SMCR a year on – can you demonstrate ‘reasonable steps’?

AML AND COUNTERING THE FINANCING OF TERRORISM NATIONAL PRIORITIES

This time last year many of us were busy finalising SMCR arrangements; signing Statements of Responsibilities, issuing certificates, putting a process in place for regulatory references – the list goes on. The dust has settled and – Covid-19 aside – we’re business as usual.

Now is the time to step back and ask whether there really is greater individual accountability for the senior managers running our firms. This is about more than the documentation that was the focus in 2019; it is about culture, integrity and behaviour.

A key component of the Senior Managers and Certification Regime is that Senior Managers have a duty of responsibility under UK law. This means that if a firm breaches an FCA requirement, the Senior Manager responsible for that area could be held accountable if they didn’t take reasonable steps to stop the breach. By giving Senior Management Functions – or SMFs – ‘skin in the game’, the FCA expects that industry behaviour will improve. So, what can you do to demonstrate that you are taking reasonable steps?

What is a Senior Manager required to do under SMCR?

“Take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively”

This is a broad requirement. What does it mean in practice? As an SMF you need to make sure that the degree of control and monitoring of the business matches your firm’s strategy and risk appetite. For example, you need to assess the potential risks of expanding or restructuring the business and make sure the control environment keeps pace.

You need to monitor the governance, operational and risk management arrangements in place for the activities for which you are responsible. Are you aware of particularly profitable clients, unusual transactions, or high revenue earners; are you asking the right questions about these?

You must establish clear reporting lines, make sure these are clear to staff and that they operate effectively. You need to satisfy yourself that there are effective procedures for reviewing the competence, knowledge, skills and performance of each individual member of staff in your area. And you need to make sure there is an orderly transition and handover when you (or SMFs under your oversight) change roles.

“Take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system”

This is about making sure that all staff are aware of the importance of compliance. As an SMF, you do not need to put in place the systems and controls yourself (unless it is within your role and responsibilities), but you do need to ensure that the business areas for which you are responsible, have procedures with well-defined steps for complying with the relevant regulatory standards. Further, where you become aware of actual or suspected breaches within your area of responsibility, you need to make sure these are dealt with promptly and appropriately, including an adequate investigation where necessary. Where independent reviews of systems are undertaken, you should ensure that reasonable recommendations are implemented in a timely manner.

“Take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively”

You can delegate the implementation of a decision or the management of an issue to others. But you are still accountable for delivery. This means you need to be sure that whoever you delegate to has the competence, knowledge, skill and time to deal with the issue. You also need to oversee the discharge of delegated tasks, including questioning reports where necessary and challenging slow progress or implausible explanations.

Where there is collective decision-making which affects activities for which you are responsible, you need to be fully informed before taking part in the decision – you will not be able to fall back on the collective decision-making card.

“Disclose appropriately any information of which the FCA would reasonably expect notice”

As an SMF you are likely to have access to greater amounts of information of potential regulatory importance. The FCA expects you to have the expertise to recognise the information they would want to know about and that you inform them in a timely manner. If you think that the information falls within the scope of another SMF in your firm, don’t disregard it; rather you should speak to the relevant SMF to make sure they are dealing with the matter appropriately and have considered disclosure to the FCA.

Fostering a culture of accountability

Ultimately, the FCA expects Senior Managers to be conscientious, vigilant, asking questions, and only acting beyond expertise with competent expert advice. If you haven’t already, now is the time to double check your Statements of Responsibilities are fit for purpose, train SMFs on reasonable steps, and get advice on areas where you feel exposed, for example delegation, reporting lines, or systems and controls.

As the anniversary of SMCR approaches, so does the end of the Brexit transition period, which will bring with it a host of regulatory matters to think about. It will be important for companies to have in place a leadership that is confident of their responsibilities and a culture which fosters individual accountability to steer them through this turbulent time.

Menu