Abstract of glass building

Part three: food for thought – some key features of the SMCR

06 November 2018.

Having laid out the basic architecture under the SMCR, this final part of the series looks more closely at various elements of the new regime, which we consider particularly noteworthy and which give rise to specific issues to be addressed.

The “Directory”

One consequence of the SMCR is the reduction of information that will be stored on the FCA Register.

Currently, details of all individuals performing Controlled Functions are set out on the Register. However, under the SMCR, only Senior Managers will be on the Register. As such, the FCA opened consultation (CP18/19) on a new FCA “Directory”, in response both to reported requests from the industry for continued transparency of stakeholders in the industry1 and the growing feeling that the Register, in its current form, is not quite up to scratch2.

The Directory is proposed to be a public register which contains information on additional individuals carrying out a broad range of roles in the financial services industry. Entries will not just be Senior Managers, but will include financial advisers, traders, portfolio managers and Appointed Representatives (ie the Directory will extend beyond the SMCR).

In line with the culture of responsibility represented by the SMCR, and also mindful of the impracticality of the FCA being responsible for the Register but being reliant on firms to provide up to date information, firms will be responsible for keeping their information up to date on the Directory (and ultimately, this responsibility will rest with one specific Senior Manager).

The FCA wants to introduce the Directory in time for the first roll-out of the SMCR to Insurers, so comments have been invited until 5 October. However, firms will have the 12 month transitional periods noted above to ensure that their data on the Directory is complete.

Fitness and Propriety requirements; Regulatory references

Existing approved persons need to be adjudged to be “fit & proper”. Under the SMCR, firms will also be required to assess and monitor (at least once a year) the fitness and propriety of Senior Managers, Certified Persons and Non-Executive Directors. The test is familiar; but the evidence requirements are fuller, and include criminal records checks and regulatory references.

Firms will also have to request a reference from candidates’ past employers, and past employers will have to share specific information, set out in a standard FCA template. These “regulatory references” are intended to help firms make better-informed decisions about candidates, but also represent another cultural shift; this time in how the industry shares information about past personnel.

Details to be included in regulatory references include any disciplinary action taken due to breaches of the conduct rules and any findings that the person was not fit and proper. Equally, firms must disclose any other information relevant to assessing whether a candidate is fit and proper (eg, the number of upheld complaints), covering the previous six years (unless it relates to serious misconduct, in which case there is no time limit). Firms will need to use their judgment when considering what is relevant, on a case-by-case basis. And, importantly, firms will have to be careful not to enter into arrangements that conflict with their disclosure obligations. Firms will also need to update regulatory references where new, significant information comes to light.

This being the SMCR, responsibility for a firm’s compliance with its regulatory reference obligations will sit with a specific Senior Manager and that Senior Manager will be accountable for any failures. Practically, we would expect maintenance of personnel records in line with the SMCR, GDPR and general employment law requirements will be one of the technically most challenging and novel issues for firms. In particular, how will firms look to address the twin challenges of accurate references to ensure that perceived “bad apples” do not persist in the industry and navigating GDPR subject access requests without incident?

Responsibility maps

A responsibility map is a document that sets out a firm’s governance and management arrangements, and how responsibilities are allocated to individuals with the firm. Whilst only Enhanced firms are required to generate and maintain a responsibility map, it seems to us that all Core firms would also benefit from generating and maintain a responsibility map, and from doing so as an early part of their implementation of the SMCR.

Firstly, the responsibility map will help to clarify the firm’s structure and relationships in pictorial form. We envisage it would be based on a staff organogram, and would therefore enable a firm’s management to see reporting lines. If there are any dead-ends or errors, a responsibility map should show these up early in the process.

Secondly, maintaining the responsibility map will help with continuing obligations. Being able to see how changes in personnel and structure impact the map should help firms realise quickly and simply what forms of notifications and updates they may need to make. This will be particularly true for (the majority of) firms that operate a range of applications across a range of media and where changes made on one system or data-source do not automatically feed through to all the rest of the firm’s systems.

Thirdly, we would expect a responsibility map to be a standard part of operational due diligence requests to firms going forward, and being able to proactively provide one (appropriately redacted) may add value to early engagements with potentially key stakeholders.

Handover policies and procedures

Another requirement of Enhanced firms only, but likely to be of benefit for Core firms too (especially for business management and ODD purposes), is the requirement to have handover policies and procedures in place. The FCA wants Enhanced firms to ensure that outgoing Senior Managers provide incoming Senior Managers with all the information and materials they could reasonably expect to have in order to do their job effectively.

Impact of the SMCR on firms’ insurance arrangements

In addition to the obvious impact on firms’ regulatory filings, compliance and HR policies and internal documentation, firms should also be considering the impact of the SMCR on their insurance arrangements.

Firms would do well to keep an eye of the wording of their D&O and PI policies and look to understand what impact of the greater accountability of Senior Managers will have on any claims. Firms may need to make amendments to their insurance arrangements, and staff may also seek additional protection through firm insurance policies in light of the greater level of accountability. Even if firms are satisfied with their existing insurance arrangements for their own purposes, it would seem reasonable to expect investors to ask about these issues and to expect suitably reasoned responses.

Moving from being a Core firm to becoming an Enhanced firm

As firms change, Core firms may grow to meet the criteria of Enhanced firms. Mindful of the additional burden and infrastructure required of Enhanced firms, and such firms will have to carry on their business seamlessly, such firms have one year to comply with the additional requirements of being an Enhanced firm, running from the date the firm meets the Enhanced firm criteria. 

1. In other words, people like to be able to search the Register.

2. For example, the FCA’s chastisement by the Complaints Commissioner who, in a report published 3 July, decided that a consumer’s loss was facilitated by the FCA’s “woefully” inaccurate register, which had not been updated for four years despite the FCA having information to show that the firm directly responsible for the loss was not trading. Having previously denied responsibility, the FCA announced (also 3 July) it would make a payment to the consumer of £22,137.50 (50% of their loss), in addition to the £150 the FCA had initially offered. See here.