Implementation of the Regime Across the rest of the Industry

Implementation of the Regime Across the rest of the Industry

 

 You can download a full copy of the slides from this webinar. 

 

 Download

 

Full transcript available below:

Welcome and thank you for joining today's webinar hosted by me, Bethany Sirven of MyComplianceOffice, and Gregory Brandman and Simon Collins of Eversheds Sutherland.

the core regime which will apply to probably quite a lot of the delegates on the call today. This sets out, again, trying to be proportionate, they have actually just selected effectively six governing and required functions. Some of those will be familiar to you. The interesting one is they've called specifically out the chair of SMF 9, again, relating back to my previous comments about how important the role of the chair actually is. Picking up all the executive directors as well. There's a nod very much the fact that a number of the firms within the extended regime are partnerships, so we have a new partner SMF as well, then typically your compliance and money laundry reporting officer.

Then the one limited scope function that is required, i.e., for the vast majority of consumer credit firms is SMF 29. The next slide if I may please. The enhanced regime. This really does reflect what the regime we have in place for banks and building societies at the moment. As you'll see from the slide, and I'm not going to go through all of it there, you're going to have to have a responsibilities map, handover procedures, and I'll come back to those a little bit later. You'll have a variety of different other senior managers with their prescribed responsibilities. The key for the regulator with these enhanced firms, as Greg says, about 350 firms will be caught by this is that all areas of the business are covered. That's why you've got this overall responsibility, that senior management function as well to cover things such as HR, IT operations, although they are also going to be introducing a new SMF 24 specifically for operations and technology as well.

The types of firm that are caught by the enhanced regime are the large firms, those effectively significant firms that could cause damage to a significant number of customers, and you've got them set out there in terms of firms with assets over 50 billion, intermediaries with more than 35 million in revenue, et cetera. The enhanced regime will not apply to limited-scope firms, or importantly to overseas branches as well, and in that case the overall responsibility requirement will not apply to those firms. If we could turn to the next slide please. The six criteria for assessing whether a firm will be in their enhanced regime. By the way, this is by entity only, so if you are a group with a variety of different firms all of which have a certain level, for instance, of funds under management, it is only if one of those entities actually exceeds and goes over the criteria that they will be caught by the enhanced regime.

For group firms you could well have a scenario where in fact you'd have a firm that is in the enhanced regime, a firm that is in the core regime, and even potentially a firm that's in the limited scope in certain sort of conglomerate organizations. There we've got the various criteria, what happens if a firm actually migrates to the new regime in terms of the enhanced regime, and if they do but then they cease to meet that criteria they will remain within a year. We have asked the regulator whether or not firms could opt up, in fact, to have the enhanced regime applying to themselves if they're close to that criteria. At the moment the regulator is quite clear they'd like certainly firms to be caught where that criteria is actually breached.

From that perspective we're unlikely to see the regulator encouraging firms to become enhanced albeit determined by your governance structure. It may well be that you do look at that more closely. The next slide please. All we have here, and I again am not going to go through these in detail, but these are the various functions that also apply in addition to those first ones. I've talked to the core regime there. As you will see they're calling out specific chairs of risk committees, audit committees, et cetera. SMF 7 just a note there, Greg mentioned about territorial aspects. This is the SMF that picks up, for instance, the overseas-based individual that is involved in the day-to-day running of the UK entity.

Next slide please. As Greg mentioned earlier, there are additional prescribed responsibilities adding on to those ones we covered under the core regime, and these just hone in a little further around specific functions, whether it be internal audit, whether it be compliance, whether it be the risk function. Understandably, these are set for those larger firms that are impacted in the enhanced regime. Next slide please. Just in summary on the impact on incoming UK branches. Again, very similar to the regime that exists today where you just have a requirement for two senior management functions, the 21 which is effectively the chief executive, and in addition to that the money laundering reporting officer. It may well be though that you appoint a number of SMF 21s determined by size if you are an incoming branch.

Next slide please. For the non-EEA branches, again, a similar regime to the one that exists at present where you have a wider scope of senior management functions and you do have prescribed responsibilities as set out there. Again, very much reflecting what we have in the existing environment. Next slide. Interestingly as part and parcel of the consultation the regulator took the opportunity to just try and, shall we say, tweak a few things that perhaps they hadn't thought about first time around, one of which being a responsibility for conduct rules. Interestingly enough, when I was at a session with the regulator not so long ago they actually stressed very importantly how they're judging the conduct rules and how firms actually implement them, the training arrangements, that they're not just a off-the-shelf arrangement, that it does reflect individual's roles and responsibilities as well. That's quite an interesting aspect there.

The 12 week rule as well, this is where there is an unforeseen circumstance. Again, that rule is going to be covered into the new regime as well. I've already made reference to SMF 27 around partnerships, because that's going to apply to banks as well, because actually the regulator realized there are a number of banks that are in fact partnerships. That has been quite a run through what we have in terms of the regime. We deliberately put quite a lot of information on those slides for you to be able to look back on for information. We're going to touch in a moment on implementing the regime in the final 10 minutes.

