One industry expert laid out this handy summary where tech can help with your compliance process:
TECH TOOLS TO FACILITATE SMCR COMPLIANCE
- A centralised repository of employees, their classification and responsibilities
- Repository of employee licenses and training
- Automated Employee/Manager risk scores
- Flexible scheduled attestation capability
- Integrated conflicts management capability
SOPHISTICATED WORKFLOW AND EASE OF USE
- Allows you to manage activities including notifications, reminders and escalations
- Onboarding workflows for new employees
- Makes it easy to manage remediation and ongoing issues
TRANSPARENCY AND CONTROL
- Enhanced Dashboards viewing the status of all activities
- Easy reporting for management and auditors
- Full audit trail of pending and completed activities
“Innovative technologies could also be used to develop more advanced or predictive management information to identify emerging trends or potential threats to good conduct. For example, it could be used to monitor and search staff communications for references to certain terms that may indicate rogue behaviour.”
“Part of the compliance is performance management processes that evaluate fitness and propriety of senior managers. This should be backed up by robust employee record-keeping processes and technology, as well as procedures to manage the impact of breaches and suspected breaches.”
The scale of the task is significant. Large amounts of new documentation will be required, and systems and processes will need to be updated.
Three common pitfalls have been identified: failing to develop a comprehensive view of accountabilities; failing to provide supportive management information, and failing to embed cultural change.
“To add further complexity, delegation of activities is common, particularly in large companies, resulting in overlaps and splits in responsibilities. Where a senior manager has delegated tasks to another senior manager, certified persons, normal staff or a governance body, that delegation of authority should be clearly defined.”
This delegation has significance when it comes to the management and protection of data, and the chain of responsibility for these checks and balances, and being accountable for the important updates needed at all times to keep all data secure.
“Time is running out, and Brexit preparations and regulatory fatigue has left progress delayed across too many firms in a way they simply cannot afford. Asset managers have known this was coming since July 2017, and as the rules do not vary significantly from what we saw introduced in banks, the Financial Conduct Authority is unlikely to have sympathy for any firm not ready on day one. The industry needs to take immediate action.”
Compliance with SMCR is a big task. This will be harder for the solo-FCA regulated companies coming into the extended regime because they do not have the benefit of familiarity with an existing regime similar to the SMCR.
More useful explanations and information on SMCR:
“What Is The Senior Managers And Certification Regime?
The new SMCR rules, which are also referred to as the ‘Accountability Regime’, were introduced for Banks, Building Societies, Credit Unions and Insurers in March 2016, replacing the existing Approved Persons Regime (APER), which was described by the Parliamentary Commission on Banking Standards as “failing” and being “too narrow”. SMCR was updated for Banks in July 2018.
SMCR is being extended to all regulated firms, from December 2019. There are three main features to the Senior Managers and Certification Regime. These are:
- The Senior Managers Regime
- The Certificate Regime
- The Conduct Rules
SMCR: THE SENIOR MANAGERS REGIME
Under SMCR Senior Managers will continue to require approval from FCA before they are appointed to their role.
Each senior person must have their role and responsibilities clearly defined and documented in a formal Statement of Responsibilities, which must be kept up-to-date and re-issued to FCA whenever it significantly changes.
FCA have defined specific ‘Senior Manager Functions’ and ‘Prescribed Responsibilities’ which must be allocated to appropriate Senior Managers.
For some Firms, there is a more rigorous set of requirements, called the ‘Enhanced Regime’, which obliges them to also create and maintain a ‘Management Responsibilities Map’ that clearly defines how the firm’s governance arrangements work, in practice. They must also ensure that a Senior Manager has ‘Overall Responsibility’ for all activities of their firm – in many firms this will be the CEO.
The Responsibility Maps and Statements of Responsibility (along with relevant supporting evidence) must be version controlled and retained as formal records by all firms, for as long as necessary.
SMCR: THE CERTIFICATION REGIME
Under SMCR the Certification Regime applies to all employees who play a role that can affect the firm and its customers in a negative way. Their roles are referred to as ‘Significant Harm Functions’ (SHF).
The FCA have defined the list of SHF’s, which will apply to a much larger group of people than the previous APER regime. The regulator will no longer approve these staff, instead the firm is obligated to ensure that they are annually assessed as Fit and Proper to act in their roles and to issue them with a Certificate, to that effect. A Senior Manager must be personally responsible for this obligation.
It is therefore critical for firms and individuals to ensure they understand the responsibilities associated with their positions. Organisations must ensure that these Certificates are renewed on at least an annual basis in order to remain compliant.
SMCR: THE CONDUCT RULES
The Conduct Rules under SMCR are principles designed to ensure a high standard of behaviour for all staff, and extend to all individuals in the regulated company, except for ancillary roles.
There are two tiers of Conduct Rules, Tier 1 applies to all staff, while Tier 2 applies to Senior Managers only. It is the responsibility of firms to ensure that their employees fully understand the Conduct Rules and receive specific training on how they apply to them. Any breaches of the Conduct Rules must be formally notified to FCA.”
Reference this link for more info on documentation needed: https://www.smcrcompliance.com/library/