The new Senior Managers and Certification Regime (SM&CR) comes into force on 7 March for banks, building societies, credit unions and investment firms regulated by the Prudential Regulation Authority (PRA).
If you work in one of these sectors, do you know what the regime means for your firm? Do you still need to take action to make sure you’re ready? Here we look at what you need know before 7 March – and beyond – to ensure you’re compliant.
What is the Senior Managers and Certification Regime?
The SM&CR replaces the current Approved Persons Regime (APR) in the banking sector from 7 March 2016. Following the banking crisis of 2008-9, the Parliamentary Commission on Banking Standards (PCBS) investigated individual conduct and standards in banking. When the Commission published its report in 2013, it was very critical of the Approved Persons Regime; as a result, the SM&CR was brought in to replace it.
Who is impacted by the SM&CR?
The SM&CR has three aspects, each covering a different group of people:
- The Senior Managers’ Regime covers board members, the executive committee and any other managers who require regulatory pre-approval.
- The Certification Regime covers any ‘Significant Influencer Functions’ as well as any other staff judged to be able to cause ‘significant harm’ to the firm or its customers.
- The Conduct Rules, which apply to senior managers, certified staff and non-ancillary staff.
How does the SM&CR differ from the APR?
There are four key differences between the old Approved Persons Regime and the Senior Managers and Certification Regime:
- The SM&CR has a focus on the individual responsibility of senior management for compliance. Firms have to submit ‘robust documentation’ on the scope of senior managers’ responsibilities.
- There is a statutory requirement for senior managers to take reasonable steps to prevent regulatory breaches in their areas of responsibility.
- The SM&CR requires firms to certify as ‘fit and proper’ any individual who performs a function that could cause significant harm to the firm or its customers, both when they are recruited and on an annual basis thereafter.
- The regulators have a power to apply enforceable Rules of Conduct to ‘any individual who can impact their respective statutory objectives’. This is potentially a far wider group than was previously covered by the two regulators’ conduct rules.
How was the SM&CR changed by the Treasury’s October 2015 announcement?
Initially, the SM&CR planned for senior managers in financial services to have a ‘presumption of responsibility’ for compliance breaches within their firm. This would have required senior managers to evidence that they had ‘done the right thing’ if it emerged that their firm had failed to meet compliance standards.
In changes announced by Chancellor George Osborne in October 2015, this ‘presumption of responsibility’ has been replaced with a ‘duty of responsibility’ clause. This means that while senior managers need to take appropriate steps to prevent a regulatory breach, they will no longer be presumed responsible for any failings.
This was seen by some as a softening of the regulator’s approach, although the FCA and Bank of England rejected this, claiming that the change would make little difference in practice.
Andrew Bailey, chief executive of the Bank of England’s Prudential Regulation Authority – and who since the announcement has been named as the FCA’s new Chief Executive – said that ‘The introduction of the ‘duty of responsibility’ in place of the ‘presumption’ makes little difference to the substance of the new regime.’
What do you need to do to ensure you’re ready for 7 March?
The changes coming in on 7 March will have a number of implications for banks and other financial services firms covered by the SM&CR. Specifically:
- A much wider group of individuals will be subject to the new Code of Conduct. This therefore exposes a larger number of your employees to potential FCA or PRA enforcement action.
- You therefore need to ensure that your current processes comply with the Code of Conduct.
- You will need to consider whether affected staff need additional policies or training. Does everyone know what their responsibilities are?
What’s next after 7 March?
Another change announced in October 2015 was the extension of the SM&CR. Initially planned to cover only banks, building societies, credit unions and some investment firms, the regime will now cover all financial firms. All those not affected from 2016 will have to meet the SM&CR requirements by March 2018. Around 60,000 firms will eventually be covered, compared to the original expectation of just 1,500.
For firms in the banking sector, it’s imperative that you prepare for the SM&CR now. If there are still areas you have to address, time is running out to review your processes and upgrade them where needed.
For all other financial services firms, it’s never too early to start planning. March 2018 may seem a long way away, but if you have work to do in order to get your processes in shape, starting sooner rather than later is vital.
The introduction of the SM&CR is one example of the constantly evolving responsibilities of the compliance professional.
How can we help?