Abi Olapade, Principal Consultant and Specialist in Regulatory Compliance, GFT
When I first considered the significance and impact that the Senior Management Regime (SMR) would have on banking standards, I immediately thought of the words of King Henry IV from Shakespeare’s Henry IV, Part II: “Uneasy lies the head that wears the crown”. Is there a more apt line to describe how many senior managers must now be feeling with the introduction of SMR?
SMR can be seen as a dramatic new step in banking regulation, with the onus on taking a more individually accountable approach. The devastating effects of the most recent financial crisis revealed a culture where many senior managers operated in an environment where there was a distinct lack of personal accountability. The result is that nearly 8 years after the financial crisis, which resulted in enormous global consequences, very few individuals have actually faced charges – a point which has resulted in understandable anger from both members of the public and politicians.
The introduction of SMR is about ensuring this never happens again in the UK.
SMR came into force on 7th March 2016, initially for UK banks (including incoming EEA and third country foreign branches), building societies, credit unions and PRA regulated investment firms. The regime will later be extended to cover all FSMA regulated firms by 2018.
The Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) are enforcing SMR alongside the Certificate Regime (CR) and associated Conduct Rules as part of the “Strengthening Accountability in Banking” policies, which aim to achieve consistent good conduct across the whole of the UK Financial Services industry.
Under the SMR, senior managers will have a statutory duty of responsibility to take reasonable steps to prevent regulatory breaches in their area of responsibility. Furthermore, each Senior Manager’s area of responsibility is to be made much more explicit.
With the regime now in force, senior managers should have been mapped to one or more of the 17 Senior Management Functions (SMFs) that have been defined. The specific responsibilities of each individual must have also been clearly described (ideally in 300 words or less) in a ‘Statement of Responsibility’. Firms are also expected to have produced overall ‘Management Responsibility Maps’ which describe the structure, size and complexity of the firm, including management and governance arrangements.
Under the accompanying Certification Regime, firms are required to have identified (but not register) non SMF individuals who are in a certified / material risk taking / significant harm function by the 7th March 2016 enforcement date. Firms are also expected to put procedures in place to assess the “fitness and proprietary” levels of these (as well as SMF) individuals. Firms had until 7th March 2017 to complete the initial assessments and will be required to perform these assessments on an annual basis going forward.
The SMR Conduct Rules set out a basic standard for behaviour which all those covered by the SMR and CR are expected to meet; firms are required to ensure that all identified SMR and CR individuals are made aware of the Conduct Rules, how they apply to them individually, and that they are subject to these rules from 7th March 2016 onwards. Similarly, non SMR / CR staff will need to be made aware of the Conduct Rules and the fact that they will be subject to these Conduct Rules from 7th March 2017.
It is easy to see why the SMR is causing a great deal of concern amongst senior managers throughout the City. The stakes have been raised with senior managers and key non-executive directors now at risk of receiving personal heavy fines or bans from the industry if they cannot show that they have taken reasonable steps to prevent wrongdoing and unethical behaviour within their areas of responsibility.
In an eleventh hour move, the government decided to replace the originally stated ‘reverse burden of proof’ with a ‘statutory duty of responsibility’ on individuals. This change has been seen by some critics as a government back track, such that in the case of any potential misconduct, the regulator (not the individual) will have to prove that the individual had not taken reasonable steps to ensure that the business was run properly. The regulator would need to show that in their area of responsibility, the individual had not implemented operating procedures and systems to comply with the relevant regulatory requirements.
Nevertheless, the SMR and any related enforcements are likely to be seen as feathers in UK Chancellor George Osborne’s cap of reforming Britain’s banking regulation, in order to help build a stronger and safer financial system. He is quoted as saying that the SMR is introducing “new rules that mean individuals working in UK firms face some of the toughest sanctions in the world.”
On this basis, I think it is safe to assume that it will not be too long before both enforcement regulators – the FCA and PRA – begin knocking on firm’s doors to assess their compliance to the new regime.
So what are the regulators likely to look for in an SMR assessment visit?
In addition to verifying that the organisational and governance structures required under SMR have been put in place, the focus is likely to be on evidence that senior managers in senior management functions have a true understanding of the overall risks relating to the area(s) that they are responsible for.
Senior managers need to actively demonstrate that they have their finger on the regulatory compliance pulse for their areas of responsibility and that they are fully aware and in control of all the regulatory risk and issues relating to these functional areas. The implementation status of related roadmaps, plans or steps required to mitigate or remediate any risks or issues (whether they are related to data, systems / technology or operational control activities) are things that regulators are likely to expect senior managers to have at their fingertips.
The ability to clearly and factually state an overall view of compliance to key regulations such as CFTC, EMIR, MIFID I, AMLD, BCBS239 and PSD is almost certainly something regulators will expect senior managers to have to hand.
Furthermore, Regulators are likely to expect senior managers to have a forward looking view and an awareness of incoming regulatory changes that may impact their areas of responsibility.
The ‘reverse burden of proof’ may have been abandoned, but senior managers need to consider how they can clearly demonstrate the monitoring and oversight of their specific areas of responsibility. A regulatory management tool will allow senior managers within firms to refute claims from regulators that appropriate governance and monitoring have not been taking place.
GFT has invested in creating such a tool, the GFT Regulatory Change Manager that can provide a regulatory overview for senior managers, which also helps them provide evidence and demonstrate accountability and compliance in response to questions from a regulator.
Fig 1- GFT Regulatory Change Manager: Example Compliance Oversight Senior Manager’s view
Fig 2 – GFT Regulatory Change Manager: Example Overall Responsibility Senior Manager’s view
Fig 3 – GFT Regulatory Change Manager: Example Compliance Oversight Senior Manager’s view (Functional)
When we consider the dramatic mistakes made in the past, firms and managers must now firmly understand the risks they are taking on a day-to-day basis; and be able to demonstrate that they are adequately managing those risks. SMR should be seen as a wakeup call to senior managers that regulators expect them to be doing this on an active – or more accurately – on a proactive basis. The ability to monitor their responsibilities using a regulatory management tool should help senior managers identify and take action to address any risks or issues as and when (or before) they arise.
Individuals working in UK financial services firms now face some of the toughest sanctions in the industry worldwide. If trust and confidence in UK financial services is to be restored such measures are necessary, but the increased pressure on senior managers should not be underestimated.
It is in some ways ironic that an industry which was once known for its high financial rewards to those who were willing to take high risks resulting in high returns (albeit with little or no accountability) is now turning into one where individuals (not just firms) will be accountable and potentially punished for any mistakes and for badly managed risk.
This paradigm shift in the industry highlights that it is absolutely essential that senior managers have the ability to easily demonstrate the steps and full audit trails relating to regulatory risks and issues at any point in time. SMR may be a UK regime, but individual accountability of senior managers in the industry is almost certainly a global phenomenon. Under these circumstances, senior managers within financial services firms in the UK and worldwide need to be equipped with adequate regulatory management tools.
If this can be achieved, then the crown can sit a little more comfortably on the heads of those who have been nominated to wear it.