Making the most of IT for SMCR compliance success
In the financial adviser and services sector, a roll out is already underway with SMCR compliance (Senior Managers and Certification Regime) – the banking sector has adopted this regulation that replaces the Approved Persons Regime. Now it is the turn of solo-regulated companies to comply with the regime in time for the 9th of December 2019.
Under this new regime, senior individuals performing key roles need FCA approval before starting work and receive a ‘statement of responsibilities’ that clearly says what they are responsible and accountable for.
The scope of SMCR will be vast – when extended the regulation will capture roughly 47,000 additional financial services firms and 200,000 individuals.
SMCR is being enforced by the UK regulator, but the regime is borderless. It is all about individual accountability and so both UK and international staff, who take on risk in behalf of the UK business, will need to understand and account for their new roles and responsibilities.
Advisers are urged to review record keeping ahead of rule change
Advisers should review their record keeping processes ahead of the implementation of the Senior Managers and Certification Regime later this year, and ensure your action plan on implementing SMCR is tight and that record keeping in particular complies with the new rules.
A comprehensive view is essential
An accurate understanding of management responsibilities is central to implementing the SMCR.
Who is responsible for IT, data protection and compliance also falls into this view, and it is essential to map out all business governance, procedures, and lines of responsibility, which include information technology and cyber security responsibility – especially with GDPR regulation and the critical need for data protection.
How IT can help with this
The ability for firms to operate within an increased scope of scrutiny requires a new level of operational agility. Technology can facilitate compliance by making it easier for firms to monitor, analyse and manage conduct.
“Leveraging today’s technology, firms can more easily integrate and share conduct-related data, including regulatory notices and staff certifications. With dashboards to centrally view the status of conduct surveillance activities, including escalations and remediation of open cases, these platforms increase transparency.”
To facilitate compliance, having tight IT processes, procedures, device management, secure back up, and fast disaster recovery in place contributes to the essential governance, increased culture of integrity and sound conduct of your business. Not only do you successfully comply with regulations but you also gain enhanced trust of your current and future clients, knowing that they are with a ‘safe pair of hands.’
As a dedicated IT provider who specialises in providing Managed IT Services for the IFA sector, we can assist you with all of these integral IT infrastructures, which include cloud computing, file record-keeping and file sharing with ITSOL Files and IT Glue, amongst others.
In addition, make sure you have a sturdy Back Office system, with an easy-to-use dashboard and that can be accessed from anywhere, at any time. Again, we specialise in working with IFA businesses to provide remote hosting; including giving new life to the many companies who still make use of Adviser Office by moving this to the cloud with the benefit of moneyinfo’s up-to-date dashboard and front-end package.
One industry expert laid out this handy summary where tech can help with your compliance process:
TECH TOOLS TO FACILITATE SMCR COMPLIANCE
- A centralised repository of employees, their classification and responsibilities
- Repository of employee licenses and training
- Automated Employee/Manager risk scores
- Flexible scheduled attestation capability
- Integrated conflicts management capability
SOPHISTICATED WORKFLOW AND EASE OF USE
- Allows you to manage activities including notifications, reminders and escalations
- Onboarding workflows for new employees
- Makes it easy to manage remediation and ongoing issues
TRANSPARENCY AND CONTROL
- Enhanced Dashboards viewing the status of all activities
- Easy reporting for management and auditors
- Full audit trail of pending and completed activities
“Innovative technologies could also be used to develop more advanced or predictive management information to identify emerging trends or potential threats to good conduct. For example, it could be used to monitor and search staff communications for references to certain terms that may indicate rogue behaviour.”
“Part of the compliance is performance management processes that evaluate fitness and propriety of senior managers. This should be backed up by robust employee record-keeping processes and technology, as well as procedures to manage the impact of breaches and suspected breaches.”
The scale of the task is significant. Large amounts of new documentation will be required, and systems and processes will need to be updated.
