The Requirements of the Senior Managers & Certification Regime - A Reminder
The Financial Conduct Authority have recently published a stocktake report of the Senior Managers & Certification Regime in the banking sector. The Regime was introduced for banks over three years ago, so the review provides a useful exercise for firms about to join the Regime in December, affording a concise overview of some misunderstandings and potential improvements. Solo-regulated firms will also be reassured to find many positives within the review, with those interviewed, on the whole, confident in their understanding of the Regime and on its impact on the sector.
The FCA found that in most cases, banking firms did not take a tick-box approach and were instead focussed on embedding the Regime within firms, which supports the regulator’s aim that SM&CR should build and reinforce healthy cultures. Banking Senior Managers generally understood how the concept of accountability related to their day-to-day roles, and understood how they were accountable for their own actions.
The FCA reported some issues, mostly around a deeper understanding of some of the less easily defined concepts within SM&CR, and these items provide a useful opportunity for a reminder of the requirements of SM&CR.
Some Senior Managers were not clear about what ‘reasonable steps’ means, particularly in the context of their own roles. The FCA noted that this is part of the Duty of Responsibility, and that firms should be able to evidence that they have taken all ‘reasonable steps’ to prevent a breach or avoid a contravention continuing.
‘Reasonable steps’ is not defined by the FCA, but it is clear from the DEPP Manual that the regulator uses the term to describe a concept – the tasks performed by a Senior Manager to ensure that breaches do not occur or are contained if they do. The lack of definition is deliberate; the FCA do not prescribe how a Senior Manager undertakes their role, but recognises that each firm operates differently and so what may be considered ‘reasonable’ will vary from firm to firm. This necessary lack of precision means that in practice, Senior Managers should be fully aware of the elements of their own role, and any relevant regulator rules that affect their area of responsibility, so that they become aware of any issues and can make sure that issues are avoided or treated so that they don’t become breaches. DEPP does provide some assistance here, setting out that the FCA would take into account a number of considerations, including:
the role and responsibilities of the Manager,
whether they exercised reasonable care when considering the information,
whether they reached a reasonable conclusion,
the nature of the firm,
the knowledge the SM had or should have had, and
whether the SM took ‘reasonable steps’ to deal with issues in a timely manner, to ensure any delegation was to an appropriate person, and to ensure reporting lines were clear and operated effectively.
The list in DEPP 6.2.9-E is fairly long at 18 items, but does provide a useful sense of the expectations.
The FCA also found some issues within the Certification Regime, particularly where firms were not able to demonstrate the effectiveness of their assessment approach, their use of subjective judgement or how they ensure consistency across the certification population. SM&CR firms must ensure that any individual that works in a role that can have a significant impact on customers, the firm and/or market integrity are annually assessed on their ability to undertake their role, including whether they are qualified, trained and are competent, and must be certified annually.
A more minor issue for both Senior Managers and Certification staff was the quality and timeliness of regulatory references, and some differences in how much individual firms relied on the information contained within references. Firms should ensure that requests for regulatory references received from other firms are dealt with promptly, and contain all appropriate information, including any breaches of the conduct rules.
Finally, the review found that staff generally understood the conduct rules, however firms were often unable to explain what a conduct breach looked like in the context of their business. Solo-regulated firms should ensure that they have given sufficient thought as to how the conduct rules apply to their business and to the individual roles of their staff.
Firms state that initial fears have now dissipated, in part because of the work many firms have done to develop a healthy culture, and seeing the regulators work collaboratively to achieve positive outcomes.
Firms subject to, or gearing up for, the Senior Managers & Certification Regime will find our Conduct Rules Training courses particularly useful in light of the FCA's review. We also offer bespoke training courses, tailored specifically for your firm. Contact us for further details.