Do your SM&CR arrangements stand up to scrutiny?

3 August 2017

It is now almost 18 months since the PRA and FCA implemented the Senior Insurance Managers Regime (for insurers) and the Senior Managers & Certification Regime (the SM&CR) for banks, building societies and other ‘dual-regulated firms’. It is fair to say that the ‘honeymoon’ period is over, and we are starting to see more instances of the regulators challenging firms who have not properly implemented the regime / not met the applicable requirements across both the PRA Rulebook and the FCA Handbook.

The regulators are clearly looking for opportunities to set some examples, by taking action against firms – and more pertinently the relevant Senior Manager Functions (SMFs) whose arrangements fall significantly below what is required under the new regime.

It is also clear that, whilst the high level requirements of the new regime are fairly easy to understand, the practical interpretation of some of the requirements can often be more subjective, and we have seen significant differences from one firm to the next in terms of e.g. who should be an SMF or a Certified Person, or what should be included within a Management Responsibilities Map.

The regulators expect that the key documentation relating to the new regime should evolve organically and also be periodically reviewed to ensure that it reflects any changes to the actual governance structure in place within a firm – something which has not always happened within some of the firms we have spoken to.

Finally, the regulators also expect that firms maintain robust and comprehensive records in relation to all aspects of the firm’s SM&CR processes, ranging from previous versions of Management Responsibility Maps and Individual Statements of Responsibilities to Handover Certificates and Regulatory References issued or received.

Firms should consider undertaking a review of their existing arrangements in relation to the SM&CR, to ensure they are complying with the regulatory requirements and that their SM&CR arrangements would stand up to scrutiny, should the PRA or FCA come knocking. This review should at a minimum consider:

  • Has the firm properly identified and allocated all relevant areas of responsibility within the business to an appropriate SMF?
  • Does the firm have the correct individuals approved as SMF (i.e. the person with ‘ultimate responsibility under the governing body, for XYZ)?
  • Does the Management Responsibilities Map contain all of the information required under the relevant PRA and FCA rules?
  • Do the Individual Statements of Responsibilities clearly set out exactly what the individual is responsible for?
  • Do the Management Responsibilities Map and the Individual Statements of Responsibilities fit together to form a complete and consistent picture of the governance framework within the firm? And have the most up-to-date versions been submitted to the regulators?
  • Has the firm put in place the necessary policies and procedures to underpin some of the more administrative elements of the regime (e.g. handover process, certification of fitness and propriety, conduct rule breach investigation and reporting, requesting or receiving regulatory references, etc.)?
  • Have staff at all levels within the organisation received appropriate training as required in the rules?

There are many ways to achieve the above, but ensuring that the firm properly meets all of the relevant PRA and FCA rules in relation to the SM&CR is not a simple task – and one that needs a certain amount of formality to provide sufficient assurance to all concerned, that the regulatory requirements are being adhered to.

It will take some time until there is an accepted view of what ‘good looks like’ in relation to SM&CR arrangements. In the meantime, the banking industry is waiting with ‘bated breath’ for the first instances of the PRA and FCA formally holding SMFs (and firms) to account for failures on their watch – this may take a little time, as PRA and FCA Enforcement action is rarely ‘swift’. But does anyone really want to risk being found to be deficient at this point in time?

Share this