Senior Managers & Certification Regime: 6 major challenges for firms

February 27, 2019 by Martin Lovick

As firms look to address the FCA’s Senior Managers and Certification Regime (“SM&CR” or "SMCR"), ahead of the December 9 deadline, we observe six common themes and challenges emerging from their project implementation:

1. Governance structure and culture

The Financial Conduct Authority disarmingly assure firms that SM&CR should not require them to change their governance structure or hire additional staff. At the same time, they repeatedly advise that SM&CR is above all a project that will require a change of culture to ensure that all staff understand where responsibility lies, and who will be held to account when something goes wrong (referred to by the FCA as “breaches”).

We agree that firms with robust governance structures are in a strong position to implement SM&CR. However, many firms, particularly those that have evolved from start-ups in recent years, may not have the formality and, therefore, certainty to ascribe responsibility in the way that SM&CR requires. Points to consider here are likely to include an internal structure chart, terms of reference, management information, and documenting the decisions of management bodies.

Easier said than done, though – the FCA is surely right to emphasise that the culture of firms implementing such processes will have to adapt.

2. Prescribed responsibility - collective or individual?

The new Senior Managers Regime aligns the new Prescribed Responsibilities closely with the concept of a Duty of Responsibility. Although the FCA accepts that the burden of proof lies with it in establishing that a Senior Manager did not take reasonable steps to prevent breaches, the emphasis on the individual is paramount. Each one of the Prescribed Responsibilities (4 at most firms) must be assigned to a single Senior Manager.

This represents a major challenge for firms used to operating under dual or collective responsibility frameworks – for example, between two or more owner-managers. The problem is likely to be exacerbated within partnerships where collective responsibility is enshrined within members’ agreements.

Many firms will need to take a good step backwards before determining where ultimate decision-making and oversight responsibilities lie. As with the governance question, the result may be an overall reconsideration of the firm’s senior management framework.

3. Documenting individual roles: Statements of Responsibility, job descriptions and employment contracts

The FCA places a lot of emphasis on written documents to evidence where key responsibilities lie. This aims to ensure transparency and clarity within firms, but the sub-text is to facilitate enforcement actions against individual Senior Managers when breaches occur.

The main focus is on the Statements of Responsibility (“SoR”) that must be provided for every person holding a Senior Manager Function. These documents must be clear and succinct and contain references to other documents. They must be kept up to date (e.g. to reflect any changes in responsibilities) and in future will have to be provided to the FCA as part of new applications for approval of Senior Managers. Writing these documents (which must be approved by the Senior Manager themselves) is expected to be one of the major challenges of SM&CR implementation.

A further challenge is to ensure consistency between the SoR and other legally-orientated documentation surrounding the role of the Senior Manager – including any job descriptions which may exist, as well as the employment contract or partnership agreement. Firms may well choose to employ external advisors to ensure harmony across these documents.

4. Fitness and Propriety assessments, regulatory references and criminal records checks

SM&CR demands that firms take a much more rigorous approach to the initial and annual assessment of Fitness and Propriety – a key component of both the Senior Managers and the Certification Regimes. Yet it is leaving it to firms (or perhaps industry bodies) to determine exactly how such an assessment is carried out.

The FCA has not expanded on the previous definition of Fit and Proper, which divides this into a) honesty, integrity and reputation; b) competence and capability; and c) financial soundness. Currently, many firms lean heavily on the Section 5 of the Form A (for FCA Approved Persons) for evidencing such checks, as alongside initial background screening and periodic attestations on a range of regulatory requirements.

SM&CR specifically focuses on the evidence to be collected for Senior Managers, notably Regulatory References and criminal records checks. Note that firms are required to take reasonable steps to obtain references from past employers over the previous six years, even where these fall outside the regulated sector. Many firms seem likely to expand both sets of requirements to their Certification staff or even wider this is a relatively easy solution for obtaining hard evidence to support the conclusion that a member of staff is Fit and Proper.

5. Record-keeping: aligning the requirements of Compliance, HR and Legal

Firms keep many kinds of records about individual members of staff, ranging from Compliance records about Approved Persons, HR payroll and attendance records, and Legal employment contracts.

SM&CR requires that such records are readily accessible across the firm (to the extent permissible under Privacy Policies). From Statements of Responsibility, to the assessment of Fitness and Propriety, as well as any records of disciplinary actions.

Aligning these records for consistency and multiple use will be a challenge for firms but those who do so successfully will be in a much better place to address requirements across the entire lifecycle of the individual employee.

6. Code of Conduct breaches and disciplinary processes

SM&CR does herald a greater focus on breaches and the reporting of breaches both at an individual and a firm level. At present, many firms will have only rudimentary procedures in place to address such events – perhaps in the Employee Handbook, as well as a Breaches Policy in the firm’s Compliance framework documents.

With breach reporting (within 7 days for Senior Managers, and an annual report via GABRIEL for all other Conduct Staff) now a fact of life, firms will need to review carefully their Policy and Procedures to determine:

a) what types of behaviour are covered; and

b) the process to investigate and determine follow-up actions.

How ACA can help

ACA offers SM&CR implementation planning and support services and solutions to help guide investment managers through this new regime, including open training courses.

For more information please contact Sam Reid or one of our SM&CR professionals at +44 (0) 20 7042 0560

About the Author

Martin Lovick's career in financial markets spans nearly four decades. He has worked for the regulatory compliance consultancy ACA Compliance for the past seven years. He supports a broad range of clients (including hedge fund and PE managers, brokers and market makers) in their FCA and EU compliance programmes. He has taken a lead role in developing ACA’s client resources to address new legislation, including MAR, MiFID II and SM&CR.

Before joining ACA, Martin ran his own market making firm for eighteen years, focussing on single stock options on LIFFE. During his earlier career, Martin progressed through roles in portfolio management and proprietary trading, becoming Director of Strategy Trading at UBS Philips and Drew.

Martin’s first degree was in Modern History at Oxford University. He also holds an MBA from Manchester Business School, the MSCI Diploma in Investment Compliance and the CFA Investment Management Certificate.