Need to know
- UK banking and insurance regulators are finalising plans to extend the Senior Managers & Certification Regime from around 900 firms to all 47,000 FCA-regulated firms.
- After an initial bedding down period, banks and their lawyers are braced for the first enforcement actions under the rule, which they say will test the SMCR’s efficacy.
- Banks already in scope of the rules, which were softened from initially harsher proposals, say recruitment is now harder for certain roles, such as CRO, head of compliance and money laundering reporting officer.
- Lobbyists complain buy-side firms will have little time to iron out issues around recruitment and legal risk before being forced to comply after the extension of the rules is finalised, likely before the end of 2018.
- Many firms warn they will face considerably higher HR costs associated with assessing and recording staff suitability, and will be exposed to legal action over errors.
- Operational risk managers have cautiously welcomed the regime, however; they argue it has made responsibility for risk taking clearer, and already brought tangible benefits such as fewer traders breaching their internal limits.
The financial crisis forced a tightening of rules around personal conduct and accountability for all senior bankers.
Drawn up against a background of public opprobrium, the Financial Services (Banking Reform) Act 2013 gave UK regulators tough new powers to hold banks and senior managers to account. The result was the Senior Managers Regime (SMR), which went live in March last year.
Since then, some 900 banks and deposit-taking institutions have been required to assign management responsibilities to around 3,000 named individuals, covering roles including chief executives, executive directors, and chief risk and compliance officers (see box: Them’s the rules). Eighteen months in, the Financial Conduct Authority is finalising plans for a major expansion of the scheme. A July consultation proposes the regime, now dubbed the Senior Managers and Certification Regime (SMCR), be extended to all 47,000 FCA-regulated entities.
Concerns have been raised over the burden the expansion will place on smaller firms. Sources at banks already in scope of the rules report major gripes about the regime’s impact – from recruitment difficulties for key functions, to uncertainty over what breaches should trigger a disciplinary action. Many banks grimly acknowledge it might take the first regulatory sanctions for breaches of the regime to better understand how it will be enforced in practice.
“Anecdotally, what is happening in those bigger banks is that they’ve started having lawyers present at every meeting where decisions are made. Whereas before, managers would meet and form a consensus… now they are much more careful to limit what they’re saying to their own area of responsibility. It means you’re having decision-making by lawyer. Don’t get me wrong, lawyers are wonderful people – but in a bank you want to be able to make decisions quickly and move on,” says Adrian Crawford, a partner at law firm Kingsley Napley in London.
Senior bank lobbyists say this was one of the problems flagged to regulators in the run-up to the regime, but that it largely fell on deaf ears. The PRA declined to comment for this article.
Top of the list of concerns for those currently in scope has been issues over recruitment for key roles – not surprising given the burden of personal liability that now falls onto senior individuals in certain roles. For the first time, the rules make a “reckless” decision that causes a bank to fail a criminal offence, carrying a maximum of seven years in prison and an unlimited fine.
“It has become more difficult in banking to recruit for the senior management positions – especially CEO, CRO, head of compliance and money laundering reporting officer. I’d expect it to be similar, if not more so, for smaller firms,” says one senior lobbyist at a UK trade body, himself a former regulator. “There is also some anecdotal evidence of juniorisation of roles – indeed, this was something the PRA noted in its feedback last year – with relatively inexperienced staff being put forward for senior management positions, so the real decision-makers avoid being on the hook. Rightly, the regulators were not impressed with that, as it circumvents the objective of the regime, which is to ensure the senior decision-makers are accountable for their actions and inactions.”
The SMR prompted lots of really interesting discussions within the boardrooms of firms about who, exactly, is responsible for whatPaul Fisher, Cambridge Institute for Sustainability Leadership
Others argue regulators’ watchfulness against this has prevented juniorisation from becoming endemic: “I don’t think the FCA or the PRA have got floppy ears,” says one observer. “I think they would recognise when that’s going on.”
It could have been worse still for senior managers: a controversial clause that would have placed the onus on senior managers to demonstrate they had taken all reasonable steps to prevent a contravention occurring was watered down at the eleventh hour before the rules were implemented, after some fierce lobbying from senior bankers.
Not all firms who find themselves newly in scope will be subject to the same level of stringent demands visited on the banks. Current proposals would see all firms regulated by the two bodies fall under the SMCR regulations, with the largest ‘enhanced firms’ following similar procedures to the banking sector, while less complex firms would operate under a simplified ‘core regime’. A third category of ‘limited scope’ firms – sole traders, limited permission consumer credit firms and energy market participants, among others – would fall under an ‘SMCR-light’ regime.
The challenge regulators set when introducing the SMR was to drive cultural change within the UK’s finance sector, says Paul Fisher, deputy head of the PRA until 2016 and now a senior associate at the Cambridge Institute for Sustainability Leadership.
