Senior Managers Regime and other regulatory changes – Article for CityWire
02 / 08 / 2018
This article was already published by CityWire.
The FCA is currently consulting on the extension of the Senior Managers, Certification and Conduct Rules regime (“SMCR”) to all authorised firms operating in the financial services sector.
The SMCR regime was brought in with the aim of imposing real legal responsibility on individuals. It was initially applied to banks, building societies, credit unions and Prudential Regulation Authority (“PRA”) regulated investment firms from 7th March 2016, but will now be extended to other financial firms, including Independent Financial Advisers (“IFAs”).
Draft rules are expected to be published later this year with a view to implementation in 2018.
Owners of IFA firms and networks may be taking false comfort from Financial Conduct Authority (“FCA”) statements that the rules will be applied subject to the principle of proportionality. The use of the word “proportionality” implies that a “SMCR-lite” regime will be available for smaller firms and that this would result in a lower impact for IFAs.
However, the implementation of SMCR needs to be viewed in context of the broader regulatory and strategic environment.
SMCR is being brought in hot on the heels of implementation of the Markets in Financial Instruments Directive and Markets in Financial Instruments regulation (“MIFID II”) – on 3rd January 2018 – and also around the time that firms will be grappling with the General Data Protection Regulation (“GPDR”) – to be implemented by 25th May 2018.
MIFID II is an extensive regulatory regime covering investor protection, evidencing best execution, payment for research, transaction monitoring and reporting, conflicts of interest and inducements, conduct of business obligations in the provision of investment services, product governance and suitability, organisational requirements for investment firms and costs and fee disclosures.
Product governance and suitability are a particular area of focus for IFAs.
GPDR extends the scope of EU data protection law to all foreign companies processing personal data of EU residents, harmonises EU states’ data protection laws and significantly increases penalties for non-compliance.
IFAs hold sensitive personal data and will need to review their data protection policies and procedures as well as security.
Together, MIFID II, GPDR and SMCR will affect people, processes, products and systems – the whole of a firm’s operations will be impacted within a relatively short timeframe.
The key components of SMCR are as follows:
- all senior manager appointments or role changes require regulatory pre-approval;
- firms must demonstrate that they have effective overall governance and management arrangements via a responsibilities map and responsibilities statements;
- a statutory duty of responsibility is imposed on senior managers to ensure that they take reasonable steps to prevent regulatory breaches for the areas in which they are responsible;
- all staff undertaking significant harm functions (whether or not senior managers) must be certified as fit and proper on joining and annually thereafter; and
- actual or suspected breaches of the conduct rules by senior managers must be notified by a firm within seven business days. Actual or suspected breaches by other staff members must be reported annually.
Implementation of SMCR will require detailed analysis and documentation of the firm’s governance and management structures and outsourced arrangements. It presents an opportunity to re-evaluate and refine roles and responsibilities. Early planning and engagement by the firm’s management will be essential, as will training for individual senior managers. Firms will also have to establish effective processes and documentation for certifying that relevant staff satisfy the fit and proper test.
Given the timing and breadth of the combination of the changes brought in by MIFID II, SMCR and GDPR, firms have the opportunity to take a strategic approach to implementation, assessing the viability of their business model and management structures and the overall impact of cultural change.