Lesson 2: Begin at the Top
You can download a full copy of the slides from this webinar.
Interested in learning more about SMCR?
Download our whitepaper; 'Senior Managers and Certification Regime - How to Prepare Your Organisation'.
Full video transcript available below:
Okay, it's a couple of minutes past the hour, so hello everyone, and welcome to today's webinar hosted by me, Stephen Taylor, Chief Commercial Officer at MyComplianceOffice. And Liz Hornby, Principal Learning Consultant at Eukleia. Today's webinar is titled The Senior Managers and Certification Regime: Five Lessons Learned from the Banking Sector.
So, let's look at that in a little bit more detail. If we move on to the next slide, we'll see how this sort of roll out might look in terms of the categories of individuals within your firm that you need to communicate with and train.
Your training program and communication program is going to apply at three main levels of the firm. The first one you can see there, we've got the senior managers. They are not entirely, but almost exclusively your board members. There may be a layer beneath that that are also called by the definition of senior manager. We've then got the certified persons, so those people who need to be trained on the certification regime and also the rules that will apply to them. And then at the bottom there, we've got the conduct rules, which apply more broadly beyond those two categories to other conduct rules staff as well. So, everyone within the organization bar a very small exclusion will have to be trained under the new regime.
So, if we move on to the next slide, we'll look at that in a little bit more detail starting with senior managers. So, the senior managers will have to have a good understanding of the corporate governance changes within their organization. So, this is a good time to really be doing a bit of housekeeping, seeing what you've got in place now, and doing a gap analysis between what you have now and where you need to get to before the implementation of the regime for your firm. That will really help, I think, with the workflows and to get you to where you need to be, and I think it's important, as I said earlier, not to underestimate how long that takes to put in place and to do it properly.
If we move on to the next slide, we'll see there I've put some examples of the sorts of things that you need to be looking at. So, the regime covers things like making sure your organization charts are clear and up to date, that you've got terms of references for all your committees and any other governance forums that you have in place, detailed job descriptions. All of those will help, for example, with the requirements around controls, compliance, and, particularly, delegation, which are all features of the senior manager conduct rules under the new regime. I've also mentioned their board competency and culture assessments. I think this is an area that we've seen increasing under the new regime, firms wanting to be able to demonstrate that they have assessed that their board, both collectively and individually, is fit and proper under the regime, not only to give assurance to the firm, but also to give assurance to the fellow senior managers that make up that board to make sure that they can have confidence in the rest of the board members.
Okay, so if we move on to the next slide, you can see I've listed there in particular, headline changes around the statements of responsibilities for senior managers and the responsibility maps. These are a very key feature under the regime. This is where a firm documents what individual senior managers are responsible for within the firm. So, I like to think of that as almost like a tripod-type agreement or contract between the firm, the individual senior manager, and the regulator. Obviously, this is a really important document because if anything goes wrong within the organization, the regulator will look at the statement of responsibility to identify who they will look to for an explanation as part of the investigation process.
So, it's important to get those right. The regulators do provide quite a lot of guidance as to the content and also to the lengths of those documents. They don't want them to be over wordy or in legalese. They want them to be a clear statement of who is responsible for what. You've also then got the responsibility map, which is basically the collection of the statements of responsibility. The regulators will be looking to see if there's any overlap or underlap between those statements of responsibilities so that they have a complete picture of who's responsible for what under the corporate governance structure.
I've also mentioned, there, very importantly, the reasonable steps test. The word or the phrase reasonable steps appears throughout C-Con, and particularly in the senior manager conduct rules. I think it's important for senior managers to understand in practical terms what is meant by reasonable steps. That's not an easy thing to do, as the regulators are silent on the standard that's expected, so it is for each firm to really sit down and decide for themselves what they think reasonable steps mean in the context of their own firm. And I think, in part of the preparation, a useful thing to do within the firm is perhaps to workshop what the firm thinks reasonable steps are in relation to general application policies, maybe things like delegation, how the firm's going to handle breaches, et cetera. By doing that, it means that the firm can build up and establish its own objective standard of what it thinks reasonable steps are, and then that's the standard that they can then hold themselves to should something go wrong within the firm. And I think that helps to demonstrate to the regulator that the firm has taken reasonable steps.
Okay, let's move on to the next category, which is our certified persons. A lot of the certified persons will have been approved persons under the approved persons regime. For those people, they will have some understanding and awareness of the concept of individual accountability to a regulator. As I say, for others, this will be new. The category doesn't map directly or precisely across from approved persons, so you will have some senior people who weren't previously approved persons who will now be caught under this category. You've also got some aspects of the certified persons regime that will be new to everyone, regardless of their registry heritage, so I've listed some of the areas there that you will particularly need to focus on because they will be new within the firm.
The first one is the concept of the firm conducting the certification rather than a regulator. This is quite a big change for the industry and I know has been covered quite extensively in the press recently, particularly the fact that they will be for banks, there is no external register of people who are certified persons. And I know that's something that's being looked at the moment, but I think it's important that employees understand that just because the certification is moved in house, it's not a lesser form of certification, and it's still extremely important. Also, we've got the fact that the certification is now an annual process. So again, that's a big change for approved persons. It's not a one-off process when someone takes on the role, but it's something which needs to be carried out on an annual basis.
We've also got the new stringent reporting requirements for breaches of conduct rules, so that's an area that we're going to be looking at the end of the session, and it's important to make sure that you have very clear processes in place as to how and where employees report internally potential conduct rule breaches.
We've then got the framework for regulatory references, and this is an area which causes quite a lot of concern for obvious reasons to people within the regime. They know that if they move to another firm, the fact that they've had a conduct rule breach will be, not only notified to the regulator on the annual notification process, but also will be part of their reference. Obviously, this is a huge area of anxiety for individuals as to how this will work, because obviously having a regulatory reference with a conduct rule breach in it will have a big impact on their future job prospects. It's also an area for management and HR teams to think about as to how they will respond if they have a potential new employee to their firm who has a regulatory reference with a conduct rule breach in it.
Okay, so finally, let's move on to the other conduct rule staff, just to sort of complete the three categories there. As I've mentioned, the conduct rules do apply to everyone within the firm, apart from a very small exception for ancillary staff. People who are, for instance, in catering or who are an exception within your firm. To give two examples, there is a list within the FCA handbook. Some firms have chosen to actually include this group within their training and simply to say that if you fall within this definition, you won't have a direct obligation to the regulator, but that the firm still expects that that category of staff will comply with the standards contained in the conduct rules. Obviously, that's for each firm to decide for themselves how they want to roll that out.
This webinar was co-hosted with Eukleia.com