The compliance teams of most UK-based asset managers and investment firms – including private equity fund managers and advisers – came back from their summer holidays with implementation of the Senior Managers and Certification Regime (SM&CR) close to the top of their “to-do” list. Banks and some other UK-authorised institutions have been subject to the SM&CR – the UK’s replacement for the Approved Persons regime – for around three years, but most other firms will be required to comply with large parts of the new regime from 9 December. That leaves less than three months. Given the length of time that firms have had to prepare, the regulator is not expected to have much sympathy for anyone who is not ready.
Firms are at different stages of their implementation, but for many there is still a lot to do. The FCA, the UK’s regulator, has been quite helpful, issuing detailed guidance and making clear that it does not expect firms to need to hire new staff or to reorganise. But there are some important decisions that firms need to take, some additional paperwork and internal procedures that will need to be put in place, and some staff training that the FCA will expect firms to carry out.
As regards the important decisions, selecting “Senior Managers” who will be personally accountable to the FCA for the responsibilities they undertake, and other staff who will need to be internally “certified” on an annual basis, is probably the trickiest. The FCA guidance leaves quite a lot of room for firms to exercise judgement, particularly in relation to the selection of senior managers. The internal structure of the firm, its existing approach to compliance, the appetite of board-level executives to be named as “senior managers” (or, perhaps, their preference for “safety in numbers”), may all play a part in this decision.
On the whole, the FCA expects a relatively small number of Senior Managers to be nominated, each with clearly defined responsibilities for the core aspects of the firm’s business – including, but certainly not limited to, compliance aspects. A key objective of the new regime is to improve individual accountability, especially at the top of the firm, and the FCA will certainly expect the principal decision-makers to be listed. Given that these Senior Managers will need to be approved by the FCA (unless they are grandfathered by virtue of their existing position as Approved Persons), these decisions need to be taken quickly and socialised within the firm, if that has not already happened.
In a number of firms with a US parent, some non-UK board members have already stepped down, partly reflecting the fact that the regime pre-supposes an autonomous UK firm, with each main board executive individually accountable to the FCA. Non-executive directors and Chairpersons have also seen increased responsibilities, with the FCA acknowledging that “the responsibilities of SMF [senior manager function] non-executive directors will often be considerable”, although in smaller firms non-executive directors are unlikely to be in scope.
On the other hand, the certification regime is effectively an outsourcing of the existing requirement for the FCA to approve other senior risk-takers in the firm as “fit and proper”. Firms will now need to do that themselves, both initially and on an annual basis, including by making background checks and taking references. These new procedures will need to be put in place (usually, no doubt, by the HR team if the firm has one), but defining who will be a certified person also requires some judgement – and this identification exercise must also be done by early December, although the actual procedures can wait a little longer.
Almost all staff will have to comply with new Conduct Rules, so they will have to be trained on those. The FCA expects that any training will be tailored, so that staff will know what a conduct breach looks like in the context of the firm’s business and values.
Over the summer the FCA published its findings of a review of the implementation of the SM&CR in banks and also published a 30-minute podcast focusing on the SM&CR’s role in creating a healthy culture. It is clear that the FCA regards the culture in regulated firms to be extremely important and expects that the SM&CR will lead to a culture change in some firms, reiterating the importance of “tone”, “ownership” and “setting a good example” at the top tier of governance. Whether that will be the case is not yet clear, but it is true that compliance heads will have to explain to their CEOs and board-level executives that their accountability for failings in the firm will almost certainly increase in just over two months’ time.