The Senior Managers & Certification Regime (“SMCR”) has replaced the current Approved Persons regime of the FCA and will mark a paradigm shift in the UK financial services industry.
The SMCR is a regulatory framework for the conduct and responsibility of key personnel. It is an FCA/PRA regulation concerning governance and has two core aims:
- Encourage a culture where staff at all levels take personal responsibility for their actions; and
- Make sure firms and staff clearly understand and can demonstrate where responsibility lies.
The framework is being carried out in stages to replace the Approved Persons Regime and is in effect for major banks and insurance companies since March 2016. It was extended with continuing provisions to include all FCA-regulated financial services companies as of December 9, 2019.
The SMCR emerged from the global financial crisis to provide more prescriptive regulation of employee conduct and expertise, reduce harm to customers, and enhance the stability of the market.
Key Differences Between APR and The SMCR
Regulated firms will be familiar with the current regime (Approved Persons Regime – APR). People who perform ‘controlled functions’ at both senior and customer-facing levels need to be approved by the FCA before they start their roles.
Although many of the SMCR specifications are similar to those laid down in the APR, some of the improvements are significant.
Key changes for SMCR:
The APR already needs criminal record checks on potential senior managers to be carried out. This will also extend under SMCR to NEDs that are not senior managers where they already have a fitness requirement.
Staff need to be educated on the rules of conduct, and the job should be adapted to the training. Senior managers and qualified individuals will need to be trained by the new regime’s start date, while companies have 12 months to provide training to all other workers from the outset.
Regarding Solvency II remuneration purposes, companies will already have defined material risk-takers. The FCA and PRA have a list of qualification functions for each detail. The FCA has a broader definition of credential features than the PRA. Organisations need to be aware of the various meanings of significant harm feature for PRA and FCA.
When established, organisations will determine the suitability and appropriateness of accredited persons at recruitment as well as annually and issue a certificate. Organisations have a year to carry out the first tests from the start date.
What Businesses Are Affected By The SMCR?
The Senior Managers & Certification Regime (SMCR), implemented by the Financial Conduct Authority (FCA), has the potential to affect over 47,000 financial services companies in the UK.
Failure to comply could have significant implications for both individuals and organisations. SMCR is primarily applicable to the banking sector (though it now covers all FCA regulated firms) and has been implemented as a means of creating greater individual accountability for those employed within financial institutions. SMCR is expected to have a significant impact on regulated firms’ HR processes. As they become solely responsible for their staff, it will change the risks associated with those individuals working in senior management roles as well as the way their team and even the principles of the organisation, are handled.
SMCR for Financial Services, Banking Sector & Investment Firms
The expansion of the SMCR to all financial services firms–large investment firms, insurers and those participating in shadow banking– enhances personal responsibility for senior managers, and provides a more efficient and proportionate means of raising standards of conduct for key staff more generally, backed by comprehensive enforcement powers for regulators.
The expanded SMCR will have an impact on a complex and wide range of companies with different business models and systems of governance. The FCA has therefore suggested a proportionate and flexible approach; separating the criteria of SMCR into the categories ‘Bound,” Core’ and’ Enhanced.’
SMCR for Insurance Companies
On December 10 2018, the SMCR was extended to insurers to replace the Senior Insurance Managers Regime (SIMR) of the PRA and the Approved Persons Regime of the FCA. The extension ensures that insurers are subject to provisions of the SMCR that were not previously applied to them, such as the Certification Regime, handover procedures and the statutory liability obligation. Therefore, almost all insurance workers are now subject to the Conduct Rules.
SMCR for All FCA Regulated Firms
By extending the SMCR to all FSMA licenced firms, the FCA is transforming the individual accountability regime for firms as diverse as large asset managers, mortgage providers and investment firms through crowdfunding platforms, consumer credit firms and single traders.
To take into account the variations to scale, complexity and potential effect on customers or markets, the FCA has introduced a three-tiered structure that distinguishes between ‘core firms’ that will be subject to a standard set of SMCR requirements; ‘enhanced firms’ whose size, complexity and potential impact requires the implementation of additional requirements; and ‘limited scope’ firms that will be subject to a reduced set of requirements.
Under the SMCR “Fit & Proper” Rules apply to:
- Senior Managers
This covers anyone who undertakes a Senior Management Function. Each senior manager will have a Duty of Responsibility and a Statement of Responsibility, but there is no need for a responsibilities map or handover procedures.
- Certified Persons
This covers people who are not senior managers but whose job means they can cause significant harm to the firm or its customers. For example, algorithmic trading, client dealing, financial modelling etc.
- All Staff Under Conduct Rules
These basic rules apply to all employees except ancillary staff who do not perform a role-specific to financial services. There are five high-level obligations which apply to all, and an additional four duties for senior managers.
How Does the FCA Monitor Regulatory Compliance With The SMCR?
To assess the impact of the SMCR on a company and its employees, the first step is to decide whether the company is a Core, Enhanced or Limited Scope organisation. Many companies are going to be core firms. Identifying the existing roles and responsibilities of workers will be the next step. Then a company can map its setup to the SMCR specifications with this knowledge. The final piece in the puzzle is to address any discrepancies or issues that may occur.