He argues the SMR has already shown success on that front: “The SMR prompted lots of really interesting discussions within the boardrooms of firms about who, exactly, is responsible for what… I’ve seen no sign [of juniorisation],” he adds. “The SMR should have the opposite effect: clarity [about responsibilities] is a good thing.”
Some bank risk managers agree there is evidence the SMR is already helping to change behaviour for the better. Paul Berry, chief risk officer of Mizuho International in London, says the SMR has already contributed to a notable fall in the number of traders breaching their internally set risk limits.
“We’ve seen the number of breaches go down significantly over the last 18 months to two years,” said Berry, who was speaking at the OpRisk Europe conference in June. He partly attributed this development to traders’ greater awareness of the potential for reprimand under the SMR.
Knowledge that a conduct breach would be reported and could block your career is making people take noticeSarah Henchoz, Allen & Overy
“People welcome the fact there is more structure and process around what they’re doing,” says Sarah Henchoz, a partner in the employment practice of law firm Allen & Overy in London. “As people are living with the SMR, it’s more of a codification of what they should have already been doing, rather than requiring people to do more.”
Other benefits to date have perhaps been less tangible. Industry trade body UK Finance acknowledges the difficulties involved in assessing cultural change, but believes the extension of the rules, alongside the Certification Regime and the conduct rules, “will improve culture” in the sector, says a spokesperson.
“There are often explicit requirements in people’s contracts to have regard to the conduct rule,” and any breaches are required to be reported to the FCA, she adds. “That knowledge – that a conduct breach would be reported and could block your career – is making people take notice.”
Kingsley Napley’s Crawford adds: “If someone gets into a scrape, it can cast a shadow over their career for a long time. These references look back over a six-year period – or even end it.”
That legal risk under the SMCR cuts both ways, however. The regime also carries an increased risk of employment litigation for firms, lawyers note – something those finding themselves newly in scope should be aware of. Under the old Approved Persons Regime, the FCA had the final say in determining an individual’s fitness and propriety; now, the legal responsibility has shifted on to the firms themselves.
“If firms get a fitness and propriety assessment wrong – that is, they do not certify someone as fit and proper when they are – it’s possible the employee could bring a claim against the employer. They don’t have this option at the moment, because the regulator determines fitness and propriety,” says Christine Young, employment law partner at Herbert Smith Freehills.
One of the challenges, notes Kingsley Napley’s Crawford, is around how firms should treat an employee who leaves in the middle of a disciplinary process. “The guidance… suggests that what the employer comments on is properly verified fact, not supposition,” he says – suggesting that pending or unfinished disciplinary procedures do not necessarily need to be mentioned.
However, the pro forma reference firms are also obliged to provide asks if there is any additional information relevant to establishing whether the individual is a fit and proper person for his or her role, making it difficult to argue the case for leaving pending disciplinary actions out, Crawford adds.
The real test of the new regime, however, is likely to be when the FCA begins to take enforcement actions, believe observers. Ron Gould, chairman of regulatory software company Comply Sci, and a former senior adviser at the Financial Supervisory Authority, says he believes next year will see the FCA test its enforcement powers.
“The regulator has wanted to give people time to bed the SMCR down,” he says. “My guess is there will be enforcement actions in 2018, in conjunction with other regulatory breaches.”
Others believe the FCA may move sooner. “It is under considerable political pressure to make this work,” says Tony Woodcock, partner at law firm Stephenson Harwood. “The FCA is now undoubtedly looking, one year on, at how banks are applying the system.” He adds that what it is likely to particularly want assurance over are the systems and controls in place. “Are the systems strong enough that people of the appropriate calibre are being put forward?”
It’s not about enforcement: that would be a sign of failurePaul Fisher, Cambridge Institute for Sustainability Leadership
Fisher argues the success or otherwise of the regime shouldn’t be judged in terms of enforcement actions: “It’s not about enforcement: that would be a sign of failure.” But he adds that he expects prosecutions to be forthcoming. “If there aren’t any prosecutions, people will get lax.”
Another major challenge clients are facing, says Henchoz at Allen & Overy, is deciding whether a particular infraction represents a conduct rule breach. “We’re getting queries from clients who don’t want to [report breaches that could] destroy someone’s career, but also don’t want to put themselves in a position of risk because they haven’t taken a sufficiently robust line … In some areas, there are no hard and fast answers.”
She gives the example of sending client information to a personal email account. Some firms take a zero-tolerance approach, she says – meaning instant dismissal – while others would only consider it to be a conduct rule breach if there are compounding factors, such as evidence the individual has passed that data on, or has resigned and is planning to use it at a new employer.
