Only hours before JWG’s Customer Data Management Group (CDMG) met on 23 February, an announcement was made that more than a third of firms that submitted their responsibilities under the Senior Managers Regime (SMR) had been rejected for technical reasons.
The UK FCA/PRA SMR passed its first major milestone for grandfathering on 8 February and will come into full effect on 7 March 2016. The SMR is replacing the Approved Persons Regime (governed by the FCA’s predecessor, the FSA, and which approved persons to perform controlled functions on behalf of a firm) will introduce new rules for accountability and responsibility of senior managers working for UK banks, branches, building societies and credit unions.
The three-layered approach, made up of the SMR, the certification regime and the conduct rules, and underpinned by the Financial Services Act 2013 (Banking Reform Act) will mean senior managers can be held to higher levels of accountability. More significantly, it allows regulators to bring criminal prosecutions against them in the event of an institutional failing and has led to many executives lying awake at night while HR, compliance and the in-house legal teams work overtime in order to be ready.
Bridging the gap
The SMR requires a number of steps to reach full compliance. The first covers the identification of staff, responsibilities and reporting lines. Secondly, firms will need to assign functions as categorised under the SMR final rules, and then assign and record responsibilities. The last part is ensuring that all these steps are recorded, stored and updated and that sufficient reports are filed in the event of a breach. And that’s just for the SMR – not the certification regime or application of the new conduct rules on staff.
The statement highlighted the issues encountered with the submissions, but there are still long term considerations and issues that will need to be resolved.
Whilst the majority of firms may not have had problems, they will still need to consider how to assign and monitor the responsibilities of those who hold senior functions over the long haul. Issues, such as cessation, sudden departures, role changes, new responsibilities introduced from new regulatory obligations, will all need to be addressed and the appropriate systems and controls designed to ensure smooth compliance in the future.
JWG analysis has established that, whilst firms are on the road to completing responsibilities for 7 March, they aren’t yet looking at the long term solutions, and are simply bridging the gaps with quick fixes.
Recording the whole firm
Increased levels of regulation are forcing firms to retain growing amounts of information. The SMR will require firms to map and record the organisational and employee structure of the firm, and all the responsibilities therein, and the records are required to be kept for 10 years. This is a huge amount of information given that this data is likely to change frequently.
Not only does this place firms in a position where they have to think carefully about how they record, store and retrieve the information, but they could also face conflicts with other regulations. At the moment, under MiFID II, record keeping is seven years … but then there is the elephant in the room … the General Data Protection Regulation (GDPR) and the right to erasure. This right and the disparity in the retention period for records between MiFID II and SMR are big differences that need to be settled before full implementation.
One of the key aspects and challenges of the current regulatory environment is change management. On many peoples’ priorities list will be the implementations of MiFID II, MAR/MAD, AMLD IV and more. Responsibilities will change, develop and increase as the level of regulatory obligations rises, resulting in the need for constant evolvement, mapping and recording of responsibilities – and someone needs oversee and govern this. This change process should take a two-pronged approach. Firstly, those who are responsible for the area that is impacted by the change should take the lead in ensuring the new responsibilities are mapped and included in the Statements of Responsibilities, (a requirement under the SMR). Secondly, there needs to be a more holistic overview to avoid crossover of responsibilities and to minimise gaps. Someone has to see the responsibilities of all senior managers right across the firm.
Will SMR reduce bad conduct?
Combining higher levels of accountability and the correct assignment of responsibilities should lead to a downturn in bad conduct. Senior managers will have to ensure that appropriate procedures and policies are in place, staff are vetted and validated on a recurring basis, ongoing monitoring is happening and that the preferred conduct within in a firm and towards clients is followed. If they fail, there could be repercussions – starting with disciplinary action and leading all the way to criminal prosecution should their negligence result in institutional failure.
However, if the regime is to be effective, it needs to be more than just paper-filling and box-ticking just to avoid blame. Institutions are made up of people and this needs to be a people exercise, where continuous monitoring and evaluation takes place.
Only time will tell whether it will be effective in improving good conduct.
There will be many difficulties and challenges to reach full compliance by 7 March. Firms may be tempted to develop a fast route, but long term plans need to be applied to adjust to new regulation, including record keeping and systems and controls to monitor maps, update responsibilities and reduce gaps. There will also be challenges from incoming regulations and these, too, will need to be overcome if regulatory implementation is to be efficient.