Just a point here in terms of some of the key supervisory areas that we've been considering over the course of the last 18 months or so. Talked about responsibilities maps. Firms have been reassessing those, making sure they have got good coverage, changing them as and when roles and responsibilities do change or new people come in. Similarly as we go round, statements of responsibility as well. Greg mentioned about the 300 words, very key in fact from the regulator's perspective that you are clear and concise and that you call out perhaps particular responsibilities, particular programs that you are responsible for.

For instance, if it's your role to implement or to be responsible for the implementation of GDPR, then they'd expect that to be covered. Fit and properness, we've touched on. There's a couple of more things I'll come back to on that. Whistle blowing has certainly been an issue whereby we've seen firms spending time on their training, appointing a whistle blowing champion, getting a culture of speaking up, I think, is where the regulator's looking for. Handovers, firms actually just making sure that there is a clear handover process. Some senior managers are using it as an opportunity to have a living will to keep track of how their roles and responsibilities are going.

We've touched on references and Greg is going to cover, now, the delegation area, so if we could have this next slide please.

Yes, thanks Simon. Just very briefly we wanted to highlight this, because it really is the newest rule of the nine, the five baseline, the four senior manager conduct rules. This is probably the most significant development in terms of a new rule. It obviously applies just to senior managers and imposes a requirement they take reasonable steps to ensure that any delegation of their responsibility is to an appropriate person and that they oversee the discharge of the delegated responsibility effectively. This, as I had mentioned earlier, has always been a non-binding guidance, if you like, under the APER code of practice, but it is now a mandatory rule, because it's really part and parcel of this new accountability framework, but where senior managers, as they're often required to do, delegate the performance of their responsibilities to other individuals it's important to ensure that that is a delegation and not an abrogation.

There's a wealth of guidance about what compliance with this rule looks like, and it emphasizes the fact that while you can delegate performance, you cannot delegate responsibility or accountability and that you need to supervise and monitor adequately the performance of your delegate, which means regular one-to-ones, progress reports, oversight, effective oversight. If you can't demonstrate effective oversight of your delegee's performance, you will not be carrying out reasonable steps in accordance with the prescribed standards.

The classic example is if you delegate the performance of certain of your responsibilities to a chimpanzee and all they do for the next six months is throw bananas at people, that's going to be a problem for you. It's not necessarily going to be a problem for your delegee at all, although it might be, but it's certainly going to be a problem for you as a senior manager. That's going to be a breach of senior management conduct rule three, for which you will be subject to enforcement action by the regulator. As I mentioned, a wealth of guidance in the code of conduct section of the new handbook, that's COCON, not just in relation to senior manager conduct rule three, of course, and what good looks like, but in relation to all of the senior manager and baseline conduct rules. Back to you Simon.

Yeah. There's a slide there on references. The reason we've put that in under the implementation is simply that this is causing firms some degree of consternation in terms of getting some of the detail right. Greg mentioned a little earlier around the templates. There's a wonderful section, the template section G, which is a catchall for anything that has gone wrong potentially with the individual, and typically this is where, for instance, a firm starts an investigation, an individual is perhaps associated with this investigation and suddenly they resign and therefore the investigation can't be complete. Then what the regulator's anticipation is there that you would make reference to that in section G, i.e., you're not saying that necessarily that individual had breached rules, but that they were under some form of investigation.

The way the rule has always worked historically is to impose an obligation on regulated firms to respond within a reasonable period of time to another regulated firm seeking a reference for a prospective new employee and provide relevant information, typically material reasonably relevant to an assessment of fitness and propriety. Now there is an obligation on the prospective employer to seek references from the current employer and we've already been through at a how level how that obligation breaks down, so it's not just an obligation to respond within a reasonable period of time to receipt of a reference request. You've actually got to go out and attain a reference and, as Simon says, there is a template set out in the relevant part of SYSC which requires the completion of various sections, and quite a considerable degree of information, including this section G, which requires you to provide any other material of potential relevance.

That's not necessarily pejorative material, of course, there may well be all sorts of positive things that you might wish to say by way of context or mitigation certainly where you've previously taken disciplinary action against an individual. It's not just a question of putting the boot in in that section of the reference form. There might be some positive stuff that you'll wish to say about your departing employee as well.

 

Download our whitepaper "Senior Managers and Certification Regime. How to Prepare Your Organisation"

 

This webinar was co-hosted with Eversheds-Sutherland www.eversheds-sutherland.com

Find out how MCO can help

Request a demo today to learn how MyComplianceOffice puts you in command of your compliance program, synchronizing your business needs with regulation. 

Request a Demo

 

MCO_brochure-image.png

Download our four page Portfolio of Solutions to learn about;

  • Personal Trade Monitoring
  • Gifts & Entertainment
  • Political Contributions
  • Third Party vendor risk management
  • Trade surveillance
  • And more

Brochure Download