Passing responsibility for certifying the suitability of large numbers of staff on an ongoing basis to employers has added to the administrative and human resources burden they face. These burdens are likely to concern the 47,000 additional firms likely to be subject the SMCR, following the conclusion of a consultation by the FCA and the PRA.
While there hasn’t been “huge opposition” among asset managers to the extension of SMCR, according to one senior buy-side lobbyist, “some firms might have argued the issues [which prompted the rules] were in the banking sector, rather than in asset management”.
Assuming the SMCR is extended as per the consultation – and observers do not expect the consultation process, concluding in November, to lead to material changes – it will bring a large number of new individuals into the regime.
As such, the application of the Conduct Rules is a major issue for smaller buy-side firms, the lobbyist notes. “Previously, the FCA hasn’t been able to enforce those against individuals … employees will want to know what it means for them, so the training aspect [will be important].”
By placing the onus on firms for vetting individuals they hire, the regulator is effectively asking employers to be more thorough, says Ben Blackett-Ord, chief executive of financial services regulatory consultancy Bovill.
“Whether that will work in practice is pretty questionable,” he says. “Large firms that are used to continuous regulatory scrutiny will get it right, but those firms that don’t think they’re under the regulatory spotlight may not devote the right resources to that process.”
Given that fund managers typically have fewer resources than banks, Crawford suspects some may comply “by template”, where a consensus is reached on job descriptions and the scope of various roles. “Fund managers will adopt that without trying to tailor them to their own business. They will make the business fit the template rather than the other way around to make it easier for themselves from a regulatory point of view.”
Additional reporting by Alina Haritonova and Tom Osborn
Them’s the rules
The SMCR comprises three main elements:
The Senior Managers Regime itself requires firms to draw up responsibility maps, allocating responsibility for 17 management functions to named individuals. Equally, senior managers – currently around 3,000 individuals across the City – are required to agree to statements delineating their areas of responsibility.
The Certification Regime covers individuals who aren’t senior managers, but whose jobs have an impact on clients, markets or the firm. This makes firms responsible for certifying, on an annual basis, that these individual are suitable to do their job – essentially transferring the responsibility from the regulator under the Approved Person Regime to regulated companies.
Finally, the Conduct Rules apply to almost all those working in financial services, and include basic requirements to act with integrity at all times and treat customers fairly.
To assess the regime, earlier this year the PRA carried out a thematic review of implementation at 22 banks and building societies, looking specifically at their production of management responsibility maps and the associated individual’s statements of responsibility. The review – circulated to senior executives but not been publicly released – concluded that overall the regime has had a positive impact on the industry, although it did acknowledge there were some areas where it could be improved.
Specifically, the review recommended the management responsibility maps could provide a clearer picture of the governance arrangements at regulated firms, to allow an ‘at-a-glance’ understanding of how management responsibilities are allocated, and clearer links between management statements and responsibility maps, according to individuals familiar with the review.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact email@example.com or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact firstname.lastname@example.org to find out more.
You are currently unable to copy this content. Please contact email@example.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email firstname.lastname@example.org
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email email@example.com
More on Operational risk
Investment banks: the future of risk control
This Risk.net survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control
Op risk outlook 2022: the legal perspective
Christoph Kurth, partner of the global financial institutions leadership team at Baker McKenzie, discusses the key themes emerging from Risk.net’s Top 10 op risks 2022 survey and how financial firms can better manage and mitigate the impact of…
Emerging trends in op risk
Karen Man, partner and member of the global financial institutions leadership team at Baker McKenzie, discusses emerging op risks in the wake of the Covid‑19 pandemic, a rise in cyber attacks, concerns around conduct and culture, and the complexities of…
Moving targets: the new rules of conduct risk
How are capital markets firms adapting their approaches to monitoring and managing conduct risk following the Covid‑19 pandemic? In a Risk.net webinar in association with NICE Actimize, the panel discusses changing regulatory requirements, the essentials…
Building resilience into ESG risk management
Risk and resilience continue to play an important role in the navigation of an increasingly uncertain world. Fusion Risk Management explores why it is equally crucial for technology to support organisations in addressing pertinent environmental, social…
Operational resilience: charting evolution, strengthening impact
Arming a business in preparation for robust operational resilience measures is not a one-step solution – it continues to evolve. The key to strengthening defences against all events – especially the unlikely but plausible – is to build business agility…
Operational resilience – Driving excellence and effective measurement in financial services
This webinar explores how to build resilience across an organisation, discussing actions and measures companies are currently taking to become more agile, adaptable and able to future-proof their business growth
Unlocking the potential of a firm-wide and systematic approach to operational resilience
This webinar explores best practices in response to regulatory policy and supervisory guidance, offering practical approaches to achieve a mature and robust operational resilience programme