incorporate the required changes to the HR lifecycle.
To step up to its new role as the custodian of SMCR compliance from the firm’s perspective, HR should ensure significant changes are embedded all through the employee lifecycle. If they are delivered accurately, they have the potential to produce a permanent and positive difference to how the organisation is managed and driven. This can possibly be accomplished in 2 steps; by concentrating then ensuring core HR processes fit for the Senior Managers & Certification Regime and then supporting their company to accept these changes.
Step one: Develop your core HR processes fit for SMCR
Bulletproof record-keeping methods and technology
The SMCR require that, in addition to making certain the employee’s current background check is sufficiently durable, firms must establish processes and systems to store employees’ records for external scrutiny over a long period. This is 6 years for all employees after they leave the firm and 10 years for senior managers because of the fully extended period of investigation and any bonus clawback. It also requires business to keep an audit trail of the actions taken if a breach of the conduct rules transpires and trail any disciplinary processes, outcomes and actions, all fitness and propriety evaluations and any training delivered around the regime.
If possible, the Certification Regime should be addressed and managed similarly with checks that are just as robust and documentary evidence of roles, performance and decision making of all of those in a position of causing harm to the company. Certificated and even non-certificated staff (excluding ancillary staff) are also obligated to adhere to the FCA Code of Conduct rules (COCON).
If a breach does arise, it is HR’s responsibility to prove that appropriate record-keeping processes and tools remain in place to flag any misconduct. Information should also be shared in a timely manner with internal stakeholders, such as audit and compliance, and the regulator.
Currently, record-keeping is variable across the financial services sector, with standards across companies varying considerably. So, even though the extent to which employee records might be shared is still to be defined legally, organisations need to be sure their record-keeping processes and tools are embedded and foolproof.
Control breaches and suspected breaches
A breach will definitely lead to one or several senior managers coming under scrutiny and potentially being suspended, impacting business as usual and intensifying the level of anxiety among staff and management. The HR function must be totally ready to reply to the human and the business impact concerning this.
From the employee’s perspective, being under investigation can possibly be frustrating and negatively impact a career and reputation, whether or not proven innocent. The onus lays on the FCA to prove deception or incompetence, they have to carry the burden of proof, but companies should be crystal clear where responsibility lies for giving assistance to employees during an investigation and what type of support may possibly be offered. The business’s management need to also update job descriptions to make sure an appointed individual is responsible for taking care of such events, and has acquired not only the appropriate training and coaching to do so efficiently, but also the appropriate Management Information (MI) to make them aware of any issues.
Breach scenarios are a great way for you to see how your organisation would react if one occurred. Designing tailored answers, as well as creating a rapid response team that is trained to manage such events, could all be necessary activities.
Align performance management.
The regime’s requirements mean enterprises must have a performance review process that ensures their employees are ‘fit and proper’. Especially, the process should assess fitness and propriety throughout the year, not just at an annual review. This is a good incentive for companies to take stock of their yearly performance review processes, and may produce significant changes to how and when they evaluate their people, and integrate them with the necessary regime checks.
Train those at the top
For senior managers, the focus of training should be on rolling out a corporate framework and adapted leadership development programme that enables them to evidence their ‘reasonable steps’ obligations. Ongoing stress tests and scenario analysis will likely help senior managers make the appropriate improvements to their overall governance, controls and delegations as their business or functional units evolve within the business. This will make sure the correct training, decision making etc. is in place and raise any potential issues.
Step two: Support the firm’s culture and values
Attract talent and enhance the corporate brand
Tarnished by bad press and a catalogue of scandals, the financial services industry has been struggling to attract needed talent.
The new regulations provide an unmissable opportunity to improve the reputation of the financial services industry as a whole, and the winners will be organisations that have completely embraced and embedded the required changes to a degree that positively impacts their employer brand. Carried out correctly, these changes could even improve public perception of the corporate brand.
Under SMCR, encouraging a culture of compliance and risk
management has become a directed responsibility for the board and senior managers. A standardised and transparent operational risk framework is essential to these changes. As Tracey McDermott, the former Director of Enforcement and Financial crime at the FCA, said: “We are beginning to rebuild a culture within financial services that is more centred on consumer needs, with a regulator in place that has the right tools and approach, to uphold and encourage the standards the public has the right to expect.”
It’s likely that every financial services business is going to be individually assessed on culture by the regulators. They will determine if there are any improvements in areas like individual accountability, remuneration, conduct rules and whistle-blowing, and whether senior management are proving the right values and behaviours. This will require a broad set of internal stakeholders from across the business to come together, including those of different generations or rank, under the close sponsorship of board members. These stakeholders must pay attention to identifying priority areas where improvements really need to happen, following through on changes created to make accountability a core component of the company.
To overcome the challenges of SMCR and incorporate its great potential, organisations must begin by upskilling their HR, Compliance and Risk teams on all SMCR conditions as early as possible to see to it nothing falls into any cracks and to drive real and lasting change. Only by doing this can business ensure regime compliance and, most critically, gain the organisation advantages and benefits that an increase in ownership and accountability will drive.
We have inexpensive and practical scalable software available that will centrally and securely manage each of these areas for you and reduce time wasted on keeping personalised, individual logs, review evidence, download and access “footprint” trails, that are often impossible with the average PC based systems and nested folders.
To talk with one of our experts about how we can help your company respond to the SMCR, or adapting our skills to any industry or enterprise, contact us today.
Other Posts you ay find of interest
Lee Werrell Chartered FCSI
0207 097 1434.