The term ‘SM&CR – The Senior Managers and Certification Regime’ is probably well on your radar. However, how well do you feel you understand the requirements for SM&CR?
Since the FCA published their near-final rules in July 2018 we at Actus Software have been speaking to various financial institutions. The stage of progression in these financial institutions was often found to be the same. The new SM&CR regulations are on the agenda for discussion but no action has been taken. As such, we have outlined the steps that should be followed in preparation for the SM&CR extension.
Confirming classification and understanding where your firm sits within the Regime is the first step required. The FCA categorises firms into three separate areas and the extent of the actions required vary for each of these: Limited Scope, Core or Enhanced. In this blog, we talk more generally about the requirements for SM&CR. For more details visit the FCA guide here.
The next step for any firm is to consider who will hold a Senior Management Function (SMF) if you don’t already know. The FCA defines an SMF as: ‘a new type of controlled function under the Financial Services and Markets Act 2000’. In reality, it is likely to be similar to those already covered by the Approved Person’s Regime (APR). However, this is a good opportunity to ensure that people truly understand the extent of their responsibilities. This is because your firm will need to evidence acceptance of these responsibilities if challenged. Consider, for example, how you may be able to demonstrate ‘Point-in-Time’ evidence at short notice?
It must also be decided who fits within the Certification Regime. Once all functions have been agreed, a reason to justify why should be made. Which functions apply will depend on your firm type, details of which can be found in the FCA’s guide here. Once you have identified who falls into the Certification Regime, consider how you will certificate. Some do this as part of their annual appraisal, others have a parallel approach. Remember, the FCA’s requirements for the SM&CR regime are to ensure that everyone is aware of their responsibilities and are being held accountable. Is your certification process supporting this? Again, how easy is it for you to evidence your certification approach?
The next part of the process is creating Statement of Responsibilities (SoRs). SoRs is a single document that every Senior Manager (those that hold functions) will need to have. This document will need to set out their role and responsibilities. This document outlining the SoRs needs to be self-contained, not referring to other documents. You may need to send this to the FCA on request, so ideally it should be centrally held and easily accessible.
Good practice may require changes to existing contractual arrangements to reflect the SM&CR requirements. Such changes highlight to the FCA that the regime is being taken seriously and emphasise the importance of such requirements. Furthermore, this also provides the opportunity to show support and protection towards staff in response to any breach that occurs.
To accommodate the changes imposed by the extended Senior Management and Certification Regime, internal policies and practices may need to be changed. A firm may be called upon to provide: ‘Point-in-Time’ evidence of compliance at any time. Whereas spreadsheets or traditional HR Software may have previously provided a workaround, a more robust solution may be required. Our simple compliance software offers an affordable, effective solution to meet the requirements for SM&CR.
Above we have outlined how SM&CR should work in practice. It is important to note that the requirements are wide-ranging depending on the type of firm and will involve a variety of stakeholders to complete the process. Whilst the deadline for SM&CR compliance is December 2019, it is not too late to put the right measures in place to protect your SMF’s.
If you would like more information about how Actus Software can help you through the process, visit out Actus Comply page below. You may also like to read about how Performance Management and SM&CR integrate together to help with compliance and culture change.