Neil Vernon, Chief Technology Officer, Gresham UK
The Senior Managers Regime (SMR) is designed to embed personal accountability and professional standards into the UK banking and finance industry. Under the Regime, senior managers can be held accountable for any misconduct that falls within their areas of responsibility.
Assessed by the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA), a senior manager is defined as anyone ‘taking decisions or participating in the taking of decisions on how a firm’s affairs are run’. Within each organisation, a Statement of Responsibilities for every senior manager must be submitted for approval to the regulators, clearly mapping out their duties and obligations. Any senior manager who falls short of these duties, and whose negligence is found to contribute to a breach, faces prosecution – or in a worst case scenario, even jail time.
So what are the key challenges for banks and financial institutions in implementing this? There are a number of elements to consider:
- The Regime doesn’t just affect individuals. Banks and financial institutions will be duty bound to ensure they have procedures in place to vet the fitness and propriety of senior managers – and follow these up at least annually.
- It’s wide reaching. Even non-executive directors are affected, if they have specific responsibilities relating to a firm’s soundness.
- It’s a regulation of regulations. Non-compliance with any existing or new regulation can lead to prosecution, if the person in charge is unable to demonstrate that they took reasonable steps to avoid a breach. So all those new regulations over the next two to three years? It’s now in a senior manager’s personal interest to ensure their bank’s defences are watertight.
- It’s not an idle threat. Regulatory fines are on the up, more than half of FCA investigations now result in prosecutions and prison sentences are increasing. How enforceable SMR is remains to be seen, but waiting to see if the regulation has more bark than bite would be foolhardy.
- It poses a particular challenge around internal risk. How do you control what you’re unaware of? If unscrupulous employees are adept at keeping their activities off-radar, senior managers will have to add ‘detective’ to their new list of responsibilities.
- It doesn’t stop with the SMR. The new criminal charge of ‘Reckless misconduct resulting in the failure of a bank’ provides yet another source of worry for senior managers (a seven-year prison sentence sized worry), while new powers to retrieve bonuses awarded several years ago mean very few are able to entirely relax.
The only way for senior managers to make sure they’re safe is to put measures in place to drive out internal risk and ensure data integrity. But how can managers ensure data integrity for SMR?
Compliance requires a two-pronged approach; organisation-wide buy-in, and an infrastructure that mitigates risk. The first of these will be helped by the new Certification Regime and Conduct Rules that were set out in the Banking Reform Act 2013 alongside the Senior Managers Regime and also come into force on 7 March. Under the Certification Regime, staff who could pose a risk of significant harm to a bank or its customers by nature of their roles, will need to be carefully vetted.
The Conduct Rules meanwhile, set out a basic standard of behaviour for all bank employees. (Though banks have a further year in which to ensure all staff are aware of the Conduct Rules, anyone who falls within the SMR or the Certification Regime will need to comply from 7 March).
Whether communicating the potentially serious consequences of misconduct for senior managers will be enough to effect a compliant culture remains to be seen, but with the additional rules around conduct holding everyone to account, it’s certainly in the entire workforce’s interests to play by the rules. But of course, people are fallible, and this is where technology can step in. The most intuitive and agile data integrity platforms, like CTC from Gresham, shoulder the regulatory compliance burden.
With core regulation built into the platform, additional controls can be added quickly and efficiently at any time. Automated verification and validation of data remove the risk of human error (or unscrupulous behaviour), while data can be aggregated and reported on at any time. The result is a fully transparent integrity architecture, which assures compliance and removes internal risk. For senior managers falling under SMR, it’s a reason to sleep better at night.