The countdown to the implementation of the FCA's Senior Managers and Certification Regime (SMCR) for all remaining FCA firms in December 2019 continues. And the FCA has published today, 5 August 2019, their findings from a so-called "stock-take" review into the embedding of the SMCR in the banking sector.
The SMCR was introduced for deposit-taking firms and dual-regulated investment firms (the banking sector) in March 2016, and by December 2019 will apply to all 52,000 or so firms which are authorised and regulated by the FCA.
The FCA points out that it has not conducted a "full implementation review" and will not be looking to make any policy changes as a result. But coming four months before the December 2019 implementation date, the timing of the review's publication is noteworthy. As is the implied promise of a full implementation review at some point down the line. I think this is a key takeaway from the report and something we need to keep in mind from here on.
The contents of the review also help give insight in to the FCA's thinking and expectations, especially for those who will be new to SMCR in a few months' time. And there's not much that surprises. It's the three "C"s:
(1) CULTURE
- For example, when discussing the concept of "reasonable steps" (the FCA expects senior managers to be able to demonstrate that they have taken reasonable steps to avoid a contravention from occurring or continuing), the FCA notes that some firms are having trouble understanding the concept. But, the FCA shies away from providing an exhaustive list. Instead, the FCA repeats that their expectation of senior managers is they "should be doing what they reasonably can to prevent misconduct...to think more broadly and to create an environment where the risk of misconduct is minimised, for example through nurturing healthy cultures." So that's clear.
However, the FCA notes that "firms have found it challenging to find appropriate ways of measuring culture and the effort to do so is continuing";
(2) CONDUCT
- When it comes to conduct, the FCA reports that "many firms were often unable to explain what a conduct breach looked like in the context of their business". The FCA then goes on to underline the importance of the conduct rules and that all staff are appropriately trained. The emphasis again in the review not being what the new regime means, but what it requires firms to do; and
(3) CONSEQUENCES
- Perhaps the most interesting section of the report looks at unintended consequences. For most firms the FCA looked at, the SMCR "did not lead to significant unintended consequences". But, "the unintended consequences that arose for a few firms were specific to their respective businesses". Not wishing to be pessimistic, but could it be that the firms reviewed (being large institutions) were structurally better prepared than the bulk of the 48,000 or so firms being affected in December? Time will tell.
The FCA admits that some firms had "a culture of fear during the early days of the regime. However, this has now largely dissipated". The FCA gives two reasons. Curiously, neither of them is that the FCA was conducting a review of the topic.
The FCA also points out that "there is evidence that processes and controls on approvals of new products and businesses have been tightened. This has potentially contributed to firms being more risk averse and considered around innovation initiatives." If this is indeed the case, this would be the FCA getting what it wants from its new accountability regime.
Finally, the FCA accepts that "most firms mentioned the additional staff and work required to administer the regime. However, this was seen by many as part of creating a robust governance environment within their firm". For smaller firms only looking at SMCR now, the question is how much work and how many staff will be required?
SMCR is coming. The FCA is ready. Are you?
#SMCRiscoming
https://www.fca.org.uk/publications/multi-firm-reviews/senior-managers-and-certification-regime-banking-stocktake-reportMany firms were often unable to explain what a conduct breach looked like in the context of their business.