Over the summer, the FCA published its review into the senior managers and certification regime (SM&CR) and how it has been implemented by the banking sector.
For all solo-regulated firms (including advice firms), SM&CR kicks in on 9 December 2019.
However, as SM&CR has been in place for the banking sector for three years, now marks a good opportunity to learn from what went well, what they got wrong and how the FCA will be looking at SM&CR in the future.
The main findings were that:
- Senior managers understood their responsibilities
- Most banks are still embedding SM&CR
- Some banks were unable to demonstrate the effectiveness of certification assessments
- Banks aren't tailoring conduct rules training to staff job roles
- There is insufficient evidence that banks have clearly mapped the conduct rules to their values
- Some banks were unable to explain what a conduct rule breach looks like or what to do when one occurs
- Some banks are not relying on regulatory references as part of their initial hiring.
So how can these findings be read across to advice businesses to help you better prepare?
Under SM&CR, senior managers must have a clear understanding of what their role is and what their responsibilities are.
To help you do this within your firm, we recommend creating a clear statement of responsibilities documents which sets out each senior manager role and what they have responsibility for.
The FCA found that banks couldn't demonstrate the effectiveness of the certification assessments. It also wasn't clear how banks were using the certification regime to evaluate their staff as competent.
Under the SM&CR, you need to make sure all staff are fit and proper to conduct their roles and annually certify them as such. In particular, you need to take into account whether the individual:
- Has obtained the required qualification/s (as applicable)
- Has undergone, or is undergoing, training
- Possesses a level of competence.
The FCA's review found that some banks were not reviewing or using regulatory references as part of their recruitment process.
SM&CR requires that the regulatory reference is completed in the templated format and must be received within six weeks of you requesting one.
The reference should cover the previous six years of an individual’s employment. As such, it's a useful tool to identify bad apples in your firm, not to mention warning other firms they are potentially hiring one.
This is a nuanced area and may represent a change to the way you have carried out references previously.
There are five tier one conduct rules which apply to all senior managers and certification staff from 9 December 2019.
For everyone else there is a 12-month transition period to 9 December 2020.
The rules are:
1) You must act with integrity.
2) You must act with due skill, care and diligence.
3) You must be open and co-operative with the FCA, the Prudential Regulation Authority (PRA) and other regulators.
4) You must pay due regard to the interests of customers and treat them fairly.
5) You must observe proper standards of market conduct.
These five rules should be engrained into a firm's culture. Training should also be carried out to make sure everyone understands these rules and how they apply to them.
There are also four tier two conduct rules which apply to all senior managers from 9 December 2019:
1) You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
2) You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.
3) You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.
4) You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.
A breach of the first set of conduct rules could be where an adviser fails to deal with a vulnerable client fairly, or where an adviser is acting contrary to the client's best interests.
Where an individual breaches the conduct rules, you must have processes in place to ensure this is reported to the FCA.
In particular, the breach should be reported where any disciplinary action has been taken.
For senior managers, this notification must be within seven business days. For other individuals, the notification has to be made every year.
What you should do now
As mentioned, SM&CR has been implemented for the banks already, and comes into effect for the rest of us on 9 December 2019.
By this time you need to make sure you have implemented the rules in your business.
In particular, you need to make sure that:
- All senior managers are trained on the new conduct rules
- You have completed criminal record checks on all senior managers
- You have created statements of responsibilities for all senior managers.
The FCA is set to increase its focus in this area.
We can expect to see a renewed regulatory focus towards the end of 2020/early 2021, when the FCA will be looking at how solo-regulated firms have implemented the rules.
After the 9 December 2020 deadline has passed to train all staff on conduct rules, it's likely that a further SM&CR review will then take place.