The FCA can help with compliance monitoring and assurance to the board that the firm is operating within a compliant framework. Some of the services commonly provided include:
- initial risk assessment
- business development
- help with procedures
- file audits
- technical support
- training, and
- professional indemnity insurance (PII) cover
Achieving SMCR compliance
We believe that there are five key points that firms should remember when implementing their SMCR compliance plan:
- From the very beginning and throughout, include the human resources and legal departments in the implementation plan as the regulations influence the roles and responsibilities of all employees. This will help ensure that the specifications are integrated into the annual HR process, particularly when it comes to harmonising job descriptions.
- Implement processes and controls that are necessary. The rules of conduct extend to all employees (with the exception of ancillary staff) and are intended to improve individual behavioural standards. To do that, businesses need to have sufficient training and communication programmes so that workers are informed and trained on how the rules of conduct apply to them.
- Overcoming structural impediments as the law keeps senior managers responsible, ensuring they will have to resolve the organisational difficulties of supervising their staff and tracking their actions and activities more closely. Within SMCR, there is no shirking of accountability.
- Identifying accountability and determining who’s responsible for what takes time to work out. This also includes mapping and constant monitoring of employees’ roles. The role is often misunderstood because some of the duties assigned by the Senior Manager Regime need to be shared or broken together, more often than not, which takes time to decide, sign up and register.
- Finally, think about creating a reasonable steps framework to support compliance with the Senior Managers Regime by evidencing the reasonable steps they take in discharging their duties, monitoring delegations, and other aspects of their roles that require evidence. This way, if the FCA investigates an issue, the firm and the employee can quickly provide their evidence and hopefully avoid a drawn-out investigation.
What Defines A Regulatory Breach In Terms Of “Fit & Proper” Assessments?
FIT sets out a wide range of factors that the FCA will expect firms to take into account in their fitness and propriety assessments. Those factors are grouped as follows:
- honesty, integrity and reputation;
- competence and capability;
- financial soundness.
There are, as well, other rules that all firms need to follow. All firms must:
- Have a process that ensures annual re-certification of fitness and propriety of affected staff (whether as part of the firm’s usual annual appraisals or as a separate process);
- Ensure disciplinary procedures are updated or designed to ensure that any qualifying issue or incident is captured and that the firm follows the relevant process to notify the FCA;
- Ensure procedures (including recruitment procedures) are updated or created to ensure that the firm can comply with the requirement to provide information on disciplinary procedures, etc. where applicable, for regulatory references.
Any instance in which the above rules aren’t applied would constitute a Regulatory Breach in Terms Of “Fit & Proper”. In the context of the fit and proper test, this mentions’ sanctions for discrimination, harassment or sexual misconduct’ in the same sentence as ‘criminal conviction’, and also spells out the regulator’s view that sexual harassment and other forms of non-financial misconduct can amount to a breach of the FCA’s Conduct Rules including the requirement to act with integrity.
How are notifications of non-compliance made to the FCA?
If you think a firm or individual is involved in wrongdoing within an area the FCA regulates, and you want to report it confidentially, contact their whistleblowing team.
You can either use any existing procedures in your firm, or you can contact them:
- call: +44 (0)20 7066 9200 during office hours or leave a message
- email: email@example.com
- write to: Intelligence Department (Ref PIDA), Financial Conduct Authority, 12 Endeavour Square, London, E20 1JN
Contact the PRA for any wrongdoing related to prudential issues in a PRA-regulated firm.
What action can the FCA take?
The Financial Conduct Authority’s (FCA) enforcement powers include the right to impose a penalty on a company or individual and make a public statement. It also has the authority to investigate and take disciplinary action. Therefore, the FCA has the power to launch criminal proceedings.
Responsibilities Of Human Resources & SMCR Screening
There are numerous obligations and requirements under the SMCR, one of which is to ensure employees are fit and proper to conduct their role within the business.
At Vero, we are working with clients to advise how firms can use a robust employment screening policy to assess whether an individual can be considered ‘fit and proper to perform a role’ in the context of the SMCR.
The main component of the SMCR in relation to employee screening is the expectation that organisations will take appropriate steps to satisfy themselves that individuals and employees are ‘Fit and Proper’ to perform critical roles within the business. Conducting robust background screening checks is a crucial aspect of the ‘Fit and Proper’ assessment process as it enables clients to be confident:
a) the information they provide in applications for Senior Management Functions is accurate and truthful;
b) the screening of Certified Persons adequately meets their obligations to self-regulate.
The Human Resources department should be responsible for:
- Regulatory Compliance Through Effective Screening
- Mandatory Requirements
- Best Practice and Sector Benchmarking
- Operational Aspects Of SMCR Compliance
- Handling Employee References
- Screening Non-Executive Directors
- Form A Submissions
- Mirroring Checks Internationally
- Screening Employees Outside the UK Who Fall Under The SMCR
- Ongoing Monitoring
Our relationship with you and your employment candidates is underpinned by our open approach and robust processes. Every aspect of our service has been carefully designed to deliver a personalised, positive experience for business leaders, hiring managers and HR teams alike.
We are experts in employment screening and have been working as trusted partners to HR teams for over 20 years. With specialists in compliance, human resources, digital technology and more, our knowledge, expertise and in-house technology will protect you from risk, giving your candidates the best possible experience and ensuring you can have confidence in every appointment you make.
Our SMCR Screening Services include:
- Financial integrity (credit) checks
- Financial services register checks
- ID document checks
- SMCR regulated employment references – 6 years
- Professional qualifications checks
- UK criminal record checks
- Directorship searches
- Compliance database checks
- Adverse media searches
- Gap analysis
- Highest education