Three common pitfalls have been identified: failing to develop a comprehensive view of accountabilities; failing to provide supportive management information, and failing to embed cultural change.
“To add further complexity, delegation of activities is common, particularly in large companies, resulting in overlaps and splits in responsibilities. Where a senior manager has delegated tasks to another senior manager, certified persons, normal staff or a governance body, that delegation of authority should be clearly defined.”
This delegation has significance when it comes to the management and protection of data, and the chain of responsibility for these checks and balances, and being accountable for the important updates needed at all times to keep all data secure.
“Time is running out, and Brexit preparations and regulatory fatigue has left progress delayed across too many firms in a way they simply cannot afford. Asset managers have known this was coming since July 2017, and as the rules do not vary significantly from what we saw introduced in banks, the Financial Conduct Authority is unlikely to have sympathy for any firm not ready on day one. The industry needs to take immediate action.”
Compliance with SMCR is a big task. This will be harder for the solo-FCA regulated companies coming into the extended regime because they do not have the benefit of familiarity with an existing regime similar to the SMCR.
More useful explanations and information on SMCR:
“What Is The Senior Managers And Certification Regime?
The new SMCR rules, which are also referred to as the ‘Accountability Regime’, were introduced for Banks, Building Societies, Credit Unions and Insurers in March 2016, replacing the existing Approved Persons Regime (APER), which was described by the Parliamentary Commission on Banking Standards as “failing” and being “too narrow”. SMCR was updated for Banks in July 2018.
SMCR is being extended to all regulated firms, from December 2019. There are three main features to the Senior Managers and Certification Regime. These are:
- The Senior Managers Regime
- The Certificate Regime
- The Conduct Rules
SMCR: THE SENIOR MANAGERS REGIME
Under SMCR Senior Managers will continue to require approval from FCA before they are appointed to their role.
Each senior person must have their role and responsibilities clearly defined and documented in a formal Statement of Responsibilities, which must be kept up-to-date and re-issued to FCA whenever it significantly changes.
FCA have defined specific ‘Senior Manager Functions’ and ‘Prescribed Responsibilities’ which must be allocated to appropriate Senior Managers.
For some Firms, there is a more rigorous set of requirements, called the ‘Enhanced Regime’, which obliges them to also create and maintain a ‘Management Responsibilities Map’ that clearly defines how the firm’s governance arrangements work, in practice. They must also ensure that a Senior Manager has ‘Overall Responsibility’ for all activities of their firm – in many firms this will be the CEO.
The Responsibility Maps and Statements of Responsibility (along with relevant supporting evidence) must be version controlled and retained as formal records by all firms, for as long as necessary.
SMCR: THE CERTIFICATION REGIME
Under SMCR the Certification Regime applies to all employees who play a role that can affect the firm and its customers in a negative way. Their roles are referred to as ‘Significant Harm Functions’ (SHF).
The FCA have defined the list of SHF’s, which will apply to a much larger group of people than the previous APER regime. The regulator will no longer approve these staff, instead the firm is obligated to ensure that they are annually assessed as Fit and Proper to act in their roles and to issue them with a Certificate, to that effect. A Senior Manager must be personally responsible for this obligation.
It is therefore critical for firms and individuals to ensure they understand the responsibilities associated with their positions. Organisations must ensure that these Certificates are renewed on at least an annual basis in order to remain compliant.
SMCR: THE CONDUCT RULES
The Conduct Rules under SMCR are principles designed to ensure a high standard of behaviour for all staff, and extend to all individuals in the regulated company, except for ancillary roles.
There are two tiers of Conduct Rules, Tier 1 applies to all staff, while Tier 2 applies to Senior Managers only. It is the responsibility of firms to ensure that their employees fully understand the Conduct Rules and receive specific training on how they apply to them. Any breaches of the Conduct Rules must be formally notified to FCA.”
Reference this link for more info on documentation needed: https://www.smcrcompliance.com/library/