By Chris Finney, Partner at Fox Williams.

Until December 9, 2019 the Senior Managers and Certification Regime (SMCR) only really applied to banks and insurers. Since then, it’s applied to 50,000 solo-regulated firms as well. From claims management companies, to fintechs, to dentists that offer consumer credit, a whole range of businesses now have to be keenly aware of the regime and their employees’ responsibilities under it.

The SMCR’s focus on placing responsibility on individuals within an organisation, rather than the organisation itself, represents a huge cultural shift for many organisations. This focus is not going to change. Yet the sheer number of firms added to the regime, coupled with the fact that many will be smaller or not see obeying financial regulation as their main concern, means a vast number of organisations do not realise they have to change the way they operate. Still more will be aware of the SMCR’s expansion, but unaware of the extent of preparation needed. When the main focus is on running and growing the business, rather than responding to every rule change that comes along, it’s perhaps understandable that so many firms still aren’t ready – and therefore in breach of the FCA’s new rules.

Auditioning for a new role

The greatest challenge for firms that have to comply with the SMCR for the first time, is that the regime doesn’t just place greater regulatory obligations on the business. It transfers some of the regulators’ responsibilities to the business as well.

For instance, the organisation has to put every employee into at least 1 of the 4 SMCR categories.

When that’s done, the organisation will know (for example) who its Senior Management Function holders and Certified Function Employees are. When it knows that, the organisation must:

1. Train almost every employee on the FCA Conduct Rules that apply to them;
2. Ask the FCA to approve its Senior Management Function holders, before they start work;
3. Approve the Certified Function Employees itself, before they can start work; and
4. Carry out an annual fitness and propriety assessment of every Senior Management Function Holder and every Certified Function Employee, before:
   1. Telling the FCA, if the organisation has any doubts about the fitness and propriety of a Senior Management Function holder, so the FCA can decide whether to stop a Senior Management Function holder doing his job (or not);
   2. Deciding whether the organisation can give its Certified Function Employees, a certificate or not. If the organisation gives a Certified Function Employee a certificate, he can do his job for up to another year. If the organisation can’t give a Certified Function Employee a certificate, the organisation must stop him doing his job, unless and until a certificate can be given – and that will be the start of a second nightmare for some firms. (The organisation has employed one person to do a job, it’s paying him to do that job, but it can’t let him do it. Now, it has to find someone else to do that job and pay them as well.)

The new regulatory referencing regime is a big change too. Before the SMCR, employers would usually only give a reference which confirmed the start and end dates of employment; salary and job title. And, if an employee was leaving in difficult circumstances, the reference might be agreed as part of a settlement. Each of these things is impossible now.

If a regulated firm is hiring a new employee for a Senior Management Function role, or a Certified Function Employee role, it must ask for 6 years’ worth of regulatory references. And, if a regulated firm is asked for a regulatory reference, it must give one. The result is that the new employer must ask, and the old employer must answer, a detailed list of prescribed questions. The policy objective is to make sure that every new employer knows, before it hires a new employee, if there is any reason to doubt the new employee’s fitness for the new role. This creates significant legal and regulatory risk for old and new employer alike. (The old employer has to get it right, or it will be sued for libel. And the new employer has to get it right as well, or there’s a risk of an employment law claim, as well or instead.)

As if that wasn’t enough, if something comes to light after the old employer has given the new employer a regulatory reference, the old employer must update the reference – and, depending on the update, the relevant individual might lose his job. So a problem in one job will follow an employee around the market, as they move from job to job. This makes sense from a regulator’s perspective. Every potential employer will know what you have and haven’t done. And, if you shouldn’t be working in the financial services industry, this will stop you. However, these changes create cost and risk for employers, and job security risks for employees. And these risks are already changing the job market: some employees are staying in jobs they would have left before now, if a regulatory reference wasn’t required; some employers are having to pay more to hire the people they need to do these jobs (if they can find someone who’s willing and able to do them); and other employers are turning good people away, for reasons that probably didn’t matter before (and might not really matter now).

The interview process is also changing. Some organisations are asking their potential employees to attend more, and more challenging, interviews than before – and some recruits are refusing, because they see this as reticence or a lack of commitment from their potential employee.

Cultural changes

To protect themselves and their employees, businesses need to understand how the SMCR has changed the job market; the role of the employee and the role of employer. They also need to understand the impact this is having, and will continue to have, on culture. The most important first step for some businesses is realising they don’t necessarily have what they need in-house to make these changes themselves. For some, there is a disappointing second and third step that others don’t have to take – and that’s realising that their compliance consultant and/or employment advisors are getting things wrong. We’re already seeing cases where firms that quite properly rely on compliance consultants for advice about new FCA developments, either haven’t been told about the SMCR (and haven’t therefore prepared for it), or they’ve been told about it – and wrongly advised that it doesn’t apply to them (and haven’t prepared for it either). We’ve also seen some cases, where the firm’s employment law advisors aren’t fully aware of the SMCR. So the firm’s given an agreed reference it shouldn’t have given, or unlawfully refused to answer the prescribed questions in a regulatory reference request.

Some of this is understandable. There are at least 6 different versions of the SMCR; and they’re complicated (to say the least). So mistakes are easily made. Mistakes are also expensive, and easily avoided if you choose experienced advisors.