26 January 2018 by Lucy McClements
The extension of the regime is excessive for most smaller to medium-sized firms
The long-awaited Financial Conduct Authority (FCA) consultation on extending the Senior Managers and Certification Regime (SMCR) to most of the financial services industry has sent compliance consultants into a frenzy.
In their efforts to capitalise on another regulatory change, consultants are predicting more enforcement action against senior individuals, difficulties in recruiting senior staff, fundamental changes to organisational structures and governance processes, as well as the inevitable burden of more policies and procedures.
Although some of these scenarios are plausible, there is an alternative story that not much needs to change – or at least not much needs to change for those who already take their regulatory responsibilities seriously.
Wind back the clock to 2013 and you may recall the damning report by the Parliamentary Commission on Banking Standards highlighting the apparent lack of accountability by some top bankers during the financial crisis. One of their key recommendations was the implementation of SMCR, which aimed to drive up professional standards and culture in the banking sector.
Fast-forward two years, and before the new regime had even been applied to deposit takers, the Treasury announced it would be extended to most of the financial services industry by the end of 2018.
Roughly 47,000 firms will be affected, ranging from the largest asset managers, through to sole traders, and even those companies where financial products are secondary to their core business: for example, motor dealers or vets offering insurance broking services.
“The FCA has rarely found it difficult to bring enforcement action against individuals in small and medium-sized firms”
Many commentators regarded the extension of the regime to be inevitable, yet few reflected whether it would achieve its purpose.
First and foremost, the FCA and its predecessor organisation the Financial Services Authority have rarely found it difficult to bring enforcement action against individuals in small and medium-sized firms, simply because the lines of responsibility and accountability are oftenclearer.
If the core purpose of extending SMCR is to bring more individuals to account, then why choose a hammer – for larger, more complex firms – to crack a nut?
Secondly there are several important, often overlooked, similarities between the existing regime, much maligned by the Parliamentary Commission on Banking Standards, and SMCR.
For example, the conduct rules that require individuals to act with integrity are substantively the same as the current Approved Persons principles. Equally there has always been a requirement for key staff to be fit and proper as well as competent and capable under existing training and competence requirements.
My experience suggests that almost all firms recognise the importance of clearly allocated responsibilities, ongoing staff training, effective due diligence during recruitment, and appropriate oversight.
Well-managed companies understand the positive correlation between good risk management and commercial success; they already adopt processes and procedures to deal with the inherent risks to their business, albeit tailored to their own circumstances. SMCR simply codifies the regulators existing expectations with the unfortunate by-product of swathes of additional paperwork.
As it happens, I suspect that regulators would have preferred politicians to have left them to their own devices on this issue.
The new regime might speed up an enforcement case against an individual because there will be fewer opposing judgments to debate, but regulators (and ultimately consumers) will have to rely on firms to vet and oversee staff in customer-facing roles via the new certification regime.
The consequential reduction in the number of directly-approved positions means that the absence of a regulatory backstop could leave some consumers even more exposed to poor advice or misselling than before.
Importantly, for those firms who have taken a less than proactive approach to their compliance responsibilities, one can only conclude that the new regime will bring many benefits, not least a more closely defined set of expectations that can no longer be ignored without consequence.
There are some key differences between the current and new regimes, which can only sharpen the focus on individual accountability and should result in weaker firms stepping up their game. The most notable is the ‘duty of responsibility’.
“For those firms who have taken a less than proactive approach to their compliance responsibilities, one can only conclude that the new regime will bring many benefits”
This enables regulators to censure those who have failed to exercise appropriate skill, care and diligence in carrying out their responsibilities, even where they have been delegated to others.
Similarly the conduct rules will reach across all but ancillary staff, such as cleaners or security staff, which is far beyond the scope of the existing Approved Persons principles.
In response to the challenge of a ‘one size fits all’ approach, the FCA has sought to take a proportionate stance by applying only certain elements of the regime to smaller or safer firms.
For example, the authority estimates that at least two-thirds of 47,000 firms affected will be classified as ‘limited scope’. Unfortunately, the way the legislation has been written has left regulators with less room to move than they might wish.
Even the most ardent supporter of soon defunct Approved Persons framework would struggle to defend its failure to let regulators bring senior staff to account in large, complex multinationals.
But lines of delegation and accountability, even when not written down, are easy to pinpoint within small and medium-sized firms. Therefore, extending SMCR to most of the rest of financial services might prove over-zealous, simply leading to more paperwork to show compliance with the letter, but not the spirit, of the new regime.
Given the political origins of SMCR, it would be wise to assume that things could change between now and the publication of the final rules, likely in spring or summer of this year, with the distraction of Brexit just around the corner.
Inevitably the compliance functions of financial services firms will need to keep a watching brief, but those smaller to medium-sized firms who have been applying the existing Approved Persons Regime with appropriate rigour should be well-placed to comply with minimal exertion. Many firms may have a lot less to worry about than they think.